Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2183
Views
0
Helpful
7
Replies

Cisco 2960 share internet connectivity

brabec.ondrej
Level 1
Level 1

‎05-19-2012 05:52 AM - edited ‎03-07-2019 06:47 AM

Hello all,

I would like to ask for help with following setup.

Internet --> Cisco ASA 5515X --> 2 Gbits etherchannel --> Cisco 2960T-48 --> 40 customers, each has own VLAN

Cust 1 -- VLAN 10 --port Fa0/1

Cust 2 -- VLAN 20 --port Fa0/2

Cust 3 -- VLAN 30 --port Fa0/3

Cust 4 -- VLAN 40 --port Fa0/4

Cust 5 -- VLAN 50 --port Fa0/5

etc

I have to provide sharing internet connectivity for all customers.

Speed is 100 Mbits, I have to garantee 3 Mbit to every customer and max speed will be not limited.

ASA do routing, firewalling, nat etc. In my opinion router would be better device than ASA in this case.

But I have to find solution.

Any idea pls?

Any help appreciate.

Best Regards.

Ondrej

Labels:
0 Helpful
7 Replies 7

Reza Sharifi
Hall of Fame
Hall of Fame

‎05-19-2012 06:32 AM

Hi,

Have a look at this discussion for examples and links:

https://supportforums.cisco.com/thread/2040620

HTH

0 Helpful

brabec.ondrej
Level 1
Level 1
In response to Reza Sharifi

‎05-19-2012 01:27 PM

Hi Reza,

thank you for your hint. I still hope, that policing is not only one solution.

I can police every customer to 3 Mbits, but when line is not bussy, he will he still only 3 Mbits.

I would like to allow him use more bandwitdh..

Ondrej

0 Helpful

smehrnia
Level 7
Level 7

‎05-19-2012 07:37 AM

Hi,

a Layer 3 switch or a router would do just fine   but i would prefer a layer 3 switch, limitting extra hardware and configurations!

plz Rate if it helped.

Soroush.

Hope it Helps!

Soroush.
0 Helpful

Samuel Petrescu
Level 1
Level 1
In response to smehrnia

‎05-19-2012 11:02 AM

At my knowledge you will not be able to guarantee traffic with an ASA device (you can only police traffic).

You will need a router facing the internet connection.

Also you will need to be able to route between VLANs, so you will need a layer 3 switch, Cisco 3750 for example, or configure inside interface on routes as trunk.

Also is a good idea to use private VLANs, if customers don’t need to see each other, and to spare public IPs (if customers will have public IPs).

Samuel Petrescu

0 Helpful

brabec.ondrej
Level 1
Level 1
In response to Samuel Petrescu

‎05-19-2012 01:32 PM

Hi Samuel,

thanks a lot.  Routing between VLANs provide ASA, but in this case is not desirable.

Customers should not see each other in their networks.

I'm going to find out the best solution with the hardware I allready have.

Ondrej

0 Helpful

brabec.ondrej
Level 1
Level 1
In response to smehrnia

‎05-19-2012 01:20 PM

Hi Soroushm,

thank you for your idea, I agree with you. L3 switch is able to do per VLAN qos, router is, imho, the best choice for QoS.

But I have ASA and L2 switch and I have to somehow deal with it :-|

Ondrej

0 Helpful

smehrnia
Level 7
Level 7
In response to brabec.ondrej

‎05-19-2012 01:58 PM

hey brabec,

for your idea to work, u need to do traffic shaping on the egress (internet) port on a per vlan (IP RANGE) basis. what you need to do is to use MQC to define your traffic class (each vlan) and put a bandwidth value of 3000 [kbps] remainig keyword> but for this to work. u cant use neither 2960 nor the ASA. so... i dunno how u wanna deal with this limitations, as I've read abt ASA: (the only traffic class supported for traffic shaping is class-default, which matches all traffic.)

so let me know what u figured out later.

thx.

plz Rate if it helped.

Soroush.

Hope it Helps!

Soroush.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card