Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2068
Views
0
Helpful
1
Replies

QoS Limit specific VLAN within trunk

Mike Bailey
Level 1
Level 1

‎01-26-2012 08:50 AM - edited ‎03-07-2019 04:33 AM

Hi there,

Need to limit the amount of bandwidth a specific VLAN can use on a 802.1q trunk port.

Situation is that we have a pair of Catalyst 4506 switches which have 802.1q trunk ports into a Checkpoint Firewall, this in turn is connected to a managed WAN router (to which I can't apply a QoS policy).

If the 4506 was routing the traffic it would be easy to setup a class-map to match the IP traffic and then QoS the traffic, but the VLAN in question is trunked directly into the firewall (no L3/IP presence on the 4506 next hop for all clients on this VLAN is the firewall).

What I need to do is restrict any traffic from this specific VLAN to 10Mbps on the uplink to the Checkpoint Firewall so it cannot impact the onward WAN.

My original thought was to do a class map with "match vlan" then set a policy map to "police" the traffic to 10Mbps and then apply this as a service-policy to the uplink but the 4506 can't seem to do a class map with "match vlan" something like this:

!

class-map v270

match vlan 270

!

policy-map v270_bw_limit

class v270

police 10240000 1920000 3840000 conform-action transmit exceed-action drop

!

interface GigabitEthernet2/1

  service-policy input v270_bw_limit

  service-policy output v270_bw_limit

!

Any ideas how to achieve this on a Catalyst 4506 with Supervisor IV running cat4500-entservicesk9-mz.122-46.SG.bin?


Regards

Michael

Labels:
0 Helpful
1 Reply 1

bonnardopjl
Level 1
Level 1

‎01-27-2012 09:21 AM

Hi, Mike,

just configure on your interface:

vlan-range 270

service policy input v270_bw_limit

I don't remember wether "service policy output" is possible here.

The policer apply on ingress only. If you want to limit the traafic on egress, you should use thing like

tx-queue 1

   bandwidth percent 15

tx-queue 2

   bandwidth percent 30

tx-queue 3

   bandwidth percent 10

   priority high

tx-queue 4

   bandwidth percent 45


By the way, you could also use classical IP ACL, they will work even without any routing in the switch.

Also, you could try to configure an interface vlan 270, without any ip@, and configure a policer under this interface (I am not sure it is possible on this hdw&IOS couple).

0 Helpful
Customers Also Viewed These Support Documents