Port limiting on a Cisco 3550

Discussion in 'Cisco' started by jlamanna@gmail.com, May 6, 2009.

  1. Guest

    Hi,
    I'm trying to limit the total bandwidth on a port (essentially
    bandwidth limiting a customer) for both input and output.
    I've read various articles on how to do this correctly, though I don't
    seem to be able to get something that works effectively.

    Thanks.

    Here's parts of a relevant configuration that I think "should" work
    but doesn't appear to:

    mls qos map cos-dscp 0 8 16 24 32 46 48 56
    mls qos min-reserve 5 170
    mls qos min-reserve 6 85
    mls qos min-reserve 7 51
    mls qos min-reserve 8 34
    mls qos
    ip routing

    class-map match-all all-out
    match ip dscp default
    class-map match-all all-in
    match access-group 1
    !
    policy-map limit-out-5mb
    class all-out
    police 5242500 327656 exceed-action drop
    policy-map limit-in-5mb
    class all-in
    police 5242500 327656 exceed-action drop
    !
    interface FastEthernet0/2
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 87
    switchport mode trunk
    speed 100
    duplex full
    auto qos voip trust
    wrr-queue bandwidth 10 20 70 1
    wrr-queue min-reserve 1 5
    wrr-queue min-reserve 2 6
    wrr-queue min-reserve 3 7
    wrr-queue min-reserve 4 8
    wrr-queue cos-map 1 0 1
    wrr-queue cos-map 2 2 4
    wrr-queue cos-map 3 3 6 7
    wrr-queue cos-map 4 5
    priority-queue out
    service-policy input limit-in-5mb
    service-policy output limit-out-5mb
    !

    access-list 1 permit any
     
    , May 6, 2009
    #1
    1. Advertising

  2. flamer Guest

    mls qos aggregate-policer 5M 5120000 80000 exceed-action drop

    access-list 100 permit ip any any

    mac access-list extended c_all_nonIP
    permit any any
    class-map match-all Got-all-nonIP
    match access-group name c_all_nonIP
    class-map match-all Got-all-IP
    match access-group 100


    policy-map T5M
    class Got-all-IP
    trust dscp
    police aggregate 5M
    class Got-all-nonIP
    police aggregate 5M
    trust cos

    interface fa0/1
    service in T5M
    service out T5M

    Flamer.
     
    flamer , May 8, 2009
    #2
    1. Advertising

  3. bod43 Guest

    On 8 May, 05:06, "flamer " <>
    wrote:
    > mls qos aggregate-policer 5M 5120000 80000 exceed-action drop
    >
    > access-list 100 permit ip any any
    >
    > mac access-list extended c_all_nonIP
    >  permit any any
    > class-map match-all Got-all-nonIP
    >   match access-group name c_all_nonIP
    > class-map match-all Got-all-IP
    >   match access-group 100
    >
    > policy-map T5M
    >   class Got-all-IP
    >     trust dscp
    >     police aggregate 5M
    >   class Got-all-nonIP
    >     police aggregate 5M
    >     trust cos
    >
    > interface fa0/1
    > service in T5M
    > service out T5M
    >
    > Flamer.


    Does that work on a 3550? I don't think so, would
    be very relieved if it does though:)

    As far as I understand it you have to manipulate the input
    and output queues yourself with some low level commands.
    Horrible stuff.
     
    bod43, May 8, 2009
    #3
  4. flamer Guest

    On May 9, 1:06 am, bod43 <> wrote:
    > On 8 May, 05:06, "flamer " <>
    > wrote:
    >
    >
    >
    > > mls qos aggregate-policer 5M 5120000 80000 exceed-action drop

    >
    > > access-list 100 permit ip any any

    >
    > > mac access-list extended c_all_nonIP
    > >  permit any any
    > > class-map match-all Got-all-nonIP
    > >   match access-group name c_all_nonIP
    > > class-map match-all Got-all-IP
    > >   match access-group 100

    >
    > > policy-map T5M
    > >   class Got-all-IP
    > >     trust dscp
    > >     police aggregate 5M
    > >   class Got-all-nonIP
    > >     police aggregate 5M
    > >     trust cos

    >
    > > interface fa0/1
    > > service in T5M
    > > service out T5M

    >
    > > Flamer.

    >
    > Does that work on a 3550? I don't think so, would
    > be very relieved if it does though:)
    >
    > As far as I understand it you have to manipulate the input
    > and output queues yourself with some low level commands.
    > Horrible stuff.


    I can confirm 100% that it does since i took it from my 3550 template.
    why don't you try it!

    Flamer.
     
    flamer , May 9, 2009
    #4
  5. On May 9, 12:18 am, "flamer "
    <> wrote:
    > On May 9, 1:06 am, bod43 <> wrote:
    >
    >
    >
    >
    >
    > > On 8 May, 05:06, "flamer " <>
    > > wrote:

    >
    > > > mls qos aggregate-policer 5M 5120000 80000 exceed-action drop

    >
    > > > access-list 100 permit ip any any

    >
    > > > mac access-list extended c_all_nonIP
    > > >  permit any any
    > > > class-map match-all Got-all-nonIP
    > > >   match access-group name c_all_nonIP
    > > > class-map match-all Got-all-IP
    > > >   match access-group 100

    >
    > > > policy-map T5M
    > > >   class Got-all-IP
    > > >     trust dscp
    > > >     police aggregate 5M
    > > >   class Got-all-nonIP
    > > >     police aggregate 5M
    > > >     trust cos

    >
    > > > interface fa0/1
    > > > service in T5M
    > > > service out T5M

    >
    > > > Flamer.

