Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7629
Views
5
Helpful
3
Replies

Inbound & Outbound per-port bandwidth limitation

0x5869697068
Level 1
Level 1

‎02-22-2013 10:45 AM - edited ‎03-07-2019 11:53 AM

The question:

I'm intending to purchase a switch for work,and I need to limit the bandwidth of one of the ports to 25 Mbit upload and 25 Mbit download (we have 100/100 Mbit connection and the customer is only paying for 25). I been trying to find information on how this could be "properly" done and what kind of switch I need to buy. As far as I have understood, most L2+ switches support outbound rate limiting, but not inbound, and as I only want the customer to have 25 mbit up and down, I need both.

I been looking at a Cisco Catalyst 3560 switch, and I'm first and foremost wondering if I can limit the inbound AND outbound bandwidth on this switch?

Perhaps it can even be done on a simpler, cheaper, switch - as I rather not spend more money then necessary?

If it can't be done, could someone perhaps point me in the direction of a switch that can do it?

Lastly, does anyone know how to do it, limit the inbound and outbound bandwidth on a single port (perhaps on the above mentioned switch, if possible), to 25 Mbit? And could the person in possession of this knowledge share it with me?

--

I hope it made sense, and I apologize if this question has been asked a gazillion times before, but I'm new to this rate limiting/traffic shaping/qos business, and I'm lost, even after googling for quite a while now (read hours). Most answers I found were either irrelvant, confusing or outdated. I also tried searching the forums but realised I need someone to answer my specific questions, for me to understand properly and also get some shopping advice.

Thank you for you time,

0x586969

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Alessio Andreoli
Level 5
Level 5

‎02-22-2013 05:52 PM

Hi Xii,
The 3560 support policing (you can apply it on both direction a and CAR). You can rate-limit below the interface configuration as well. I do not believe you need a layer 3 switch from your description... If you can afford (from a design perspective ) a router that would be better. Please check the IOS you need for these features and post your design for a better help from this forum.

Take care
Alessio

Sent from Cisco Technical Support iPad App

0x5869697068
Level 1
Level 1
In response to Alessio Andreoli

‎02-25-2013 08:51 AM

Hi Alessio,

Thanks alot for taking the time and effort to reply and help me out, very much appreciated!

Bear with me, I will attempt to explain how our network structure looks today and what I'm after.

Current setup


                       Public IP A

        Switch(2)* --- Router(2) (Ours, Simple soho router) --- Tenants network

            |

            |         Public IP B

ISP --- Switch(1) --- Router(1) (Ours, Cisco SA 540) --- Our private network

* With really bad and unreliable rate limiting, old HP ProCurve Switch

Thats about what we have today. The reason we have two switches after each other like that, is because there is only one cable going through the floors, so we need a switch/router which is capable of handling bandwidth limiting inbound & outbound traffic at that floor.

This is what I had in mind - feel free to come with suggestions

        Public IP C

        Rate limited in switch to 25/25 Mbit

        Router(3)*** (Tenants, we have no control) --- Specific tenant net

            |

            |           Public IP A

            |           Rate limited 10/10 Mbit in switch

        Switch(2)** --- Router(2) (Ours, SoHo router) --- Tenants network

            |

            |         Public IP B

ISP --- Switch(1) --- Router(1) (Ours, Cisco SA 540) --- Our private network

** A new one (as mentioned above I was thinking of a Catalyst 3560) with fairly reliable inbound & outbound rate limiting, tossing the HP ProCurve out

*** This tenant require a "dedicated" connection (rate limited both ways) with a public IP of their own, wanting to VPN to this network from home, reaching their servers etc. They have their own router and I figured the simplest for us was to expose them their router directly to the internet, letting them configure their own firewall/port forwarding. Avoding putting them behind a second firewall, which in turn need to forward the right stuff to their router.

That is what I had in mind. Perhaps I should be buying a proper router instead, replacing Router(2), and Switch(2) with it.

Rate limiting per-port, one with 25/25, and one with 10/10. Perhaps its possible to DMZ the port/connection to the Router(3)? Would this allow their router (Router(3)) to get its own public IP? Would the DMZ be reliable enough to not interfere with their VPN and other types of connections they set up in their router?

If I would not use the Catalyst 3560 Switch (perhaps 2960 would suffice?), what did you have in mind? When you say router, do you mean a router such as the Cisco 881 Integrated services router? Or a firewall such as Cisco SA520? Or maybe the more advanced (I think) Cisco ASA5505?

I dont really know what feature is required for the inbound & outbound per-port bandwidth limiting, so I dont know what to look for in the feature set.

I'm out in deep waters here, so any help greatly appreciated, and I apologize for my lack of knowledge.

Thanks alot in advance,

Xii

---

Edit: Changed to mono type font for network map

0 Helpful

LyncolnAC
Level 1
Level 1
In response to 0x5869697068

‎04-11-2013 06:25 AM

Hi man,

I have the same problem and was lookig for an solution for a long time. Unfortunately I was not able to find a cisco equipment with this feature.

But, I had success with a 3com 4500 swicth (2005 model). Following a peace of my 3com configuration.

<4500_T2>display current-configuration

#

interface Ethernet1/0/1

stp edged-port enable

broadcast-suppression PPS 3000

priority trust

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/2

stp edged-port enable

description User 2 Mbps

broadcast-suppression PPS 3000

priority trust

traffic-limit inbound ip-group 2001 rule 0 2048 exceed drop >>>>>>>>(2 Mbps)

line-rate outbound 2048

#

interface Ethernet1/0/3

stp edged-port enable

broadcast-suppression PPS 3000

priority trust

port access vlan 30

traffic-limit inbound ip-group 2002 rule 0 2560 exceed drop >>>>>>>(2,5Mbps)

line-rate outbound 2048

#

interface Ethernet1/0/4

stp edged-port enable

description User 3

broadcast-suppression PPS 3000

priority trust

traffic-limit inbound ip-group 2003 rule 0 1024 exceed drop

line-rate outbound 1024

#

interface Ethernet1/0/5                  

stp edged-port enable

description 7 Mbps

broadcast-suppression PPS 3000

priority trust

traffic-limit inbound ip-group 2017 rule 0 7232 exceed drop  >>>>> (7Mbps)

line-rate outbound 7232

See, the firmware version is

Version 3Com OS V3.01.00s56p01

Maybe, you can find newer models with different commands but this is an direction,

Good luck.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card