Solved: Re: Cisco 2960S QoS configuration doesn't work

frankie_sky · ‎04-23-2013

Hi all,

Recently I'm helping my client to setup their network and he want me to limit user access internet bandwidth to 2 Mbps and the topology show below.

Users ---> Switch ---> NAT Router ---> (int gi1/0/24 - qos apply) Edge Switch ---> INTERNET ROUTER (12Mbps) --->> INTERNET

This is my configuration, but it doesn't work, the end user still able to get more than 2Mbps internet speed.

access-list 100 permit ip any any dscp default

class-map match-all QoS_Floor_Limit

match access-group 100

!

policy-map QoS_Floor_Limit

class QoS_Floor_Limit

police 2000000 8000 exceed-action drop

set dscp default

class class-default

police 2000000 8000 exceed-action drop

set dscp default

interface GigabitEthernet1/0/24

switchport access vlan 200

switchport mode access

mls qos trust dscp

service-policy input QoS_Floor_Limit

end

Anyone having the same request before and can give me a guide.

many thanks.

Frankie

noticketnomas · ‎04-23-2013

You only have a policy applied to the ingress. You need to shape the egress (download speed) as well. I believe the 2960S won't let you apply a policy-map to the egress (correct me if I'm wrong), so you will have to use "srr-queue bandwidth limit [10-90%]", meaning you also have to set the port auto-negotiation advertised speed to 10.

Once the client is linked at 10mbps, then apply "srr-queue bandwidth limit 20".

View solution in original post

Joseph W. Doherty · ‎04-23-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The way your policy is written, you have two classes that will permit 2 Mbps, i.e. you could have 4 Mbps aggregate.

You're also only policing in one direction, i.e. you could download more than 2 Mbps.

So, for the end user able to obtain more than 2 Mbps, doing what? What stats are you monitoring?

noticketnomas · ‎04-23-2013

You only have a policy applied to the ingress. You need to shape the egress (download speed) as well. I believe the 2960S won't let you apply a policy-map to the egress (correct me if I'm wrong), so you will have to use "srr-queue bandwidth limit [10-90%]", meaning you also have to set the port auto-negotiation advertised speed to 10.

Once the client is linked at 10mbps, then apply "srr-queue bandwidth limit 20".

frankie_sky · ‎04-24-2013

HI Wilson,

My client have new request but i think is technical limitation. User request download speed at 7Mbps but Upload speed at 18Mbps. Since the interface has speed has set to 10 as below.

interface GigabitEthernet1/0/20

description 12th_Floor

switchport access vlan 200

switchport mode access

bandwidth 61440

speed 10

srr-queue bandwidth limit 70

mls qos trust dscp

end

After configure above setting the download speed is exactly to 7Mbps but upload speed at most only at 10Mbps. Hope someone can give me a guide.

thanks

rgds,

Frankie

Joseph W. Doherty · ‎04-25-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

My client have new request but i think is technical limitation. User request download speed at 7Mbps but Upload speed at 18Mbps. Since the interface has speed has set to 10 as below.

interface GigabitEthernet1/0/20

description 12th_Floor

switchport access vlan 200

switchport mode access

bandwidth 61440

speed 10

srr-queue bandwidth limit 70

mls qos trust dscp

end

After configure above setting the download speed is exactly to 7Mbps but upload speed at most only at 10Mbps. Hope someone can give me a guide.

Well that's curious, as the bandwidth limit is supposed to impact egress bandwidth, not ingress bandwidth. I.e. you have 10 in and 7 out.

For egress at 18, if you can run the link at 100 Mbps, you can then use a bandwidth limit of 18, although note bandwidth limit isn't very exact.

You other option, which also requires running interface at least at 100 Mbps, would be to enable QoS, push all traffic to one queue, and shape it to 18 Mbps.

frankie_sky · ‎04-25-2013

Hi Joseph,

Thanks for reply. This is what I have done for my client, but the egress only can limit up to 10Mbps not 6Mbps because the SRR configuration is range from 10-90 not from 1-90 but the ingress is able to limit till 18Mbps.

access-list 100 permit ip any any

class-map match-all ING_QoS

match access-group 100

policy-map ING_Floor_Limit

class ING_QoS

police 18873000 48000 exceed-action drop

set dscp default

interface GigabitEthernet1/0/20

description 12th_Floor

switchport access vlan 200

switchport mode access

speed 100

srr-queue bandwidth limit 10 >>> I think this is the problem cannot set to parameter - 6

mls qos trust dscp

service-policy input ING_Floor_Limit

end

Is there any other to limit the egress port to 6Mbps.

Thanks

rgds,Frankie

Joseph W. Doherty · ‎04-26-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Ah, I didn't noticed you're regulating ingress and egress rates, not on the Internet port, but on the LAN port.

If your total aggregate uplink bandwidth to the Internet is 18 Mbps, then you can use bandwidth limit of 18 there, if the port is configured at 100 Mbps.

Otherwise, as I noted in my last post, for g1/0/20, you can shape the its egress to 6 Mbps, but you need to enable QoS, map all markings to a single egress queue, and the use SRR to shape that queue at 6 Mbps, e.g. srr-queue bandwidth shape 17 0 0 0.

See http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/15.0_1_se/configuration/guide/swqos.html#wp1163879 for additional explanation.