    >
    > > Does that work on a 3550? I don't think so, would
    > > be very relieved if it does though:)

    >
    > > As far as I understand it you have to manipulate the input
    > > and output queues yourself with some low level commands.
    > > Horrible stuff.

    >
    > I can confirm 100% that it does since i took it from my 3550 template.
    > why don't you try it!
    >
    > Flamer.


    That does not work.
    It cannot limit outbound traffic on the interface (if you try to apply
    the service-policy to 'output' you'll notice it does not take effect).
     
    James Lamanna, May 20, 2009
    #5
  6. flamer Guest

    On May 21, 10:03 am, James Lamanna <> wrote:
    > On May 9, 12:18 am, "flamer "
    >
    >
    >
    > <> wrote:
    > > On May 9, 1:06 am, bod43 <> wrote:

    >
    > > > On 8 May, 05:06, "flamer " <>
    > > > wrote:

    >
    > > > > mls qos aggregate-policer 5M 5120000 80000 exceed-action drop

    >
    > > > > access-list 100 permit ip any any

    >
    > > > > mac access-list extended c_all_nonIP
    > > > >  permit any any
    > > > > class-map match-all Got-all-nonIP
    > > > >   match access-group name c_all_nonIP
    > > > > class-map match-all Got-all-IP
    > > > >   match access-group 100

    >
    > > > > policy-map T5M
    > > > >   class Got-all-IP
    > > > >     trust dscp
    > > > >     police aggregate 5M
    > > > >   class Got-all-nonIP
    > > > >     police aggregate 5M
    > > > >     trust cos

    >
    > > > > interface fa0/1
    > > > > service in T5M
    > > > > service out T5M

    >
    > > > > Flamer.

    >
    > > > Does that work on a 3550? I don't think so, would
    > > > be very relieved if it does though:)

    >
    > > > As far as I understand it you have to manipulate the input
    > > > and output queues yourself with some low level commands.
    > > > Horrible stuff.

    >
    > > I can confirm 100% that it does since i took it from my 3550 template.
    > > why don't you try it!

    >
    > > Flamer.

    >
    > That does not work.
    > It cannot limit outbound traffic on the interface (if you try to apply
    > the service-policy to 'output' you'll notice it does not take effect).


    then apply it INBOUND on the other end of the link /uplink! duh.

    Flamer.
     
    flamer , May 21, 2009
    #6
  7. On May 20, 9:26 pm, "flamer "
    <> wrote:
    > On May 21, 10:03 am, James Lamanna <> wrote:
    >
    >
    >
    >
    >
    > > On May 9, 12:18 am, "flamer "

    >
    > > <> wrote:
    > > > On May 9, 1:06 am, bod43 <> wrote:

    >
    > > > > On 8 May, 05:06, "flamer " <>
    > > > > wrote:

    >
    > > > > > mls qos aggregate-policer 5M 5120000 80000 exceed-action drop

    >
    > > > > > access-list 100 permit ip any any

    >
    > > > > > mac access-list extended c_all_nonIP
    > > > > >  permit any any
    > > > > > class-map match-all Got-all-nonIP
    > > > > >   match access-group name c_all_nonIP
    > > > > > class-map match-all Got-all-IP
    > > > > >   match access-group 100

    >
    > > > > > policy-map T5M
    > > > > >   class Got-all-IP
    > > > > >     trust dscp
    > > > > >     police aggregate 5M
    > > > > >   class Got-all-nonIP
    > > > > >     police aggregate 5M
    > > > > >     trust cos

    >
    > > > > > interface fa0/1
    > > > > > service in T5M
    > > > > > service out T5M

    >
    > > > > > Flamer.

    >
    > > > > Does that work on a 3550? I don't think so, would
    > > > > be very relieved if it does though:)

    >
    > > > > As far as I understand it you have to manipulate the input
    > > > > and output queues yourself with some low level commands.
    > > > > Horrible stuff.

    >
    > > > I can confirm 100% that it does since i took it from my 3550 template..
    > > > why don't you try it!

    >
    > > > Flamer.

    >
    > > That does not work.
    > > It cannot limit outbound traffic on the interface (if you try to apply
    > > the service-policy to 'output' you'll notice it does not take effect).

    >
    > then apply it INBOUND on the other end of the link /uplink! duh.


    The uplink serves multiple customers and I want to limit 1 customer on
    the switch,
    so limiting the uplink wouldn't make much sense.

    >
    > Flamer.
     
    James Lamanna, May 21, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Craig Whitmore

    Rate Limiting on a 3550/2950 combo

    Craig Whitmore, Jul 20, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,813
    Craig Whitmore
    Jul 20, 2003
  2. Rick
    Replies:
    10
    Views:
    12,356
    riteshmahajan1
    Dec 17, 2008
  3. Peter Cafs

    3550 - SMI Rate Limiting

    Peter Cafs, Feb 26, 2004, in forum: Cisco
    Replies:
    1
    Views:
    828
    Steinar Haug
    Feb 26, 2004
  4. Mat Sharpe

    3550 switch + rate-limiting. Help!

    Mat Sharpe, Jun 18, 2004, in forum: Cisco
    Replies:
    1
    Views:
    3,142
    Steinar Haug
    Jun 18, 2004
  5. Patrick Cervicek
    Replies:
    0
    Views:
    868
    Patrick Cervicek
    Aug 7, 2007
Loading...

Share This Page