Rate Limiting Cisco 6509/PIX 535

[hobbes80]

I have a 6509 with a Supervisor 2 module and a PIX firewall module. I need to rate-limit the GBIC ports on the supervisor module to keep from bursting beyond our CIR. Basically my two front-end ports are on the same VLAN and they are set in the firewall to be failover ports. I'm somewhat of a CISCO newbie, thought that "bandwidth" would do it, but it appears to be a labeling tool.

Any ideas? I need a solution before traffic starts ramping up around 6pm tonight, so the sooner the better, thanks!!
-Andrew

 

[ADB100]

I assume you are running Native IOS on your 6500 (since you stated 'Bandwidth'). You need to create a Service-Policy and apply it outbound on these ports.

acces-list 1 permit any
!
class-map ANY
match access-group 1
!
policy-map POLICE-10Mbps
class ANY
police flow 10000000 8000 conform transmit exceed-action drop
!
interface gigabitethernet1/1
service-policy output POLICE-10Mbps


This will drop any traffic that exceeds 10Mbps, this is a bit drastic but should work. You can do other things such as enable Weighted RED for different traffic types so that you can be more granular with what is and isn't dropped etc.

It is probably worth you having a read of some of the QoS documentation on CCO.

Andy