[c-nsp] limit throughput on a 3750?

Shaun Reitan mailinglists at unix-scripts.com
Sat May 14 05:53:31 EDT 2005 

I give each customer there own vlan, so there are no other customers on this
vlan.

You said to apply the policy-map to the trunk interface.  This customer/vlan
is on multiple 2950's so there are multiple trunked ports on the 3750 that
this customer/vlan comes in on.  If i apply the policy-map on all the trunk
interfaces will each port have a 20mbit limit or will the ports combine have
the 20mbit limit?

Rather than put the policy-map on the trunk can i put it on my interface
that connects out to my provider?

I'm going to be testing/playing with this more tomarrow night, just figured
i might as well ask these questions.

Thanks again!


----- Original Message -----
From: "Andris Zarins" <andris.zarins at microlink.lv>
To: "Shaun Reitan" <mailinglists at unix-scripts.com>
Sent: Saturday, May 14, 2005 1:21 AM
Subject: RE: [c-nsp] limit throughput on a 3750?


Hi,

First you need to define customers traffic. If there are several
customers in same VLAN and you want to limit just one of them - write an
ACL describing that customers traffic u want to limit. If this is one
customer's VLAN and you want to limit all traffic in that VLAN - write
it in class-map.

Second - create a class-map, matching VLAN 'match vlan [id]' or matching
ACL u created with 'match access-group [name]

Third - Create policy map with class u created, and configure 'police
[amount]'

Fourth - apply that policy map to a trunk interface (physical Ethernet
interface, not SVI or VLAN) using 'service-policy [policy-map-name]
command.

Result - traffic that matches criteria defined in class-map (either
VLAN, ACL or both or any other combination) will be policed to rate u
specify under policy-map class-map subcommand. Rest of traffic, that
doesn't match class-map will go under class-default and will not be
affected in any manner.

Hope this helps, let me know if any more questions


Andris

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Shaun Reitan
Sent: Saturday, May 14, 2005 9:09 AM
To: lists at hojmark.org
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] limit throughput on a 3750?

None of my customer equipment/servers physically connects to my 3750,
they
all connect into the 2950's.  Each 2950 is connected to the 3750 and i
do a
`sw mo trunk` on those ports.  So it sounds like vlan based QoS wont
work
for me..

Really all that matters is that i limit this one customers traffic
leaving
my network.  How can i limit on the egress interface so that only this
customer is limited to 20mbit while all other customers have a "uncaped
limit"?

~Shaun


----- Original Message -----
From: <lists at hojmark.org>
To: "'Shaun Reitan'" <mailinglists at unix-scripts.com>
Cc: <cisco-nsp at puck.nether.net>
Sent: Friday, May 13, 2005 9:51 AM
Subject: RE: [c-nsp] limit throughput on a 3750?


> > This specific customer has 30 machines or so now on 3 diffrent
> > 2950G-EI-48's, those switches are trunked to the 3750.  The
> > vlan lives on the 3750 (vtp server) and the 2950's are vtp
> > clients.  The customer wants a 20mbit limit for all of his
> > servers combine.  Meaning that if every server was pushing
> > 1mbit, totaling 30mbit that they would be limited down to
> > 20mbit.
>
> > So... what your saying is that i need to apply this VLAN-based
> > QOS to every port his server is attached to (on the 2950)?
>
> No, actually I wrote that if all you wanted is to limit the
> traffic from that customer, as it exits the 3750, you can do
> that on the egress interface.
>
> But otherwise yes if you want to do VLAN-based QoS, you need
> to turn that on on all VLAN member ports.
>
> > What about the ports that trunk to the 2950's?
>
> Are they actually trunk ('switchport mode trunk') or are they
> access ports?
>
> If they're trunk, then I think VLAN-based QoS is out of the
> question, and you're back to policing it on the egress interface.
> But if I understand you're setup correctly, that all sounds like
> a perfectly fine solution.
>
> -A
>
>

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list