How to do Speed Limits on Port?

Speed Limits on Port for Cisco 2960 Switches
Through line rate (LR), the total rate of sending packets on an interface can be
limited. LR also uses the token bucket for traffic control. If the limit rate function for
the Cisco 2960 Switches is configured on an interface of the device, all the packets
sent from this interface need to be processed by the token bucket of the LR first. If
there are sufficient tokens in the token bucket, packets are sent; otherwise, packets are
discarded. Unlike traffic policing, LR controls all the packets that pass through an
interface. If the transmission of all the packets needs to be limited, LR is
recommended, because it is easy to implement.

The configurations are shown as below.
switch>
switch>enable
switch# configure terminal
switch(config)#enable secret Cisco
switch(config)# username Ciscoprivilege 15 secret Cisco
switch(config)# service password-encryption
switch(config)# interface vlan1 192.168.1.1
switch(config-if)# ip address
switch(config-if)#no shutdown
switch(config-if)#exit
switch(config)# ip default-gateway 192.168.1.254
switch(config)# interface FastEthernet 0/1
switch(config-if)# description uplink port
1

switch(config-if)# switchport mode trunk
switch(config-if)# speed 1000
switch(config-if)# duplex full
switch(config-if) interface range fastEthernet 0/2 -24
switch(config-if-range)#shutdown
switch(config)#no ip http server
switch(config)#line vty 0 4
switch24(config-line)# login local
switch(config)# service timestamps debug datetime
switch(config)# service timestamps log datetime
switch#vlan database
switch (vlan)#vtp transparent
switch#clock set hh:mm:ss
switch#copy running-config startup-config
switch (config)#ip access-list standard name
Switch (config-std-nacl)# permit any
Switch (config)#class-map name
Switch (config-cmap)#match access-group name name
Switch (config)#policy-map name
Switch (config-pmap)#class name
Switch (config-pmap-c)#police 3000000 100000 exceed-action drop
Switch (config)#interface range fastEthernet 0/1 – 24
Switch (config-if)#service-policy input name
Switch (config) #mls qos
Switch(config-if )switchport port-security mac-address MAC
Switch(config-if )no switchport port-security mac-address MAC

Speed Limits on Port for Cisco 3560 Switches
Network status
Connect PC1 to the Cisco 3560 F0 / 1, the rate of 1M
Connect PC2 to the Cisco3560 F0 / 2, the rate of 2M
G0 / 1 of Cisco3560 is for exit
The specific configuration procedure
Note: Every interface in every direction can only support one policy while one policy
can be used for multiple interfaces. Thus the download rate limitation of all PC should
be defined in the same policy (policy-map user-down is for this example), while the
PC is defined to distinguish different rates in Class-map respectively.
1. Start QOS on the switch

Switch(config)#mls qos //Start QOS on the switch
2

2. Define PC1 (10.10.1.1) and PC2 (10.10.2.1) access control list respectively

Switch(config)#access-list
flow
Switch(config)#access-list
downward flow
Switch(config)#access-list
flow
Switch(config)#access-list
downward flow

10 permit 10.10.1.0 0.0.0.255

//Control PC1 upward

100 permit any 10.10.1.0 0.0.0.255
11 permit 10.10.2.0 0.0.0.255

//Control PC1

//Control PC2 upward

111 permit any 10.10.2.0 0.0.0.255

//Control PC2

3. Bind the class together with the defined access control lists mentioned above

Switch(config)# class-map user1-up
//Define upward class of PC1, and bind
the access list 10
Switch(config-cmap)# match access-group 10
Switch(config-cmap)# exit
Switch(config)# class-map user2-up
Switch(config-cmap)# match access-group 11 //Define upward class of PC2, and
bind the access list 10
Switch(config-cmap)# exit
Switch(config)# class-map user1-down
Switch(config-cmap)# match access-group 100 //Define downward class of PC2, and
bind the access list 100
Switch(config-cmap)# exit
Switch(config)# class-map user2-down
Switch(config-cmap)# match access-group 111 //Define downward class of PC2, and
bind the access list 111
Switch(config-cmap)# exit
4. Define the policy and bind the class defined above to this policy

Switch(config)# policy-map user1-up
//The upward rate of PC1 is defined as
1M
Switch(config-pmap)# class user1-up
Switch(config-pmap-c)# trust dscp
Switch(config-pmap-c)# police 1024000 1024000 exceed-action drop
Switch(config)# policy-map user2-up
//The upward rate of PC2 is defined as
2M
Switch(config-pmap)# class user2-up
Switch(config-pmap-c)# trust dscp
Switch(config-pmap-c)# police 2048000 1024000 exceed-action drop
Switch(config)# policy-map user-down
Switch(config-pmap)# class user1-down
Switch(config-pmap-c)# trust dscp
Switch(config-pmap-c)# police 1024000 1024000 exceed-action drop
3

Switch(config-pmap-c)# exit
Switch(config-pmap)# class user2-down
Switch(config-pmap-c)# trust dscp
Switch(config-pmap-c)# police 2048000 1024000 exceed-action drop
Switch(config-pmap-c)# exit
5. Use policy to the interface

Switch(config)# interface f0/1
Switch(config-if)# service-policy input user1-up
Switch(config)# interface f0/2
Switch(config-if)# service-policy input user2-up
Switch(config)# interface g0/1
Switch(config-if)# service-policy input user-down
More related topics
Cisco Switch Configuration Commands
Cisco Catalyst 2960-X Hardware Description
Cisco 2960 Basic Configuration VLAN Configuration
Configuring the Cisco Switch with the CLI Based Setup Program
Cisco SFP Transceivers Supported by Cisco 2960 Series Switches
More Cisco products and Reviews you can visit: http://www.3anetwork.com/blog

3Anetwork.com is a world leading Cisco networking products supplier, we supply original
new Cisco networking equipments, including Cisco Catalyst switches, Cisco routers,
Cisco firewalls, Cisco wireless products, Cisco modules and interface cards products at
competitive price and ship to worldwide.
Our website: http://www.3anetwork.com
Telephone: +852-3069-7733
Email: info@3Anetwork.com
Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong

4