Manage and configure an external Switch and Router - Page 2

Edson Vuma · ‎04-04-2013

Hi guys.

Take a good look at my topology here:

I have a few questions regarding to this:

1. How I can manage those devices, the Switch and the router?

What is the BEST SOLUTION to manage this devices?

2. I want to monitor the traffic on this environment, how I can do it? How I can monitor the traffic from customer A, Customer B, and my own LAN traffic, in terms of bandwidth that has passed throught my devices? Is it possible to monitor on MY LAN, or I have to monitor from the EXTERNAL switch?

3. How I can limit the bandwidth?

I was trying to configure it using access list, with policy-map, etc....and limit this on each interface.....

Using this commands:

ip access-list extended ACL_3Mbps

permit ip any any

class-map Link_3Mbps

match access-group ACL_3Mbps

policy-map Policy_3Mbps

class Link_3Mbps

police 3000000 8000 exceed-action drop

Switch(config)# interface gigabitethernet1/0/12 <----EXAMPLE

Switch(config-if)# service-policy input Policy_3Mbps

This configuration was going so well, but on the last command that I tried to run, it denied:
Switch(config-if)# service-policy output Policy_3Mbps <----It doesnt accept the "OUTPUT" word....ONLY THAT TO FINISH MY CONFIGS.

The interface does not support the specified policy configuration and/or parameter values.

Warning: Assigning a policy map to the output side of an interface not supported

With I few reading, I could see that the SWITCH 3750 doesnt support this configs.

So I searched and found this:

http://www.techrepublic.com/blog/networking/limit-bandwidth-on-a-cisco-catalyst-switch-port/404

But, now I have a concern.

My INTERNET LINK is 30 Mbps, the ports on the Switch (WS-C3750X-48P-L) are Gigabit Ethernet.

How I can limit the bandwidth here? For example, How I can limit a interface to 3Mbps

I was thinking about this:

- Limit the interface to 10Mbps: speed 10

- and limit the interface with 30% of this speed: srr-queue bandwidth limit 30

Is this correct, is this a good practice?

Does this work for both UPLOAD and DOWNLOAD?

When the packets passes that 3Mbps limitation, will they be droped?

I hope I have clarified very well about my questions in order to have full support on this.

Any help, guys?

--
Regards
Edson Vuma

-- Regards Edson Vuma

Edson Vuma · ‎04-16-2013

Hi, Bilal

Thanks for your time helping on this.

I saw your solution and I will consider a review of my topology,

But first, I have a quick question.

See the attached PKT file:

1. How I can telnet the router over the switch?

Just to clarify, this router has SUB-interfaces.

What configuration must be done?

--
Regards
Edson Vuma

-- Regards Edson Vuma

Bilal Nawaz · ‎04-16-2013

Hello Edson, where are you telneting from please?

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Edson Vuma · ‎04-16-2013

Hi, Bilal.

On the topology I gave you, how I can TELNET to the router, going through the SWITCH1, the one connected directly to the Router.

Thanks

--
Regards
Edson Vuma

-- Regards Edson Vuma

Bilal Nawaz · ‎04-16-2013

But which device are you telneting from? I already know that you want to telnet through the switch to the router. You haven't told me which device you are doing the telnet command from.

Are you telneting from a PC, because thats what you would normally do.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Edson Vuma · ‎04-16-2013

On this topology, I can connect directly a PC on the SWITCH 1, this way I can connect to the SWITCH 1, and then telnet to the router.

But How I can do it?

--
Regards
Edson Vuma

-- Regards Edson Vuma

Edson Vuma · ‎04-16-2013

Hi, Bilal

I created another SUB-interface and added to this an IP that is on the same network as the switch:

ON SWITCH:

!

interface Vlan1

ip address 10.10.10.1 255.255.255.0

!

ON ROUTER:

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.10.10.10 255.255.255.0

!

Now I can ping from the Switch to the router.

But, when I try to Telnet, I get this error:

R1#telnet 10.10.10.1

Trying 10.10.10.1 ...Open

[Connection to 10.10.10.1 closed by foreign host]

Any suggestion?

--
Regards
Edson Vuma

-- Regards Edson Vuma

Bilal Nawaz · ‎04-16-2013

Hello Edson, you need to create a password for this....

try this:

router(config)# enable password xxxxxx

router(config-line)# line vty 0 4

router(config-line)# password xxxxxx

router(config)#exit

router# copy run start

and try again.

Enable it on the switch too so you can access both of them.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Edson Vuma · ‎04-16-2013

Thanks for your email, Bilal.

It worked.

My ONLY worry now is to limit the bandwith....this issue is killing me.

--
Regards
Edson Vuma

-- Regards Edson Vuma

Bilal Nawaz · ‎04-16-2013

Hi Edson, you can limit the bandwidth on the router, just tell me which subnets you want to limit, and how much bandwidth, and I can suggest configuration for you.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Edson Vuma · ‎04-16-2013

The ISP gives us 30Mbps Internet Link.

I want to set, for example, a 3 Mbps link to customer A, who is related to the following sub-interface:

!

interface GigabitEthernet0/1.11

description CLIENTS_STATIC_IPs

encapsulation dot1Q 11

ip address

!

Thanks

--
Regards
Edson Vuma

-- Regards Edson Vuma

Bilal Nawaz · ‎04-16-2013

You can do QoS with the bandwidth command on the router.

ip access-list extended 3_Mbps

10 permit any

!

class-map match-all 3_Mbps

match access-group name 3_Mbps

!

Policy-map 3_Mbps

class 3_Mbps

bandwidth 3000

!

interface gi0/1

service policy input 3_Mbps

This way you limit anything that matches in your Access list to the specified bandwidth.

Hope this helps.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Edson Vuma · ‎04-16-2013

Hi, Bilal, just a quick question

1. I see:

interface gi0/1

service policy input 3_Mbps

- It is for the whole interface or just the sub-interface?

This command: service policy input 3_Mbps

- works for both download and upload?

Thanks

--
Regards
Edson Vuma

-- Regards Edson Vuma

Bilal Nawaz · ‎04-16-2013

No. This is why we are using the ACL. We need to match traffic from your subnet you want to limit. In PT we are not able to apply a service policy to a sub-interface, have you tried it?

Please do read this document to get a better understanding of the configuration.

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfmcli2.html

For inbound and outbound you have options of input and output.

But your ACL's will be differnet since you need to class out going traffic vs incoming traffic.

Hope this helps

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Edson Vuma · ‎04-16-2013

Hi, Bilal

Thanks

I will try this, and I will let you know about it, OK?

--
Regards
Edson Vuma

-- Regards Edson Vuma