09-28-2008 10:09 PM - edited 03-06-2019 01:38 AM
Hi
I would like to limit the internet access bandwith for guest users on a Catalyst 3750 Stack (see attachment for layout) in the core.
I saw that this is possible with the srr-queue limit command, but as I understand, this is relative value to the link attached, in our case the FortiGate FW is attached to an Gigabit Ethernet port. So if i would configure a value of 10, then the limit rate would be 10% of 1'000'000'000 ~= 100 Mbit/s right?!
What I would like to have is, that the guest users (wired and wireless) only have 2 out of 6 Mbit/s for the internet access. Can you please help my, on how to configure this?
Thanks in advance for your help!
Solved! Go to Solution.
09-29-2008 01:19 AM
hi Dominic
as it shown in ur topology u have firewall
now the srr-queue is sechdualing methoed rathar than policing method
u can limit the bandwith based on source IPs two ways
first limit it on te switch by useing policing
or u can make the bandwidth managment on the internet edge device
on the firewall outise interface u can based on source IP make the limitations
if u use cisco ASA the following link is the solution:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml
for bandwidth managment and rate limit on switch have a look at the foolwoing post of min regarding a similer case to urs:
if helpful Rate
09-29-2008 01:19 AM
hi Dominic
as it shown in ur topology u have firewall
now the srr-queue is sechdualing methoed rathar than policing method
u can limit the bandwith based on source IPs two ways
first limit it on te switch by useing policing
or u can make the bandwidth managment on the internet edge device
on the firewall outise interface u can based on source IP make the limitations
if u use cisco ASA the following link is the solution:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml
for bandwidth managment and rate limit on switch have a look at the foolwoing post of min regarding a similer case to urs:
if helpful Rate
09-29-2008 03:49 AM
On the 3750, the srr-queue limit command trys to emulate a slower interface, although it's not exact. (I recall, because of hardware, it might have something like six speed notches.) You might try running the interface at 10 Mbps and then setting the configuration for 20%.
As an alternative, you could police your guest traffic to 2 Mbps.
[edit]
I've just looked at Marwan's link to his prior post -- there he shows an example of using policing.
09-29-2008 03:53 AM
hi Joseph
i think srr-queue is sechdualing method not policing so if there is no conjistion the traffic will be able to utilize the link right?
while with policing u cam rate limit the traffic at the maximum rate !!
09-29-2008 04:20 AM
Marwan, not sure I understand your comment.
The srr-queue command I think we're discussing, the "srr-queue bandwidth limit" (forgot to add "bandwidth" in prior post), does not allow full utilization of the link.
To quote from Cisco's reference manual:
"Usage Guidelines
If you configure this command to 80 percent, the port is idle 20 percent of the time. The line rate drops to 80 percent of the connected speed. These values are not exact because the hardware adjusts the line rate in increments of six. "
Effectively, as I noted in my prior post, the port behaves like a slower port, because of it being idle some of the time. Or, the effect would be somewhat like using a shaper (which I believe isn't supported on the 3750).
It's also not clear to me exactly what you mean by "while with policing u cam rate limit the traffic at the maximum rate !! "
One advantage of using the policier, it can be much more precise in the bit rate. However, as policers do, traffic above the bit rate will be dropped but traffic delayed by "srr-queue bandwidth limit" should be queued in the port queues.
[edit]
PS:
BTW:
Reading the above, you can see the "six" I remembered, but I now recall there are not six notches but jumps of six. I believe percentages of 1..6, 6...12, 13..18, etc., are treated something like 6%, 12%, 18%, etc.
09-29-2008 06:13 AM
hi everybody
thanks a lot for your help, I will try the way it is supposed under the link Marwan posted.
I will give you feedback.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide