• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4034
  • Last Modified:

Rate-limiting/policing VLAN traffic (ingress and egress) on Cisco access switch

A customer is looking for a Cisco switch where they can rate-limit/police both ingress and egress traffic on a particular VLAN. They’re an ISP, and need to limit traffic to X-Mbps in/out on specific VLANs for their colo customers. Is there a way to accomplish this within an access switch, such as the Cisco 3560-X series?  Their core switch apparently isn’t capable of any of this, so trunking the VLAN to the core isn’t an option.

Looking at the QoS chapter of the 3560-X configuration guide - http://tinyurl.com/69jdhow - I see some examples of where you can implement policing through service policies, but this appears only to be for ingress traffic (not egress).  Plus, the examples all reference physical interfaces vs. VLAN’s.  Again, the goal is to rate-limit traffic arriving from, or exiting to a particular customer VLAN.  (I saw the “mls qos vlan-based” command does – “enables VLAN-based QoS on the port” – not clear what that does, or if it would apply here.)

Thank you – looking for design options to accomplish what the customer is looking for here, as well as configuration examples.
0
cfan73
Asked:
cfan73
  • 2
2 Solutions
 
jmeggersCommented:
Rate-limiting and policing are typically done on ingress, which is most likely why those functions are not supported as egress functions on the 3560.  Maybe I'm missing something but I'm not sure why this won't work for your customer.  If you rate limit on the inbound side, you've inherently limited the amount of traffic that can be sent out on the other side of the switch.  Then the only concern becomes the order in which packets or frames are sent, which is the queueing and scheduling part of QoS, and which is supported on egress from the 3560.  What am I missing?
0
 
dslam24Commented:
From my experience with the 3550/3560/3750 models, what you mentioned is about the only rate-limiting that you are able to do.  I am not so sure about the 4500 or 6500 series, although these are not really 'access' switches.

You may look at a different vendor such as Brocade/Foundry, I know that some ISPs use them heavily.
0
 
cfan73Author Commented:
Sorry for the extreme delay in responding here...  after much back and forth, the customer/we settled on a 4500-series switch.  The customer is an ISP, and was needing to regulate/police traffic on shared physical interfaces, based on the VLAN/subnet of each individual customer, and for both ingress/egress.

I'll share points equally to close out the thread.
0
 
cfan73Author Commented:
A solution wasn't really provided through the thread.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now