Cisco 2950t - Throttling Bandwidth

CoXeY · 4 Apr 2006 at 13:24

Afternoon all,

I'm not to hot on the Cisco side of things but I have a requirement to trottle the bandwidthing going through several ports of a Cisco 2950t switch. I believe this is possible but have no idea how to do it

Can anyone point me in the right direction on how i go about setting this up?

Cheers
Dan.

V-Spec · 4 Apr 2006 at 15:51

CoXeY said:
Afternoon all,

I'm not to hot on the Cisco side of things but I have a requirement to trottle the bandwidthing going through several ports of a Cisco 2950t switch. I believe this is possible but have no idea how to do it

Can anyone point me in the right direction on how i go about setting this up?

Cheers
Dan.

Hi Cisco 2950s support ingress policing, classification and marking at Layer3. To do it do the following.

To limit traffic going into a switchport.

1.> Create an extended access-list with the source and destination networks or host for which you wish to police traffic, eg

(access-list 101 permit ip 10.10.10.0 0.0.0.255 any) covers all hosts on the 10.10.10.0/24 subnet, going to any destination.

2.> Use cisco MQC to create a class map, to classify the traffic you wish to police

From global config issue the command "class-map match-all <name>"
This will then take you into c-map configuration, next use the match command and enter the number of the access list you created in step 1.
so it looks something like this.

(config)#class-map match-all test
(config-cmap)#match access-group 101

Next you need to create a policy map to specify what policy you wish to apply to the traffic, to create a policy map, do the follwing.
From global config, type the command "policy-map <test>"
then specify the class map you created in step 2 by entering "class <name"
Then you need to specify what to do with the traffic, in this case you want to rate limit traffic so "policing" will do this. use the police command to define what rate of bandwidth you wish to limit the traffic to, from 1-1000Mbps in 1Mb increments, you also need a burst size or it won't work.. see below example

policy-map test1
class test
police 1000000 8192 exceed-action drop

the 1000000 specifies 1Mbps the 8192 specifies the burst bytes, and the exceed action specifies what you do with traffic which exceeds the burst, so in this case traffic which is 1000000+8192kbps will be dropped.

Then you need to apply the policy map to an interface, 2950s support ingress queueing and scheduling only, to do this enter if-config mode and enter the following command:

service-policy input test1

This will then enable the policy map on the interface, because you can only limit traffic coming into an interface, it may be required to create a second class map and policy map for traffic going back to the host through the uplink port, using a reversed ACL. If you want to do ingress queueing and egress queueing on the same switch, you need at least a 3550.

CoXeY · 4 Apr 2006 at 19:34

Thanks for your comprehensive reply!

It's gonna take me a week to digest it but rest assured I'll put it to good use

First I'm gonna get another 2950 switch in so i can muck around without affecting live connectivity...

Dan.

V-Spec · 4 Apr 2006 at 20:01

CoXeY said:
Thanks for your comprehensive reply!

It's gonna take me a week to digest it but rest assured I'll put it to good use First I'm gonna get another 2950 switch in so i can muck around without affecting live connectivity...

Dan.

All modern Cisco stuff supports MQC (Modular quality of service) which allows easy configuration of qos features, the great thing about it, is its all completed in 3 easy steps..

1.> configure a class map to classify traffic, based on an ACL or IP specific value (DSCP, IP precedence)

2.> configure a policy map to define what you want to do with the traffic matched by the class map, (police, mark dscp etc)

3.> assign a policy map to an interface,

obviously there are many options you can configure and many ways you can implement it.

CoXeY · 9 Feb 2007 at 16:04

Wow i've only just got round to looking at this again which indicates the lead time on my todo list currently 10 months! :eek:

Anyway...

V-Spec, if you are still around i would be very much greatful for you support.

I have a brand new Cisco 2950t switch sitting in front of me and already i'm stuck a step 1! LOL :rolleyes:

From what i can tell "access-list 101 permit ip 10.10.10.0 0.0.0.255 any" is not a valid command?! Any ideas?!

Any help here guys is really gonna be appreciated - thanks.

growse · 9 Feb 2007 at 16:20

You sure you're in config mode?

CoXeY · 9 Feb 2007 at 16:32

Thanks for the reply, unfortunately i don't think what V-Spec is suggesting is possibile on this switch.

From what i can tell you need the Enhanced Image IOS installed to use ingress policing and i do not believe this is what we have.

For what it's worth I am using "conf t" to enter configuration mode and then entering "access-list 101 permit ip 10.10.10.0 0.0.0.255 any". This then returns the following error:

% Invalid input detected at access-list 101 permit ip 10.10.10.0 0.0.0.255 any
^

Dan.