Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2456
Views
0
Helpful
1
Replies

SG350 qos limit internet bandwidth for network

Go to solution
samuel.cornielle
Level 1
Level 1

‎01-30-2018 08:03 AM - edited ‎03-21-2019 11:20 AM

With this Cisco SG350, the idea is to limit the internet bandwidth for computers on certain network while not limiting LAN speed.

 

I create an ACL with ACE that matches that type of traffic (WWW and HTTPS), create the class map that matches that traffic with previous ACL, create a policy class map with a CIR of 512Kbps and CBS of 128000 bytes and exceed action is DROP.

 

But when I try to bind that policy as output on a port it says: "Egress policy map 'p2' has a class action that is not supported as egress." I suppose it is referring to the action Always Trust when I create the policy class map but none of the other options would work neither.


Can anyone please walk me through the steps in case I am missing something? Is this switch able to do the job or is it software limited? I can also provide more details if needed.

Labels:
Preview file
25 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
samuel.cornielle
Level 1
Level 1

‎02-02-2018 02:52 PM - edited ‎02-02-2018 02:52 PM

Ok I sorted it out, I will explain in case it can help other folks out there. Instead of binding the policy on the port connected to the host as egress, I changed the ACE a bit to apply it to the WAN facing port as ingress.

 

Secondly, I was using speedtest.net to measure results and wrongfully assumed that their server was answering from port 80 but that's just the front facing side, good ol' Wireshark allowed me to see it was in reality 8080. LAN to LAN throughput is untouched. Of course, to complete the goal I would have to expand the ACE but for testing purposes this is okay.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
samuel.cornielle
Level 1
Level 1

‎02-02-2018 02:52 PM - edited ‎02-02-2018 02:52 PM

Ok I sorted it out, I will explain in case it can help other folks out there. Instead of binding the policy on the port connected to the host as egress, I changed the ACE a bit to apply it to the WAN facing port as ingress.

 

Secondly, I was using speedtest.net to measure results and wrongfully assumed that their server was answering from port 80 but that's just the front facing side, good ol' Wireshark allowed me to see it was in reality 8080. LAN to LAN throughput is untouched. Of course, to complete the goal I would have to expand the ACE but for testing purposes this is okay.

0 Helpful
Customers Also Viewed These Support Documents