We had a recent scenario where two different customers in the same building shared the same Cisco 3550. Now I can hear you saying – but 3550’s are defunct! – well yes they are, but at the same time there are plenty out there still…
So anyway the two customers had two different bandwidth requirements, and they shared the same upstream link. Customer A needed to be capped at 15mbps and customer B needed to be capped at 25mbps. Well I thought, should be fairly straightforward – I’ll configure a policy map and I’ll be done in half and hour.
Yeah well, that was the idea. It didn’t work so as a last resort I hit Cisco’s web site and found this document:
http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml
Bingo! (I thought) I’ll just follow this and it’ll all work fine and dandy. Did it work? Did it bananas!
At this point my head was starting to fizz! Scouring Google revealed various no luck losers like myself trying to get the solution to work. Eventually I stumbled on some CCIE notes that stated something to the effect of “the DSCP bit has to change internally on the switch for QoS to work” – hmm, what the heck I’ll give it a go, and if Bob’s not your uncle, it worked – phew!
One caveat thought – this is inbound rate-limiting. If I can get outbound working (on the same device) without my head exploading I’ll let you know.
Here’s the config:
mls qos ! class-map match-all ip-in match access-group 100 class-map match-all ip-out match ip dscp 1 ! policy-map capped-15mbps class ip-out police 15000000 2000000 exceed-action drop policy-map capped-25mbps class ip-out police 25000000 2000000 exceed-action drop policy-map ip-in class ip-in set ip dscp 1 ! interface FastEthernet0/1 description upstream WAN port no switchport ip address x.x.x.x 255.255.255.252 no ip redirects no ip proxy-arp no ip mroute-cache load-interval 30 service-policy input ip-in hold-queue 200 in hold-queue 200 out ! interface FastEthernet0/2 description Local port connected to customer A (capped at 15mbps) no switchport ip address x.x.x.x 255.255.255.248 no ip redirects no ip proxy-arp no ip mroute-cache load-interval 30 service-policy output capped-15mbps ! interface FastEthernet0/3 description Local port connected to customer B (capped at 25mbps) no switchport ip address x.x.x.x 255.255.255.248 no ip redirects no ip proxy-arp no ip mroute-cache load-interval 30 service-policy output capped-25mbps ! access-list 100 permit ip any any
The Traceroute Blog 