Cisco Catalyst 500 Series - Segmenting VLAN and managing traffic

Posted on 2006-07-13
Last Modified: 2008-02-01
I am attempting to implement a Cisco Catalyst 500 series switch.  I was under the impression that I could separate each port into its own VLAN.  These VLAN's would be able to be managed down to the speed or bandwidth of the throughput.

I have two networks that are connected to the same T-1 each with their own assignable public IP address.

I was hoping to keep one VLAN at approximately 256 k / 256 k or 1/4 of the T-1 and leave the remainder of the T-1 data to a separate and more robust network.
After discussing this option with CDW's service team they assured me this would be possible with this switch.

It seems after an extensive investigation that I am only able to either control the Duplex (Full, Half, auto) or the actual port speed (10, 100) or I could setup an etherport thereby creating a virtual GIG port by using more than one 10/100 port.  

This isn't what I had in mind, but maybe I am perceiving it differently than it was originally explained to me.

Thank you for your assistance.  
You guys are the best!  I have always found my answers from you.

Pete Ophoven
Network Administrator
Seattle, WA
Question by:peter_ophoven

Expert Comment

Comment Utility
What they are probably thinking is for the switch to maybe mark the packet headers with QoS (DSCP/ToS) information. After which the packets can then be policed with little or no overhead at your router and achive the desired result.
LVL 10

Assisted Solution

naveedb earned 25 total points
Comment Utility
As rage419 explained, this will be done on the router not on the switch. What kind of router do you have that connects to the T-1? ToS can be tagged on the switch and then the actual router will determine how much bandwidth should be assigned to each ToS value.

Accepted Solution

rage419 earned 200 total points
Comment Utility
In your case, you may not even need the switch to do anything since you could police at the router (assuming the capability exists at the router) based on source IP or vlan if no other differentiation or classification is required and have less complexity. No real performance difference that I can think of in either case assuming again that the router would handle QoS in hardware.

Tagging the packet at the switch would add benefit only if you needed more granularity than just source IP and/or you also wanted to QoS traffic sourced from that switch elsewhere on the network as far as I know.
LVL 30

Assisted Solution

ded9 earned 25 total points
Comment Utility

Author Comment

Comment Utility
All comments are informative but also confusing to me.  

The design is one in which a CSU/DSU T-1 termination device (Edgelink 300 - installed by the data provider) providing a single ethernet port for data bandwidth.  In the beginning the data was providing internet to one office.  Now it is split up into two offices (and potentially three if this architecture works) all of which for security purposes must be kept separate from each other (which is the purpose of a VLAN).  

It seemed that plugging the Edgelink 300 T-1 Termination Device as the carrier for internet to the Cisco 500 series and then plug two sepate offices into this device will allow me to separate the offices.  Additionally though, I want to control the bandwidth to the separate offices (256 K 4 channels or 1/3 of the available data on one VLAN and the remaining on the second).

Each VLAN would then be configured by the router in each office (SonicWall 170) and (Cisco / Linksys WRV54 G) with its own assignable IP address.

I want to be able to control the bandwidth to each VLAN.
It doesn't seem like this Switch is the place to do that.  

It sounds more likely that I need a higher end router to police the traffice above the switch because this switch doesn't do what I need it to.


Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now