Cisco Switching/Routing :: Inbound And Outbound Per Port Bandwidth Limitation 3560
Feb 21, 2013
I'm intending to purchase a switch for work,and I need to limit the bandwidth of one of the ports to 25 Mbit upload and 25 Mbit download (we have 100/100 Mbit connection and the customer is only paying for 25). I been trying to find information on how this could be "properly" done and what kind of switch I need to buy. As far as I have understood, most L2+ switches support outbound rate limiting, but not inbound, and as I only want the customer to have 25 mbit up and down, I need both.
I been looking at a Cisco Catalyst 3560 switch, and I'm first and foremost wondering if I can limit the inbound AND outbound bandwidth on this switch? Perhaps it can even be done on a simpler, cheaper, switch - as I rather not spend more money then necessary?
Lastly, how to do it, limit the inbound and outbound bandwidth on a single port (perhaps on the above mentioned switch, if possible), to 25 Mbit?
View 3 Replies
ADVERTISEMENT
Mar 17, 2013
I want to configure accesslists on my Catalyst 3750X-switches to protect different VLANs/networks. Any best-practices about inbound versus outbound accesslists? In my head it is more readable and easier to understand the config when accesslists are assigned outbound on the VLAN to protect instead of assigning them inbound on all possible source-VLANs. But of course, from a performance point-of-view it is better to use inbound access-lists to avoid un-necessary routing etc.
View 1 Replies
View Related
Feb 28, 2012
I have a weather station at our high school that needs UDP port 9500 open inbound/outbound to specified IP addresses.
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)57
View 1 Replies
View Related
Oct 20, 2011
I have the following setup:
Cisco 1921 is my core router and connected to it is a 30 Mbit fiberline
VLAN1
VLAN2
Now, the thing is that i want VLAN2 to have a 5 Mbit bandwidth limit to Internet but full speed to VLAN1.
I have played around with Rate limit without success.
I also have access to cisco switches that can limit the bandwidth.
View 23 Replies
View Related
Feb 12, 2012
I have a cisco 2950 switch, connected with 4Mbps of internet and number of users will access the internet. There is no restraction on bandwidth limit for users, if any body use high download the remaining users are facing the slow browsing problems.
So, if i can put a bandwidth limitation for every users the problem will be solved. how to restract the bandwidth on user bases.
View 4 Replies
View Related
Jun 9, 2013
How to rate limit a 3560 inbound and outbound using different QoS methods. I've read about vlan class maps/policy maps, using the rate limit command on the physical interface, using the srr-queue bandwidth command(it's a gig switch so not sure that would work) and marking all packets and then applying QoS. I'm just learning QoS so trying to figure all of this out and find the best way to do things.
Also, I was told to do this because it's not advisable to have a connection to your ISP that is not 10mb or 100mb on a switch, since they are not divisible by 10 and it can cause issues?
View 2 Replies
View Related
Dec 15, 2011
I have a non-cisco router with a public WAN address. This is conencted to a 3750 switch internally. The switch is the default gateway for all VLANs, and the gateway router has static routes back to the 3750. The Router provides NAT, no NAT is done on the switch.My requirement is to port forward port 29 000 so that I can access a server on VLAN4 via this port.
So, I have: Router: Port 29000 map to 192.168.4.1 (Switch VLAN4 address)
The question is, how do I route port 29000 from the 3750 to the server on 192.168.4.42 ? what exactly I should add in order to port forward port 29000 incoming form my router, to my server on 192.168.4.42.
View 17 Replies
View Related
Dec 11, 2012
dont seem to be able to get policing working inbound on a port 3750X v 15.0(2)
Config is below:
ip access-list extended SMB
permit tcp host 192.168.1.14 host 172.16.1.30
permit tcp host 192.168.1.14 host 172.16.1.31
[Code]....
View 6 Replies
View Related
Mar 26, 2013
We have some ASR WAN routers which have a dedicated 400M interface to a remote site.
Servers on our Local network source the data through some firewalls via 10G interfaces, which connects to 4500X WAN switches then to the Routers on 1G links.
The sources are rate limiting the traffic but the routers are periodically dropping packets which I think is mostly due to burstiness in the traffic between as it traverses through from 10G links to 1G then to 400M.
How to setup traffic shaping on the 4500X outbound port to our WAN routers.I'd like to see if we could buffer and smoothe out the traffic as it exits the 4500X WAN switch 1G port to the WAN Routers.
View 1 Replies
View Related
Apr 9, 2013
I have the requirement to assign an asymmetric bandwith limit to each port on a switch (example: 4Mbps downlink, 1Mbps uplink). I've been searching and found the option to apply policers or srr-queue mechanism to achive this, however this only applies for one direction only as far as I know. Catalyst 2960 familiy is preferred, however if this is not possible, will possibly jump to the 3560X family.
View 3 Replies
View Related
Feb 6, 2013
I have 5 linux and 3 Microsoft 2008 Servers, each connected to 2 Cisco 3560 Switches. The 2 Cisco 3560 switches are connected to 2 different Cisco 515e Pix. Is it possible that if i enable Port SPAN in any of the switchport and send a copy of traffic to any of the windows 2008 server, will i be able to monitor the bandwidth of the servers (Here I am only looking for traffic going from servers to PIX and then to internet, also vice versa).
Also will wireshark be able to differentiate specify the bandwidth of each servers seperately ?
View 3 Replies
View Related
Jul 15, 2009
I use WS-C3560G-24TS and try both ios 12.2.50.SE1 and 12.2.46.SE but problem the same. The config as following,
interface GigabitEthernet0/1
no switchport
ip address 1.1.1.2 255.255.255.0
[code].....
but I find the int g0/1 output traffic only can achieve about 500kbps then I try config below,
interface GigabitEthernet0/1
no switchport
[code]....
I find int g0/1 output traffic only can achieve about 5Mbps,but if I change "srr-queue bandwidth limit xx" command xx to 20-90,the int g0/1 can achieve normal traffic bps, for example,
interface GigabitEthernet0/1
no switchport
[code]...
the int g0/1 output can achieve 2Mbps that is correct,just only when limit set to 10%,the traffic only can achieve half of limit bandwidth.
View 5 Replies
View Related
Dec 6, 2012
I have two ISP, I want to divide Inbound to ISP1 and Outbound to ISP2.
View 3 Replies
View Related
Jan 24, 2013
configuring a switch or a router to limit the bandwidth for a specific user/IP when need it. Most of my remote offices are configured like this:
Users ------ 3560 switch ------- 2801 router -------- T1 to NOC -------- 7204 router with channelized DS3
I use Netflow Analyzer for high bandwidth usage alerts and can see the user's IP right away when someone is clogging our T1s. My goal is to be able to temporarily limit the bandwidth of the user taking over the T1. Whatever is best switch config or on the router.
View 2 Replies
View Related
Feb 18, 2013
I have a 3750g connected to a "core" switch stack of 7 other 3750g's via 2 GigE ports in a trunk. This is currently in a switchport mode access port- channel so only the default vlan data is sent over. Now we have a need due to physical location of these switches, to allow vlan20 (DMZ) from this 3750g to the switch stack. I will configure a few ports on the switch stack for vlan20 and they need to be able to talk to the stand alone 3750g.To do this I will change the port channel on both endpoints to
-switchport trunk ecapsulation dot1q
-switchport mode dynamic desirable
also making the appropriate change on the interfaces belonging to this trunk.My question is, now that its a trunk port that carries multiple VLANs, how much is the bandwidth reduced on that 2gbps link?I have a very active VLAN (10) on the stand alone switch, but on the core I'm not going to be assigning VLAN 10 to any ports. So does traffic from VLAN10 even come across the trunk (wasting bandwidth) if no ports on the core side are assigned to it? I really just need vlan 1 and 20 (for now).
View 11 Replies
View Related
Jan 30, 2012
I have an all gigE 3560. I don't use the management FE0 port on the back. I was thinking to use that for a 100Mbps WAN connection.
Seems to work just fine when I plugged in an test. But I am not routing across that link yet as I still need to setup the far end.
