Solved

Rate-limiting/policing VLAN traffic (ingress and egress) on Cisco access switch

Posted on 2011-02-15
4
3,854 Views
Last Modified: 2012-05-11
A customer is looking for a Cisco switch where they can rate-limit/police both ingress and egress traffic on a particular VLAN. They’re an ISP, and need to limit traffic to X-Mbps in/out on specific VLANs for their colo customers. Is there a way to accomplish this within an access switch, such as the Cisco 3560-X series?  Their core switch apparently isn’t capable of any of this, so trunking the VLAN to the core isn’t an option.

Looking at the QoS chapter of the 3560-X configuration guide - http://tinyurl.com/69jdhow - I see some examples of where you can implement policing through service policies, but this appears only to be for ingress traffic (not egress).  Plus, the examples all reference physical interfaces vs. VLAN’s.  Again, the goal is to rate-limit traffic arriving from, or exiting to a particular customer VLAN.  (I saw the “mls qos vlan-based” command does – “enables VLAN-based QoS on the port” – not clear what that does, or if it would apply here.)

Thank you – looking for design options to accomplish what the customer is looking for here, as well as configuration examples.
0
Comment
Question by:cfan73
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 250 total points
ID: 34926314
Rate-limiting and policing are typically done on ingress, which is most likely why those functions are not supported as egress functions on the 3560.  Maybe I'm missing something but I'm not sure why this won't work for your customer.  If you rate limit on the inbound side, you've inherently limited the amount of traffic that can be sent out on the other side of the switch.  Then the only concern becomes the order in which packets or frames are sent, which is the queueing and scheduling part of QoS, and which is supported on egress from the 3560.  What am I missing?
0
 
LVL 2

Assisted Solution

by:dslam24
dslam24 earned 250 total points
ID: 34947020
From my experience with the 3550/3560/3750 models, what you mentioned is about the only rate-limiting that you are able to do.  I am not so sure about the 4500 or 6500 series, although these are not really 'access' switches.

You may look at a different vendor such as Brocade/Foundry, I know that some ISPs use them heavily.
0
 

Author Comment

by:cfan73
ID: 35013444
Sorry for the extreme delay in responding here...  after much back and forth, the customer/we settled on a 4500-series switch.  The customer is an ISP, and was needing to regulate/police traffic on shared physical interfaces, based on the VLAN/subnet of each individual customer, and for both ingress/egress.

I'll share points equally to close out the thread.
0
 

Author Closing Comment

by:cfan73
ID: 35013456
A solution wasn't really provided through the thread.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question