Search this Blog

Wednesday, August 4, 2010

How can we limit the bandwidth on Cisco router (possible 1800 series)?

We have a router, f0/0 will be for the Internet connection with bandwidth of 30Mbps. Its f0/1 will be connected to a switch for internal networks. This link will be separated to 3 VLANs for 3 internal networks. Is there is a way to guarantee 10Mbps for each VLAN but allow use up to 30Mbps when another two VLANs are not using any Internet bandwidth? We worry about download bandwidth from internet.

The 3 internal networks will all have public IPs and they belong to their own subnets. There won't be NAT/PAT. Is there a sample config. available?


  • The following example polices the inside interface to 30Mbps. It also utilizes a fair queue mechanism so that all subnets are queued equally yet can use the entire purchased rate in the absence of competing traffic.


access-list 101 permit ip any a.a.a.a w.w.w.w ## Subnet A

access-list 102 permit ip any b.b.b.b w.w.w.w ## Subnet B

access-list 103 permit ip any c.c.c.c w.w.w.w ## Subnet C

class-map subnet-a
match access-group 101

class-map subnet-b
match access-group 102

class-map subnet-c
match access-group 103

policy-map subnets
class-map subnet-a
bandwidth percent 33
class-map subnet-b
bandwidth percent 33
class-map subnet-c
bandwidth percent 33

policy-map physical
class class-default
police 30000000 conform-action transmit exceed-action drop
service-policy subnets

int fa0/1
service-policy output physical

  • The parent policy (physical) limits the traffic to 30Mbps. The child policy (subnets) allocates 33% of available bandwidth to each subnet. In this case it should be very close to 10Mbps for each subnet. This is a fair queue mechanism so it will only enforce the 10Mbps limit if all subnets are in contention with each other. If subnet A and B are idle subnet C can take all 30Mbps.
  • A it to the physical interface should affect all traffic traversing that interface; which includes all sub-interfaces. Please click here for an example.
  • If this techniques doesn't support 1800 you could police each sub-interface. This would ensure good service for everyone but leave bandwidth unused and unavailable during idle times.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */