As the core network switch of our company, the CISCO3550 has been running stably for many years, and its functions can also meet our needs. However, its port speed limit function is not as easy to implement as some other switches, fortunately, the implementation method has been found recently. After the configuration is complete, it is verified with the iperf software. The result shows that this method is effective. The specific implementation steps are as follows.
1. Create an ACL
Because this is a layer-3 Switch, although the speed limit is imposed on the port, we also need to consider the network address passed through this port. In this example, we choose to limit the speed of the 22nd port of the CISCO3550 switch, the port belongs to VLAN66 and the IP address segment is 10.66/16. Therefore, you must create an ACL as follows:
3550 # conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550 (config) # access-list 15 permit 10.66.0.0 0.0.255.255
Ii. Create a class-map
3550 # conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550 (config) # class-map dkxs
3550 (config-cmap) # match access-group 15
The main purpose of this step is to create a class-map, which references the previously created ACL 15, so that we can operate port 22 in the future.
3. Create policy-map
For testing purposes, we have created multiple policy-maps and set different limited bandwidths, such as 80 k, 1 m, 5 m, and 10 m, as shown below:
3550 # conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550 (config) # policy-map 80 k
3550 (config-pmap) # class dkxs
3550 (config-pmap-c) # police 80000 8000 exceed-action drop
3550 # conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550 (config) # policy-map 1 m
3550 (config-pmap) # class dkxs
3550 (config-pmap-c) # police 1000000 100000 exceed-action drop
3550 # conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550 (config) # policy-map 5 m
3550 (config-pmap) # class dkxs
3550 (config-pmap-c) # police 5000000 500000 exceed-action drop
3550 # conf t
Enter configuration commands, one per line. End with CNTL/Z.
3550 (config) # policy-map 10 m
3550 (config-pmap) # class dkxs
3550 (config-pmap-c) # police 10000000 1000000 exceed-action drop
Iv. View configuration information
3550 # show run
Policy-map 5 m
Class dkxs
Police 5000000 500000 exceed-action drop
Policy-map 1 m
Class dkxs
Police 1000000 100000 exceed-action drop
Policy-map 80 k
Class dkxs
Police 80000 8000 exceed-action drop
Policy-map 10 m
Class dkxs
Police 10000000 1000000 exceed-action drop
5. Verification through iperf Software
That is, run the iperf server on a server. The command is as follows:
F: \ tools> iperf-s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
Then, apply the policy-map representing different rates on the 22 ports of the switch. Each application runs the iperf client on a laptop connected to port 22 to test the port rate, the results are as follows:
(Switch Settings)
3550 (config-if) # service-policy input 80 k
(IPERF client test results)
F: \ tools> iperf-c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1147 connected with 10.66.66.8 port 5001
[ID] Interval Transfer Bandwidth
[1912] 0.0-12.5 sec 104 KBytes 68.3 Kbits/sec
F: \ tools> iperf-c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1151 connected with 10.66.66.8 port 5001
[ID] Interval Transfer Bandwidth
[1912] 0.0-12.0 sec 104 KBytes 70.8 Kbits/sec
(Switch Settings)
3550 (config-if) # service-policy input 1 m
(IPERF client test results)
F: \ tools> iperf-c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1155 connected with 10.66.66.8 port 5001
[ID] Interval Transfer Bandwidth
[1912] 0.0-10.5 sec 1.08 MBytes 860 Kbits/sec
F: \ tools> iperf-c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1159 connected with 10.66.66.8 port 5001
[ID] Interval Transfer Bandwidth
[1912] 0.0-10.0 sec 1.09 MBytes 910 Kbits/sec
(Switch Settings)
3550 (config-if) # service-policy input 5 m
(IPERF client test results)
F: \ tools> iperf-c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1163 connected with 10.66.66.8 port 5001
[ID] Interval Transfer Bandwidth
[1912] 0.0-10.5 sec 5.84 MBytes 4.67 Mbits/sec
F: \ tools> iperf-c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1167 connected with 10.66.66.8 port 5001
[ID] Interval Transfer Bandwidth
[1912] 0.0-10.7 sec 5.98 MBytes 4.68 Mbits/sec
(Switch Settings)
3550 (config-if) # service-policy input 10 m
(IPERF client test results)
F: \ tools> iperf-c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1171 connected with 10.66.66.8 port 5001
[ID] Interval Transfer Bandwidth
[1912] 0.0-10.1 sec 11.8 MBytes 9.83 Mbits/sec
F: \ tools> iperf-c 10.66.66.8
------------------------------------------------------------
Client connecting to 10.66.66.8, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[1912] local 10.66.123.66 port 1175 connected with 10.66.66.8 port 5001
[ID] Interval Transfer Bandwidth
[1912] 0.0-10.2 sec 12.0 MBytes 9.87 Mbits/sec
To make the test results more accurate, two tests were conducted at each rate. The test results show that the port speed limit has indeed taken effect.
This article is from the "windows1009" blog