0

I have a 6509 with ~1000 user machines in different vlans, I want to allow 10 servers to send as much as they can/want but to limit all client machines from all subnets to have a sending rate limit of 1Mbps with no receiving limitation.

It is worth noting that all my ip addresses are assigned using a DHCP server and there are 1000 of them so I can not write ACLs for every address seperately.

Can any one provide some kind of help please?

Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148
Hosm
  • 53
  • 1
  • 9

1 Answers1

1

If each user is on their own port, Google "cisco rate-limit inbound".

Need fancier? Look into microflow policing and user-based rate limiting.

Paul
  • 779
  • 1
  • 9
  • 18
  • Dear Paul, No as I said there are 1000 user machines and just 10 active ports. hence, users a department share their uplink to this switch. – Hosm Feb 22 '11 at 00:32
  • I have already read the links you've provided. both require me to specify all the flows explicitly requiring 1000's of acls to be written. I need something like IntServ to configure the switch to accept 1Mbps from any IP address regardless of port, vlan, etc. – Hosm Feb 22 '11 at 00:36
  • Dear Hosm, please check again the last example ("Bidirectional UBRL") at bottom of http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd803e5017.html Each student is limited to 1Mb without per-IP ACLs. Only one ACL per direction. You want one direction only, so you will need only one ACL with several permit lines: one for each of your source subnets. If your servers are in the same subnet(s), be sure to deny their host IPs before permitting their subnet(s). I can add an example if you like. – Paul Feb 22 '11 at 01:12
  • Also, Netflow Data Export can interfere w/microflow policing on the 6500, so you may need to choose between them. See https://supportforums.cisco.com/docs/DOC-5630 – Paul Feb 22 '11 at 01:20
  • Thanks Paul, I had not noticed it. Many thanks for your help. – Hosm Feb 22 '11 at 22:29