Is there any reason this would not work? I would like to not burn a gig port if the max throughput of the circuit is 100Mbps.
View 1 Replies
View Related
Jan 30, 2012
I know I can use the RTR statement to determine when the primary ISP circuit goes down via this technote: url...My question can I assign static Nats on the backup ISP connection to the same inside servers in the dmz.?Example 10.1.1.11 is mapped to ISP1 ExternaIP of 65.217.77.11. Can it 10.1.1.11 also be mapped to ISP2's 208.217.77.11?This way I can get my DNS changed and my inbound traffic to servers in my DMZ on the asa 5510 running 8.0.3 code can continue to receive Inbound traffic.
View 1 Replies
View Related
Nov 20, 2011
I'm running a Cisco ASA 5510 with version 7.2(3) and I've been tasked with permitting some inbound & outbound TCP & UDP ports to/from a specified address space on the internet.
In looking at my current ASA config I see other access lists already configured so I'm assuming I can just set up a new access list in similar fashion, but I wanted to verify here first.
View 6 Replies
View Related
Feb 5, 2013
-I need to configure the following on my PIX:
TCP port 2195 - outbound
-TCP port 2196 - inbound
How would I configure this via ASDM?
View 3 Replies
View Related
Dec 26, 2011
I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.
In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.
My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,
C:UsersSuthakarDocumentsOffice_DocsThakralABC Computers
Final config on ASA5505
host name Cisco
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
!interface Vlan1
nameif inside
security-level 100
ip address 192.168.155.201 255.255.255.0
[Code] ......
View 3 Replies
View Related
May 15, 2012
RV220W - I'm trying to create a one-to-one NAT connection to a PC on my network. I have 5 static IP's assigned by my ISP. I've gone through the step of 'registering' each IP in turn on the WAN port, and pinging that IP from an external device until it starts to respond, then I set the WAN IP back to the one I want to use to manage the device.
I think what I want to do is simple. I simply want to NAT ALL traffic hitting my 2nd IP address, let's call it 24.15.120.73 (not the real value) to 192.168.1.10 internally. I want ALL ports both UDP and TCP to be forwarded. This Server is then going to be one end of a VPN tunnel going to another site, but I don't want to complicate things with that for now. So I can't even seem to get one-to-one NAT working! I created the one-to-one NAT on the Advanced tab of the firewall and created rules for all ports for UDP and TCP, but I can still never 'see' the internal server from the Internet. Also, the server will not get out to the Internet (can't hit Google, etc).
View 2 Replies
View Related
Oct 23, 2012
I am trying to block outbound and inbound traffic on TCP 5222 and 5223 on E2500 but cannot figure out how. The reason is I have kids in my house using KiK (texting app) on iPads, iPods etc. My goal is to eliminate this applications ability to function for ANY wireless device connected to my WLAN.
View 1 Replies
View Related
Jan 31, 2012
I have a 3560 8 port switch. Int gi0/9 is trunked to another switch downstream. When I try to configure int gi0/10 to trunk to a switch upstream the interface on the switch goes down and I have to either reboot the switch or plug directly into the switch and telnet into it to turn off trunking on the interface. When I configure trunking on the interface on the upstream switch that connects to this interface the same happens on that switch. The upstream switch is a 3750 with 12 sfp ports. Several interfaces are trunking to other switches from this switch. Spanning tree is not configured on the 3750 at all , and is not configured on either gi0/10 or gi0/9 on the 3560. I was consoled into the 3560 during a reboot after the interface went down, a message came up that said something like "Spanning Tree returning gigabit ethernet 10 to constant state" Why would I get this message if spanning tree is not enabled on the gig ports on either end of the trunk? There is no loop to require spanning tree to shut down an interface. I have several other 3560's configured as I would like to configure this switch and they are trunking without issue.
View 8 Replies
View Related
Oct 21, 2012
I've just installed 2 of these in my workplace on a PLC network.I'm now looking to set one of the ports up as my diagnostic port and would like to be able to mirror any of the other ports to this port.I believe it is called SPAN on Cisco switches.The only reference I can find to it is configuring via Telnet which I haven't got a clue about.On my old Wiedmuller switches it was just a few clicks away.
View 3 Replies
View Related
Apr 18, 2012
I have a 3560 switch with the following ports config [code] I would like to use theses ports on a different vlan to connect 4 pc's to them. Can I just remove them from the vlan, remove the trunk switchport and set up on the vlan i want them on with no trunking?
View 5 Replies
View Related
May 1, 2013
Our enviornment includes 3560 switches and 2800 routers. We have a few remote offices using an application on TCP port 1677 that use far to much bandwidth. Our WAN provider can throttle and police this for us, if I can TAG this traffic, for example all Traffic from Florida using the Groupwise app on TCP uses TCP port 1677 and I want it tagged with CoS 3.
View 1 Replies
View Related
Jan 3, 2012
I want to implement port-based and MAC-based in these two switches: 2960 & 3560 (both of them have this IOS version: 12.2(55)SE1). And I haven't found a way to implement both of them at the same time. This is what I got:
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
ip dhcp excluded-address 192.168.0.0 192.168.0.2
ip dhcp excluded-address 192.168.0.251 192.168.0.255
[code]....
With this configuration I can use port-based, but not MAC based. If I remove the first two lines and change the last line for this one:
address 192.168.0.7 client-id 0112.ae1d.af58.60
Then, the computer with that MAC address got the correct IP, but then the port-based doesn't work. Also, I got this line in the interface what I want to use MAC-based:
ip dhcp server use subscriber-id client-id
View 3 Replies
View Related
Mar 3, 2012
I am using 3560.IP rouitng is being turned off on this.Curious to know if I will create etherchannel or port channel.I think etherchannel.Correct me if I am wrong.On connecting switches I have vlan10,20,30 to be allowed.I am sure I need to allow these all vlan in 10,20,30 which are on the trunk port on each side switch.Post that will add channel-port lacp and make it in active mode.Is that correct.This way traffic will be load-balanced/aggregated on minimum 2 ports who are the part of this.
View 2 Replies
View Related
Mar 6, 2013
Problem is that at some C65K I have directly connected Unix servers and the don't show MAC address at port, and same has happened at 3560 switched where I have too Unix based equipments connected. When use show mac-address interface XXXX, nothis appears at port and tested them with other equipments that worked fine.
View 2 Replies
View Related
Apr 10, 2012
Assume I had Catalyst 3560X/3750X with 24 ports. The partnumber is WS-C3560X-24P-LI would like to how is the numbering defined if the switches have a C3KX-NM-10G installed with 4 SFP-GE-L.
View 1 Replies
View Related
Sep 21, 2012
We have 7 3560's in 7 different locations connected to our providor for wan access. Our provider has given us a copper cable at each point and we have connected it directly to our 3560 switch at each location. Each port is configured the same way at each location. Each switch is running eigrp.All of the switch ports on each switch are configured as a trunk and vlan 299 had the ip address for the eigrp connection: [code] This setup is working as each switch see's all of the other switches as an eigrp neighbor. We have also made sure that the switch at our head office has spanning tree priority for vlan 299.
So the problem is, if there is a change in the topology at one of the locations it usually causes one or more of the other connections to go down for some reason. We just cannot pinpoint what is causing this change. There are no log's or anything other than an eigrp hold time expired message.?
View 9 Replies
View Related
Jul 10, 2012
I have a pair of 3560's configured with dot1q trunks between them carrying a number of VLANs.
Once deployed there will be a requirement for these physical trunks to be disconnected from time to time. Knowing that this is inevitable I am trying to minimise the period of time for the trunks to recover once the physical connectivity is reinstated.
All of the VLANs on the switches are configured for Spanning Tree Rapid PVST. Current time for the trunks/VLANs to come up is around the 4 second mark.
View 11 Replies
View Related
Sep 18, 2012
I want to configure switch port bandwidth limit for my Catalyst 2960-48, is there any hardware / ios limitation? can I configure it at all 48 switch ports?
View 1 Replies
View Related
