I have a 2901 serving as the primary gateway for a LAN with one uplink to an ISP. On the LAN side, I have an internal data VLAN and a guest data VLAN. They are on separate subnets 10.0.0.0/24 and 192.168.2.0/24 respectively. I'd like to set up traffic shaping to limit the amount of bandwidth available to/from the guest data VLAN going to the uplink and also give a higher precedence to internal data VLAN traffic. To do this, on the inside interface of the guest data VLAN, I've got a service-policy that sets the ip dscp value on all traffic passing through this interface and on the uplink interface, I have another service-policy that applies rate limiting based on ip dscp value. This seems to work okay for traffic going out the uplink interface, however I was unable to find any way to match inbound traffic destined for the guest data VLAN in order to apply a service-policy on traffic going the other direction. Is there a way to do this? Is there a better/cleaner way to implement rate limiting in the outbound direction than using traffic classification?
... View more