3750/3850 - limit host access port from 1GB to 100mbps?

aamercado · ‎12-01-2016

Hi

I like to prevent users from randomly downloading large stuff off the internet. I am thinking just limit host access port from 1GB to 100mbps on my campus 3750 and 3850 stack access switches?

If so, any sample configs. Anyways, I have

policy-map 100Mbps
class class-default
bandwidth remaining percent 10

interface GigabitEthernet1/0/1
switchport access vlan 182
switchport mode access
service-policy output 100Mbps

If there is other alternatives or options, can you share your solutions that work?

Thanks

Iulian Vaideanu · ‎12-02-2016

If they are RJ45 ports you could just try "speed 100"...

Joseph W. Doherty · ‎12-02-2016

Don't believe the 3750 series will support an egress service-policy.

If the 3850 does, and if it works like routers, your bandwidth statement will not limit throughput. You would want to police, or perhaps shape (if supported), at 100 Mbps. You might limit the policer, or shaper, to public IPs (i.e. not slowing internal LAN traffic).

aamercado · ‎12-02-2016

I found 2 resource so just go down a bit for vlan-base QoS on this guide

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html#wp81660

and

http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html#policingvsshaping

ip access-list extended limit_100mbps

permit ip any any

class-map match-any limit_100mbps

match access-group name limit_100mbps

match vlan 182 ß----------------------------------This is my Data VLAN

policy-map limit_100mbps

description LIMIT DESKTOP DOWNLOADING FROM INTERNET

class limit_100mbps

police 100000000 800000 conform-action transmit exceed-action transmit

set dscp default

interface GigabitEthernet1/0/2

service-policy output limit_100mbps

Now to test. I notice that I can't get this to work with voip auto qos but on a plain data vlan, the configs take. Just need to test. Any further comments will be appreciate on this. Thanks