cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1997
Views
0
Helpful
7
Replies

Cisco 2960 share internet connectivity

brabec.ondrej
Level 1
Level 1

Hello all,

I would like to ask for help with following setup.

Internet --> Cisco ASA 5515X --> 2 Gbits etherchannel --> Cisco 2960T-48 --> 40 customers, each has own VLAN

Cust 1 -- VLAN 10 --port Fa0/1

Cust 2 -- VLAN 20 --port Fa0/2

Cust 3 -- VLAN 30 --port Fa0/3

Cust 4 -- VLAN 40 --port Fa0/4

Cust 5 -- VLAN 50 --port Fa0/5

etc

I have to provide sharing internet connectivity for all customers.

Speed is 100 Mbits, I have to garantee 3 Mbit to every customer and max speed will be not limited.

ASA do routing, firewalling, nat etc. In my opinion router would be better device than ASA in this case.

But I have to find solution.

Any idea pls?

Any help appreciate.

Best Regards.

Ondrej

7 Replies 7

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Have a look at this discussion for examples and links:

https://supportforums.cisco.com/thread/2040620

HTH

Hi Reza,

thank you for your hint. I still hope, that policing is not only one solution.

I can police every customer to 3 Mbits, but when line is not bussy, he will he still only 3 Mbits.

I would like to allow him use more bandwitdh..

Ondrej

smehrnia
Level 7
Level 7

Hi,

a Layer 3 switch or a router would do just fine   but i would prefer a layer 3 switch, limitting extra hardware and configurations!

plz Rate if it helped.

Soroush.

Hope it Helps!

Soroush.

At my knowledge you will not be able to guarantee traffic with an ASA device (you can only police traffic).

You will need a router facing the internet connection.

Also you will need to be able to route between VLANs, so you will need a layer 3 switch, Cisco 3750 for example, or configure inside interface on routes as trunk.

Also is a good idea to use private VLANs, if customers don’t need to see each other, and to spare public IPs (if customers will have public IPs).

Samuel Petrescu

Hi Samuel,

thanks a lot.  Routing between VLANs provide ASA, but in this case is not desirable.

Customers should not see each other in their networks.

I'm going to find out the best solution with the hardware I allready have.

Ondrej

Hi Soroushm,

thank you for your idea, I agree with you. L3 switch is able to do per VLAN qos, router is, imho, the best choice for QoS.

But I have ASA and L2 switch and I have to somehow deal with it :-|

Ondrej

hey brabec,

for your idea to work, u need to do traffic shaping on the egress (internet) port on a per vlan (IP RANGE) basis. what you need to do is to use MQC to define your traffic class (each vlan) and put a bandwidth value of 3000 [kbps] remainig keyword> but for this to work. u cant use neither 2960 nor the ASA. so... i dunno how u wanna deal with this limitations, as I've read abt ASA: (the only traffic class supported for traffic shaping is class-default, which matches all traffic.)

so let me know what u figured out later.

thx.

plz Rate if it helped.

Soroush.

Hope it Helps!

Soroush.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco