Configuring rate limiting on SVI's??

fonestar1978fonestar1978 Banned Posts: 55 ■■□□□□□□□□
Hello,

First let me apologize if I didn't get this in the right category, but I'm only CCENT level and I believe this is more of a CCNP level issue I'm having. Basically, I'm responsible for getting this network up in the next few days for a major project and thus far have had no luck.

All of our interfaces are on Vlans running through an ethernet trunk. The one I am having trouble with is Vlan 50, the wireless network. No matter what I try on the (stacked)3750-24PS or the 2911 with call manager I cannot get rate-limit to work!

Our network:

(((WAP))) ----vlan50----C3750-24PS---trunk---C2911
>ISP

The wireless users on vlan 50 should only be able to use max 1Mb of our 5mb throughput. Whatever I try though, their up/down speeds are the same as the vlan 30 for management!
I have tried configuring the "rate-limit" command on the C3750 and the C2911 to no effect, ie:

S1(config)# int vlan 50
S1(config-if)# rate-limit input 64000 8000 8000 conform-action drop

(I was just using a lowly 64kb/s for testing purposes and it didn't work).

So I tried the following (on both devices) using policy map and still "show policy-map int fa1/0/3" and it said nothing was qued or dropped while I was clearly downloading from Limewire on Vlan 50 at speeds of 100kB+.

I have tried setting the switchports to "mls qos vlan-based" as well as as auto qos. Nothing seems to work, download speeds far exceed what I tell it to and now I'm shooting in the dark as we get ready to install this network!

Any ideas? I came here because the suggestions are a great help so thanks in advance!

Comments

  • Forsaken_GAForsaken_GA Member Posts: 4,024
    S1(config)# int vlan 50
    S1(config-if)# rate-limit input 64000 8000 8000 conform-action drop

    You do realize that confirming traffic is that which falls within your parameters, and that you've configured this for that traffic to be dropped, right? You probably want

    rate-limit input 64000 8000 8000 conform-action transmit exceed-action drop

    instead

    I suspect it's failing because you weren't doing anything to limit the excess traffic. Try changing the command to that above, run your test again. If it doesn't work, post the output of show int vlan50 rate-limit
  • fonestar1978fonestar1978 Banned Posts: 55 ■■□□□□□□□□
    You do realize that confirming traffic is that which falls within your parameters, and that you've configured this for that traffic to be dropped, right? You probably want

    rate-limit input 64000 8000 8000 conform-action transmit exceed-action drop

    instead

    I suspect it's failing because you weren't doing anything to limit the excess traffic. Try changing the command to that above, run your test again. If it doesn't work, post the output of show int vlan50 rate-limit

    Okay thanks for the help.. here it is:


    R1
    Input
    matches: all traffic
    params: 64000 bps, 8000 limit, 8000 extended limit
    conformed 10230 packets, 851023 bytes; action: transmit
    exceeded 1294 packets, 282489 bytes; action: drop
    last packet: 8ms ago, current burst: 6542 bytes
    last cleared 00:02:14 ago, conformed 50451 bps, exceeded 16747 bps
    Output
    matches: all traffic
    params: 64000 bps, 8000 limit, 8000 extended limit
    conformed 274 packets, 39102 bytes; action: transmit
    exceeded 0 packets, 0 bytes; action: drop
    last packet: 780ms ago, current burst: 0 bytes
    last cleared 00:02:28 ago, conformed 2103 bps, exceeded 0 bps


    So it is matching traffic and my wireless slowed down considerably (just judging from the browser latency). The funny thing is that Limewire will still download at the same old speed while the rest of the wlan is slowed to a halt. This is the very opposite effect we wanted.

    We tried enforcing draconian class-map lists for known p2p protocols and the result was not only did it drop p2p but you couldn't even download a full pdf file from a server. Am I going about this the right way?

