12-26-2009 07:30 AM - edited 03-06-2019 09:05 AM
I have what should be an easy one, but the solution has evaded me.
I have 3 VLANs (lets say 1,2,3) and I am working with a 3560 switch. On VLAN 3 I have a WAN link to an ISP that is only 500k (satellite). I have a few users on the 3560 switch that are chewing up the entire 500k pipe and other users on VLAN 3 throughout the network are unable to utilize the Internet.
I want to limit the data rate of VLAN 3 on the 3560 switch to 100k without effecting VLAN 1 or 2.
I have tried several methods, VLAN rate-limit, and class-poicy policing, storm-control, ect... but it does not seem any have the desired affect.
What am I doing wrong?
12-26-2009 08:17 AM
Hi,
As you have tried all the thing to rate limit the bandwidth what i can suggest in cisco 3560 switch to rate limit is to go with policy map configuration in cisco 3560 swithces, check out the following sample configuration hope this helps out your query !!
Policy each whole physical port at some value. The regular policer will help you here.
policy-map each-port-limit
class class-default
police 1000000 125000 exceed-action drop
int fa0/5
service-policy input each-port-limit
int fa0/12
service-policy input each-port-limit
int fa0/15
service-policy input each-port-limit
With this configuration applied _each_ of three ports will be limited up to 1Mbps.
Policy all traffic together coming from all of the physical ports. The aggregate
policer will help you here.
mls qos aggregate-policer agg-policer 1000000 125000 exceed-action drop
policy-map agg-limit
class class-default
police aggregate agg-policer
int fa0/5
service-policy input agg-limit
int fa0/12
service-policy input agg-limit
int fa0/15
service-policy input agg-limit
Those, all the traffic coming from these three ports will be limited up to 1Mbps.
Hope this helps !!
Regards
Ganesh.H
12-26-2009 10:22 AM
Thanks for the reply Ganesh
.
I would like to stick with only limiting the VLAN. I guess I should have mentioned it in advance, each of the ports have a voice VLAN (lets say VLAN 2). So, any rate limiting to the physical port, affects the quality of the VOIP if the user is downloading. That is why I am focusing on the VLAN rate limiting/shaping so that the Voice VLAN is unaffected.
12-26-2009 10:48 PM
as long as you are using 3560 you can implement per vlan policing as follwoing
you want to limit valn 3 to 100 k only
lets say you have the follwoing ports in vlan 3
0/1 and 0/2
access-list 100 permit ip any any
class-map IP_TRAFFIC
match access-group 100
class-map VLAN3_PORTS
match input-interface fa0/1 - 2
policy-map PORTS_POLICY
class VLAN_PORTS
police 100000
policy-map VLAN3_POLICY
class IP_TRAFFIC
service-policy PORTS_POLICY
interface vlan 3
service-policy input VLAN3_POLICY
last important step is :
on each trunk or interface in vlan 3 in our example 0/1 and 0/2
int range fa0/1 - 2
mls qos vlan-based
good luck
if helpful Rate
12-26-2009 11:33 PM
When attempting to config, I get the follow response when trying to assign the service-policy to vlan3
switch(config)#int vlan 3
switch(config-if)#service-policy input VLAN3_POLICY
%QoS: No action is configured in the policymap VLAN3_POLICY classmap IP_TRAFFIC,
or it is being modified.
===================================================================
What is currently in running config:
class-map match-all IP_TRAFFIC
match access-group 100
class-map match-all VLAN3_PORTS
match input-interface FastEthernet0/23 (trunk port upstream)
match input-interface FastEthernet0/24 (trunk port downstream)
!
!
policy-map PORTS_POLICY
class VLAN3_PORTS
police 100000 8000 exceed-action drop
policy-map VLAN3_POLICY
class IP_TRAFFIC
service-policy PORTS_POLICY
!
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!
!
interface Vlan3
no ip address
no ip route-cache
shutdown
==============================================================
12-27-2009 01:02 AM
policy-map VLAN3_POLICY
class IP_TRAFFIC
set dscp [ any value suit your network ]
service-policy PORTS_POLICY
good luck
12-27-2009 01:14 AM
New Error Response when attempting to apply service policy to vlan 3.
switch(config-if)#int vlan 3
switch(config-if)#service-policy input VLAN3_POLICY
Service Policy attachment failed
=================Config so far=================================
class-map match-all IP_TRAFFIC
match access-group 100
class-map match-all VLAN3_PORTS
match input-interface FastEthernet0/24
match input-interface FastEthernet0/23
!
!
policy-map PORTS_POLICY
class VLAN3_PORTS
police 100000 8000 exceed-action drop
policy-map VLAN3_POLICY
class IP_TRAFFIC
set dscp default
service-policy PORTS_POLICY
!
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!
!
interface Vlan800
no ip address
no ip route-cache
shutdown
!
!
============================================================
12-27-2009 01:22 AM
can change this
class-map match-all VLAN3_PORTS
to
class-map match-any VLAN3_PORTS
if its failed try to assign IP address to vlan3 interface
12-27-2009 01:49 AM
Same error response.
"Service Policy attachment failed"
I can not assign an IP to the VLAN 3 interface, as it not the native. VLAN 1 has the IP to telnet, ect... Plus we are very limited on VLAN 3 IPs and can not afford to use on infrastucture.
I really do appriciate all of your assistance.
12-27-2009 02:49 AM
you are welcome
but assure you this is the proper way to configure per vlan or vlan based qos in 3560
and i did configured it before !!
try to check if qos enabled in your switch and search cisco.com for 3560 vlan based qos
good luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide