Rate Limit A Cisco 3560, 3570, 3560E Port
I sometimes use 3560Es as edge routers. This means that I no switchport the interfaces and put IPs on them to connect to customers.
Here on the edge is where I rate-limit a user’s connection speed. On a 3550 this is pretty straight forward, but on a 3560, or a variation of it, this is a little trickier.
One thing of interest is the rate-limit interface sub command itself. This would appear to allow you to limit ingress and egress traffic. It will even allow you to configure the commands…however these commands do absolutely nothing.
Due to the change in interface queueing you will need to use two methods: SRR and service policies.
srr-queue bandwidth limit %
You have to set the bandwidth as a percentage of the link speed. The options are 10-99 percent. This means that if you want a limit less than 10Mb you must set the port’s physical speed to 10 and the duplex to full. You will then have to statically configure the client to 10/full. This, however, only limits the egress traffic.
int fa0/1 srr-queue bandwidth limit 10
We use this to match and limit our ingress traffic.
First, you must enable mls qos on your switch, otherwise your matching won’t work.
Next we define our class map. We have it set to match ip traffic with DSCP set to 0.
1 2 3
class-map match-all rate-limit description Bandwidth Control match ip dscp default
We then create policy maps that have our desired speeds:
1 2 3
policy-map 8meg class rate-limit police 8192000 192000 exceed-action drop
Last we apply this to the interface:
int fa0/1 service-policy input 8meg