Re: Limit bandwidth for a VLAN interface

vin2 · ‎03-01-2019

Hi,

I'm looking to limit the bandwidth that is used by particular VLAN in my network. This VLan is a straight shot out to the internet and is used by external contractors. It shares the company internet pipe so is in effect a guest network ( although not wireless )

The vlan terminates on my Core switch Cisco 4500R so i thought i would be able to add a service policy to police or limit the bandwidth for this vlan however. Whenever i try to apply to policy to the vlan int the command is accepted but doesnt seem to be applied. Is it supported to police a vlan interface in this manner or is there another way I can apply this limit ?

Regards

Georg Pauwen · ‎03-01-2019

Hello,

which IOS are you running on your 4500 ?

Typically, the service policy would need to be applied to all physical ports belonging to the VLAN as well, in addition to the SVI. So the config would look like this:

class-map VLAN_10_CM
match vlan 10
!
policy-map VLAN_10_PM
class VLAN_10_CM
bandwidth percentage 25
!
interface Gigabitethernet 1/0/2
switchport mode access
switchport access vlan 10
service-policy input VLAN_10_PM
service-policy output VLAN_10_PM
!
interface Gigabitethernet 1/0/3
switchport mode access
switchport access vlan 10
service-policy input VLAN_10_PM
service-policy output VLAN_10_PM
!
interface Vlan 10
service-policy input VLAN_10_PM
service-policy output VLAN_10_PM

vin2 · ‎03-01-2019

Thanks for your reply,

If i have to apply the service policy to the physical interfaces then i assume i'll have to move this down to the Access Layer switches or is there away i can apply it to trunk links and target only the vlan i want to limit ? ( i don't seem to have the option for Match vlan )

When applying the Service Policy as below it will accept the commands but doesnt not appear in my running config.

interface Vlan 10
service-policy input VLAN_10_PM
service-policy output VLAN_10_PM

I do seem to be able to apply the service policy at the VLan configuration level however although the device takes the settings they don't seem to function. ( I assume this is as you say it has to be applied to a physical interface )

I'm running;

Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e s8-UNIVERSALK9-M), Version 03.08.05.E RELEASE SOFTWARE (fc2)

Georg Pauwen · ‎03-01-2019

Hello,

on a trunk interface, try and configure the below:

Switch(config-if)# vlan-range vlan_range

Switch(config-if-vlan-range)# service-policy {input | output} policy-map

That is called per-port per-Vlan QoS.

That said, what are your class map match options ?

Also, interface config mode, is the command 'qos vlan-based' available ?

paul driver · ‎03-01-2019

Hello

@vin2 wrote

. Whenever i try to apply to policy to the vlan int the command is accepted but doesnt seem to be applied. Is it supported to police a vlan interface in this manner or is there another way I can apply this limit ?

Sounds like you would like to police/aggregate traffic for a specific vlan.

Possible Example:
qos aggregate-policer vlan10_policer 20mbps conform-action transmit
exceed-action
drop

access-list 100 permit ip any any
class-map match-all Vlan10_cm
match access-group 100

policy-map Vlan10_pm
class Vlan10_cm
police aggregate vlan10_policer

int x/x
description access port
qos vlan-based

int vlan 10
service-policy output Vlan10_pm

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul