In this guide, I’ll show you how to limit the bandwidth on a Cisco interface.
This will work for a Cisco switch or router.
There are two ways you can limit the bandwidth:
- Option 1: Limit bandwidth using srr-queue bandwidth command (easy)
- Option 2: Limit bandwidth using QoS policy-map (hard but more flexible).
When implementing either option it helps to have a network bandwidth monitor program so you can test the bandwidth usage in real-time. I’ll show you a free and simple tool I use in the examples below.
Tip: I recommend testing this in a lab or in a non-production environment. You need to get the settings and desired results right before applying to a production network.
I’ll be using the below topology in this guide.
Option 1: Limit Interface Bandwidth using srr-queue bandwidth command
This option is easy to implement but it can only be applied to a physical interface and only applies in the egress (outbound) direction. So it can have limited use cases.
With the srr-queue bandwidth command, you limit the bandwidth based on the percentage of the port speed. For example, I have a 1 gig interface and I want to limit the bandwidth to 100MB, so that is 10 percent of the port speed.
Step 1: Enter global configuration mode
Step 2: Enter interface configuration mode
I’m changing to interface gi0/2
Step 3: Change port speed
I want to limit the 1gig interface to use only 10 percent of the bandwidth.
srr-queue bandwidth limit 10
Here is a screenshot of the commands entered on my switch.
Now, I’ll test the bandwidth usage by using the iPerf command. This is a free tool you can use to test the bandwidth between two systems. It shows the bandwidth usage in real-time.
In the below screenshot, I’m sending data from PC1 (192.168.40.2) to PC2 (192.168.40.3). You can see it is using all available bandwidth (no limits).
Here is the screenshot after limiting the bandwidth to 10 percent of the port speed. You can see the command is indeed limiting the bandwidth as it is not using more than 100 Mbps.
Remember the srr-queue bandwidth command only limits the bandwidth in the interface egress (direction). A simple way to picture this is ingress is traffic entering a device and egress is traffic exiting a device.
Option 2: Limit Interface Bandwidth using Cisco Policy Map
This option is a little more complicated to implement but is far more flexible. With this option, you can limit bandwidth based on a host, IP address, or subnet. In this example, I’m going to limit the bandwidth when computer PC1 (192.168.40.2) sends to 192.168.40.3. When PC1 sends to any other destination there is no bandwidth limit.
Step 1: Enable QoS
QoS must be enabled on your device. To enable QoS globally use this command:
Step 2: Create an Access list
The access list should list the IPs and subnets you want to limit bandwidth for. In this example, I’m going to limit the bandwidth to IP 192.168.40.3. I’ve named the access list ACL_10MB, here are the commands
Extended IP access list ACL_10MB permit ip host 192.168.40.3 any permit ip any host 192.168.40.3
Step 3: Create a Class Map
I’m going to call my class map “class_10MB” then you tell it to match on the ACL created in step 2.
class-map class_10MB match access-group name ACL_10MB
Step 4: Create a Policy Map
Create a policy map, point it to the class map created in step 3 then define the bits per second.
policy-map policy_10MB class class_100MB police 10000000 1000000 exceed-action drop
The first bit is the bits per second and the 2nd is the normal burst bytes. You can see the command line options using ? at any command.
Step 5: Apply the policy to an interface
I’m limiting the bandwidth from 192.168.40.2 to 192.168.40.3 so I’ll apply this policy to port gi0/1. This will limit the bandwidth to PC2 but does not throttle bandwidth to other destinations.
interface gi02 service-policy input policy_10MB
Now I’ll use iperf to test.
First I’ll send data from PC1 to 192.168.40.4
No bandwidth limits, I’m able to send using all available bandwidth.
Now I’ll send data to 192.168.40.3
The policy map kicks in and the bandwidth is limited to 10MB. Pretty cool right?
There you go, I just showed you two options for limiting the bandwidth on a Cisco switch or router interface. Some Cisco models will have limitations for example on a 2960x you cannot apply these policies to an SVI (VLAN interface). QoS is a complex topic with many configuration options so you may need to look up the Cisco documentation for your model of switch or router. I’ll link to some resources below.
- Cisco QoS Policing and Shaping Configuration Guide
- Limiting the bandwidth on an Egress Interface – Cisco Documentation example for 2960
- Qos Bandwidth Limit – Examples from Cisco Community