vince_mele
asked on
rate limit individual users to 4mb in a vlan
We have 30 users in a vlan and need to rate limit each individual user to 4mb. Any suggestions on how to design this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Our environment is pretty dynamic and the hosts will move around a bit so we didn't want to do anything port based. But thanks. We ended up using the rate limit command and access-lists:
rate-limit input access-group 2000 4000000 16000 24000 conform-action transmit exceed-action drop
rate-limit input access-group 2001 4000000 16000 24000 conform-action transmit exceed-action drop
rate-limit input access-group 2002 4000000 16000 24000 conform-action transmit exceed-action drop
access-list 2000 permit ip host 64.x.x.x any
access-list 2001 permit ip host 64.x.x.x any
access-list 2002 permit ip host 64.x.x.x any
rate-limit input access-group 2000 4000000 16000 24000 conform-action transmit exceed-action drop
rate-limit input access-group 2001 4000000 16000 24000 conform-action transmit exceed-action drop
rate-limit input access-group 2002 4000000 16000 24000 conform-action transmit exceed-action drop
access-list 2000 permit ip host 64.x.x.x any
access-list 2001 permit ip host 64.x.x.x any
access-list 2002 permit ip host 64.x.x.x any
But a very simple solution that will at least help is to hard-code the switch ports to 10mb/half duplex. Realistically, because of the way half-duplex ethernet functions, they are not likely to get past around 5 mb/sec. The reason is that as traffic increases, so do collisions, which causes the traffic to slow down. So it creates a natural rate-limiting environment, although it doesn't guarantee anything.