How to Limit Bandwidth on Cisco Interface

by

In this guide, I’ll show you how to limit the bandwidth on a Cisco interface.

This will work for a Cisco switch or router.

There are two ways you can limit the bandwidth:

  • Option 1: Limit bandwidth using srr-queue bandwidth command (easy)
  • Option 2: Limit bandwidth using QoS policy-map (hard but more flexible).

When implementing either option it helps to have a network bandwidth monitor program so you can test the bandwidth usage in real-time. I’ll show you a free and simple tool I use in the examples below.

Tip: I recommend testing this in a lab or in a non-production environment. You need to get the settings and desired results right before applying to a production network.

I’ll be using the below topology in this guide.

Option 1: Limit Interface Bandwidth using srr-queue bandwidth command

This option is easy to implement but it can only be applied to a physical interface and only applies in the egress (outbound) direction. So it can have limited use cases.

With the srr-queue bandwidth command, you limit the bandwidth based on the percentage of the port speed. For example, I have a 1 gig interface and I want to limit the bandwidth to 100MB, so that is 10 percent of the port speed.

Step 1: Enter global configuration mode 

configure terminal

Step 2: Enter interface configuration mode

I’m changing to interface gi0/2

interface gi0/2

Step 3: Change port speed

I want to limit the 1gig interface to use only 10 percent of the bandwidth. 

srr-queue bandwidth limit 10

Here is a screenshot of the commands entered on my switch.

Now, I’ll test the bandwidth usage by using the iPerf command. This is a free tool you can use to test the bandwidth between two systems. It shows the bandwidth usage in real-time.

In the below screenshot, I’m sending data from PC1 (192.168.40.2) to PC2 (192.168.40.3). You can see it is using all available bandwidth (no limits).

Here is the screenshot after limiting the bandwidth to 10 percent of the port speed. You can see the command is indeed limiting the bandwidth as it is not using more than 100 Mbps.

Remember the srr-queue bandwidth command only limits the bandwidth in the interface egress (direction). A simple way to picture this is ingress is traffic entering a device and egress is traffic exiting a device.

Option 2: Limit Interface Bandwidth using Cisco Policy Map

This option is a little more complicated to implement but is far more flexible. With this option, you can limit bandwidth based on a host, IP address, or subnet. In this example, I’m going to limit the bandwidth when computer PC1 (192.168.40.2) sends to 192.168.40.3. When PC1 sends to any other destination there is no bandwidth limit.

Step 1: Enable QoS

QoS must be enabled on your device. To enable QoS globally use this command:

mls qos

Step 2: Create an Access list

The access list should list the IPs and subnets you want to limit bandwidth for. In this example, I’m going to limit the bandwidth to IP 192.168.40.3. I’ve named the access list ACL_10MB, here are the commands

Extended IP access list ACL_10MB
permit ip host 192.168.40.3 any
permit ip any host 192.168.40.3

Step 3: Create a Class Map

I’m going to call my class map “class_10MB” then you tell it to match on the ACL created in step 2. 

class-map class_10MB
match access-group name ACL_10MB

Step 4: Create a Policy Map

Create a policy map, point it to the class map created in step 3 then define the bits per second. 

policy-map policy_10MB
class class_100MB
police 10000000 1000000 exceed-action drop

The first bit is the bits per second and the 2nd is the normal burst bytes. You can see the command line options using ? at any command.

Step 5: Apply the policy to an interface

I’m limiting the bandwidth from 192.168.40.2 to 192.168.40.3 so I’ll apply this policy to port gi0/1. This will limit the bandwidth to PC2 but does not throttle bandwidth to other destinations. 

interface gi02
service-policy input policy_10MB

Now I’ll use iperf to test.

First I’ll send data from PC1 to 192.168.40.4

No bandwidth limits, I’m able to send using all available bandwidth.

Now I’ll send data to 192.168.40.3

The policy map kicks in and the bandwidth is limited to 10MB. Pretty cool right?

There you go, I just showed you two options for limiting the bandwidth on a Cisco switch or router interface. Some Cisco models will have limitations for example on a 2960x you cannot apply these policies to an SVI (VLAN interface). QoS is a complex topic with many configuration options so you may need to look up the Cisco documentation for your model of switch or router. I’ll link to some resources below.

Resources

Recommended Tool: SolarWinds Network Performance Monitor (NPM)

SolarWinds NPM is a powerful and easy-to-use software that can help you monitor, troubleshoot, and optimize your network performance.

Reduce network downtime, monitor network performance and availability, discover and map your network devices, analyze network capacity and hardware health, and much more.

You can start a free trial of NPM today and see for yourself how it can help you monitor your network more effectively. Just click on the link below to download NPM and get started.

Download Free Trial