    Thanks again for the help I really appreciate it!
  • creamy_stewcreamy_stew Member Posts: 406 ■■■□□□□□□□
    Is there any specific reason you want to do it by vlan?

    For a c2960 I used: (I'm drunk, summary descriptions/abbreviations will follow)


    download:
    srr-queue

    upload:

    create a policy map policing upload bandwidth (keep the burst high, at least 1/10 of actual policy speed (but in bytes, not bps))

    edit: the above refers to port config (+global for the map definitions)

    The 3750 may be able to use policy map shaping/policing on the inbound as well, though, check it out!


    I will get you some examples in a day or two.

    edit2: nevermind. Since you specifically asked for an SVI solution, Um, don't know..
    Itchy... Tasty!
    [X] DCICN
    [X] IINS

    [ ] CCDA
    [ ] DCICT
  • fonestar1978fonestar1978 Banned Posts: 55 ■■□□□□□□□□
    Is there any specific reason you want to do it by vlan?

    For a c2960 I used: (I'm drunk, summary descriptions/abbreviations will follow)


    download:
    srr-queue

    upload:

    create a policy map policing upload bandwidth (keep the burst high, at least 1/10 of actual policy speed (but in bytes, not bps))

    edit: the above refers to port config (+global for the map definitions)

    The 3750 may be able to use policy map shaping/policing on the inbound as well, though, check it out!


    I will get you some examples in a day or two.

    I take it when they mean output they mean:


    [PC]<
    (((WAP)))<---vlan50----C3750--<

    and when they mean in they mean:

    [PC]
    >(((WAP)))--->vlan50----C3750-->

    right?
  • creamy_stewcreamy_stew Member Posts: 406 ■■■□□□□□□□
    the srr-queue would be applied to the switch interface where thw WAP is plugged in. It will limit the download speed of all WCs combined.

    The policy map would also be applied to the switch interface where the WAP connects.
    Itchy... Tasty!
    [X] DCICN
    [X] IINS

    [ ] CCDA
    [ ] DCICT
  • creamy_stewcreamy_stew Member Posts: 406 ■■■□□□□□□□
    I didn't realize this was the CCIP forum.

    I don't know how to do what you want at the SVI level.



    [PC]<
    (((WAP)))<---vlan50----pC3750--<

    and when they mean in they mean:

    [PC]
    >(((WAP)))--->vlan50----pC3750-->


    Correct. The red p is the port where you would apply the configs.
    Itchy... Tasty!
    [X] DCICN
    [X] IINS

    [ ] CCDA
    [ ] DCICT
  • fonestar1978fonestar1978 Banned Posts: 55 ■■□□□□□□□□
    I didn't realize this was the CCIP forum.

    I don't know how to do what you want at the SVI level.



    [PC]<
    (((WAP)))<---vlan50----pC3750--<

    and when they mean in they mean:

    [PC]
    >(((WAP)))--->vlan50----pC3750-->


    Correct. The red p is the port where you would apply the configs.

    okay cool thanks, one step closer to getting this working.. I will let you know how it turns out. Wasn't my decision to do this on SVI's but I have to do it..
  • fonestar1978fonestar1978 Banned Posts: 55 ■■□□□□□□□□
    okay cool thanks, one step closer to getting this working.. I will let you know how it turns out. Wasn't my decision to do this on SVI's but I have to do it..

    Okay, well I just tested it but according to an online speed test I still get 2Mbps down, twice what I want. Remember this is configured both up and down now on the vlan 50 of the C3750. Still is not listening to me...
  • fonestar1978fonestar1978 Banned Posts: 55 ■■□□□□□□□□
    Just confirmed rate-limiting works fine on all the other SVI's when I apply it.

    The real culprit seems to be the Cicso Aironet 1130AG WAP. I just tried reconfiguring the BVI to use the wrong native vlan to test it and it still pings fine. So evidently, the WAP doesn't really care what native vlan I tell it to use and just forwards everything to vlan 30 anyways...
Sign In or Register to comment.