01-26-2012 08:50 AM - edited 03-07-2019 04:33 AM
Hi there,
Need to limit the amount of bandwidth a specific VLAN can use on a 802.1q trunk port.
Situation is that we have a pair of Catalyst 4506 switches which have 802.1q trunk ports into a Checkpoint Firewall, this in turn is connected to a managed WAN router (to which I can't apply a QoS policy).
If the 4506 was routing the traffic it would be easy to setup a class-map to match the IP traffic and then QoS the traffic, but the VLAN in question is trunked directly into the firewall (no L3/IP presence on the 4506 next hop for all clients on this VLAN is the firewall).
What I need to do is restrict any traffic from this specific VLAN to 10Mbps on the uplink to the Checkpoint Firewall so it cannot impact the onward WAN.
My original thought was to do a class map with "match vlan" then set a policy map to "police" the traffic to 10Mbps and then apply this as a service-policy to the uplink but the 4506 can't seem to do a class map with "match vlan" something like this:
!
class-map v270
match vlan 270
!
policy-map v270_bw_limit
class v270
police 10240000 1920000 3840000 conform-action transmit exceed-action drop
!
interface GigabitEthernet2/1
service-policy input v270_bw_limit
service-policy output v270_bw_limit
!
Any ideas how to achieve this on a Catalyst 4506 with Supervisor IV running cat4500-entservicesk9-mz.122-46.SG.bin?
Regards
Michael
01-27-2012 09:21 AM
Hi, Mike,
just configure on your interface:
vlan-range 270
service policy input v270_bw_limit
I don't remember wether "service policy output" is possible here.
The policer apply on ingress only. If you want to limit the traafic on egress, you should use thing like
tx-queue 1
bandwidth percent 15
tx-queue 2
bandwidth percent 30
tx-queue 3
bandwidth percent 10
priority high
tx-queue 4
bandwidth percent 45
By the way, you could also use classical IP ACL, they will work even without any routing in the switch.
Also, you could try to configure an interface vlan 270, without any ip@, and configure a policer under this interface (I am not sure it is possible on this hdw&IOS couple).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide