[c-nsp] Rate Limit On VLANs 3550

omar parihuana omar.parihuana at gmail.com
Tue Jun 27 17:28:28 EDT 2006


Hi,

I'm going to do rate-limiting also on 3550, but, Is necessary an IOS
Enhanced Image? or with Standard Image is sufficient? also I need
graph with MRTG the traffic per VLAN is possible that? Thanks for your
help.

Rgds.

On 6/27/06, Per Carlson <lists at ip4all.net> wrote:
> On Tue, Jun 27, 2006 at 12:39:41PM +0100, Alex Foster wrote:
> > Trying to configure rate-limiting per VLAN on a 3550 dot1q interface
> > (GigE port) - so that each VLAN using the trunk is allocated a
> > percentage of the bandwidth.
> >
> > Can this be done ??
>
> Sure. The 3550 is a bit tricky though. When doing policing of
> traffic, it handles IP-traffic and NonIP-traffic as two different
> cases. So I you want to be sure *all* traffic is policed, you must
> police both traffic types and use an aggregate-policer.
>
> Here is an quite handy Cisco document that govers the 3550 and
> what you can do with a 3550 regarding policing and marking:
>
> http://www.cisco.com/warp/public/473/153.html
>
> I would suggest the following config in your case:
>
>
>
> ! First some access-list which matches all IP-traffic and all
> ! NonIP-traffic
> ip access-list standard All_IP
>  permit any
> !
> mac access-list extended All_L2
>  permit any any
> !
> !
> ! Create some general class-maps
> class-map All_IP
>  match access-group name All_IP
> !
> class-map All_L2
>  match access-group name All_L2
> !
> !
> ! Each Vlan must have an own class-map for IP resp. NonIP-traffic
> ! Note: 'match Vlan' MUST be configured ahead of 'match class...',
> ! if you do it the other way around, it won't work!!! Doh...
> class-map match-all Vlan100_IP
>  match vlan 100
>  match class-map All_IP
> !
> class-map match-all Vlan100_L2
>  match vlan 100
>  match class-map All_L2
> !
> class-map match-all Vlan110_IP
>  match vlan 110
>  match class-map All_IP
> !
> class-map match-all Vlan110_L2
>  match vlan 110
>  match class-map All_L2
> !
> class-map match-all Vlan20_IP
>  match vlan 20
>  match class-map All_IP
> !
> class-map match-all Vlan20_L2
>  match vlan 20
>  match class-map All_L2
> !
> !
> ! For each Vlan that should be policed, you need an
> ! aggregate-policer
> mls qos aggregate-policer Vlan100  10000000  10000 exceed-action drop
> mls qos aggregate-policer Vlan110  20000000  10000 exceed-action drop
> mls qos aggregate-policer Vlan20  100000000 100000 exceed-action drop
> !
> !
> ! Wrap up all classes and policers into a policy-map
> !
> policy-map rate_limit
>  class Vlan100_IP
>    police aggregate Vlan100
>  class Vlan100_L2
>    police aggregate Vlan100
>
>  class Vlan110_IP
>    police aggregate Vlan110
>  class Vlan110_L2
>    police aggregate Vlan110
>
>  class Vlan20_IP
>    police aggregate Vlan20
>  class Vlan20_L2
>    police aggregate Vlan20
> !
> !
> ! And apply it on the interface
> interface GigabitEthernet0/2
>  service-policy input rate_limit
>
>
> Yes, this is A LOT of config, but it works :)
>
> As you figured out by yourself, 'mls qos' is required and
> 'flowcontrol' must be turned off.
>
> The 3550 aren't my favorite platform when speaking of "QoS", it's
> so picky about everything, and there are plenty of deep pits to
> fall into.
>
> --
> Per Carlson, Sr. Network Developer
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


-- 
Omar E.P.T
-----------------
Certified Networking Professionals make better Connections!


More information about the cisco-nsp mailing list