Solved: Ok so I've taken a look at

Christopher Wibberley · ‎06-07-2016

Hi,

I've been reading a number of different resources but cannot say (with any confidence) that I understand how I can achieve something. I've been asked to install a switch for a business park. Each tenant will have their own individual switch port. I've proposed a Cisco 2960X LAN Base.

Each tenant needs the bandwidth limiting, and I was hoping I could do this on a per-port basis. However, this needs to be limited in both directions.

Looking at policers, I understand that they may only be applicable for ingress traffic (upload, from the tenant's view). To use a policer for the tenant's download traffic I'd have to configure this on the port connecting to the main internet router, which will have all return traffic from all tenants traversing it - not something I can police very well. Or, I may be getting this completely wrong.

Is there an easy way of simply limiting bandwidth in both directions on individual switchports?

Kind regards,

Chris.

Philip D'Ath · ‎06-08-2016

I wouldn't say it was impossible on a 2960, just much harder and ugly. The 2960 supports inbound policing, so you can use a service policy for that, and "srr-queue bandwidth limit ..." for egress traffic. Not very nice to look after.

However step up to an "IP Base" 3650 or a 3850 and you can use policers inbound and outbound.

policy-map 256k
  class class-default
    police rate 256000 

interface GigabitEthernet1/0/1
  service-policy input 256k
  service-policy output 256k

Now does that look much nicer?

View solution in original post

Philip D'Ath · ‎06-08-2016

I wouldn't say it was impossible on a 2960, just much harder and ugly. The 2960 supports inbound policing, so you can use a service policy for that, and "srr-queue bandwidth limit ..." for egress traffic. Not very nice to look after.

However step up to an "IP Base" 3650 or a 3850 and you can use policers inbound and outbound.

policy-map 256k
  class class-default
    police rate 256000 

interface GigabitEthernet1/0/1
  service-policy input 256k
  service-policy output 256k

Now does that look much nicer?

Christopher Wibberley · ‎06-08-2016

Hi Phillip,

That certainly looks much nicer! That is really good to know there, thank you. I've not looked into srr-queue bandwidth limit before, so I know what I'm doing today!

Thanks a lot for your help - much appreciated.

Joseph W. Doherty · ‎06-08-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

BTW, I believe on the 2960, you need to enable QoS to use the policing and shaping features. If that's correct, I also believe the 2960 will implement default QoS settings that can have some unexpected effects both in erasing QoS tags and increasing drops rates. So, just be aware you might need to change other QoS settings to minimize the impact of enabling QoS.

Christopher Wibberley · ‎06-08-2016

Ok so I've taken a look at how I could do this on a C2960X. I only have spare C2960 LAN Lite switches lying around which are useless for this so I'm not able to test. What I was looking at is:

mls qos

interface F0/1
speed 100
srr-queue bandwidth limit 10

interface F0/2
speed 100
srr-queue bandwidth limit 40

The basic idea here is that Fe0/1 is limited to 10Mb in both directions, and Fe0/2 is limited to 40Mb in both directions. Would this work?

Joseph W. Doherty · ‎06-08-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The bandwidth limit command only impacts egress. For ingress, you'll need a policy (that polices).

Also, note, the bandwidth limit command isn't exact.

Lastly, the bandwidth limit command effectively shapes vs. policing. (Actually, that's often a good thing.) If you want a more precise shaper,, than bandwidth limit you can shape per egress queue. For you purposes, if you did that, you would want to direct (map) all traffic to just one egress queue and shape it.

Christopher Wibberley · ‎06-10-2016

Ok brilliant, so I think I'm nearly there! So a final config here could be something like the below. 4Mb in/out for Fe0/1 and 2Mb in/out for Fe0/2:

mls qos

policy-map 2m
  class class-default
    police rate 2048000 

policy-map 4m
  class class-default
    police rate 4096000 

interface F0/1
  service-policy input 4m
  speed 100
  srr-queue bandwidth limit 4

interface F0/2
  service-policy input 2m
  speed 100
  srr-queue bandwidth limit 2

Would this work? I know the bandwidth command isn't going to be exact, but it'll hopefully be near-enough.

Joseph W. Doherty · ‎06-10-2016

Yup, I think that's correct.

Ingress & egress bandwidth limit per switch port