06-07-2016 03:53 PM - edited 03-08-2019 06:06 AM
Hi,
I've been reading a number of different resources but cannot say (with any confidence) that I understand how I can achieve something. I've been asked to install a switch for a business park. Each tenant will have their own individual switch port. I've proposed a Cisco 2960X LAN Base.
Each tenant needs the bandwidth limiting, and I was hoping I could do this on a per-port basis. However, this needs to be limited in both directions.
Looking at policers, I understand that they may only be applicable for ingress traffic (upload, from the tenant's view). To use a policer for the tenant's download traffic I'd have to configure this on the port connecting to the main internet router, which will have all return traffic from all tenants traversing it - not something I can police very well. Or, I may be getting this completely wrong.
Is there an easy way of simply limiting bandwidth in both directions on individual switchports?
Kind regards,
Chris.
Solved! Go to Solution.
06-08-2016 01:07 AM
I wouldn't say it was impossible on a 2960, just much harder and ugly. The 2960 supports inbound policing, so you can use a service policy for that, and "srr-queue bandwidth limit ..." for egress traffic. Not very nice to look after.
However step up to an "IP Base" 3650 or a 3850 and you can use policers inbound and outbound.
policy-map 256k
class class-default
police rate 256000
interface GigabitEthernet1/0/1
service-policy input 256k
service-policy output 256k
Now does that look much nicer?
06-08-2016 01:07 AM
I wouldn't say it was impossible on a 2960, just much harder and ugly. The 2960 supports inbound policing, so you can use a service policy for that, and "srr-queue bandwidth limit ..." for egress traffic. Not very nice to look after.
However step up to an "IP Base" 3650 or a 3850 and you can use policers inbound and outbound.
policy-map 256k
class class-default
police rate 256000
interface GigabitEthernet1/0/1
service-policy input 256k
service-policy output 256k
Now does that look much nicer?
06-08-2016 01:47 AM
Hi Phillip,
That certainly looks much nicer! That is really good to know there, thank you. I've not looked into srr-queue bandwidth limit before, so I know what I'm doing today!
Thanks a lot for your help - much appreciated.
06-08-2016 05:14 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
BTW, I believe on the 2960, you need to enable QoS to use the policing and shaping features. If that's correct, I also believe the 2960 will implement default QoS settings that can have some unexpected effects both in erasing QoS tags and increasing drops rates. So, just be aware you might need to change other QoS settings to minimize the impact of enabling QoS.
06-08-2016 05:39 AM
Ok so I've taken a look at how I could do this on a C2960X. I only have spare C2960 LAN Lite switches lying around which are useless for this so I'm not able to test. What I was looking at is:
mls qos
interface F0/1
speed 100
srr-queue bandwidth limit 10
interface F0/2
speed 100
srr-queue bandwidth limit 40
The basic idea here is that Fe0/1 is limited to 10Mb in both directions, and Fe0/2 is limited to 40Mb in both directions. Would this work?
06-08-2016 07:20 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
The bandwidth limit command only impacts egress. For ingress, you'll need a policy (that polices).
Also, note, the bandwidth limit command isn't exact.
Lastly, the bandwidth limit command effectively shapes vs. policing. (Actually, that's often a good thing.) If you want a more precise shaper,, than bandwidth limit you can shape per egress queue. For you purposes, if you did that, you would want to direct (map) all traffic to just one egress queue and shape it.
06-10-2016 02:17 AM
Ok brilliant, so I think I'm nearly there! So a final config here could be something like the below. 4Mb in/out for Fe0/1 and 2Mb in/out for Fe0/2:
mls qos
policy-map 2m
class class-default
police rate 2048000
policy-map 4m
class class-default
police rate 4096000
interface F0/1
service-policy input 4m
speed 100
srr-queue bandwidth limit 4
interface F0/2
service-policy input 2m
speed 100
srr-queue bandwidth limit 2
Would this work? I know the bandwidth command isn't going to be exact, but it'll hopefully be near-enough.
06-10-2016 05:22 AM
Yup, I think that's correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide