Wired Intelligent Edge

I am trying to think of a way to create a way of applying an Access-list that would be standard across multiple locations.

***************************************************************************

VLAN25 is standard on many of my network switches.

VLAN 25 is always on the 172.20.0.0/16 subnet.

We have at least 50 locations with VLAN 25.

Each office location has a Class "C" out of the 172.20.0.0/16 subnet.

Hosts on VLAN 25 normally replicate data to the data centers and it can flood out bandwidth.

My manager asked if I could limit traffic ffrom VLAN 25 to 20% of total traffic from 8AM to 5 PM AND he wanted to be able to apply the same ACL on all routers.

OK, that was easy,,I added this ACL & "matched" it on a policy map configured on the router at each office.l

Iip access-list extended FTR-Limit
permit ip 172.20.0.0 0.0.255.255 any time-range FTR
permit ip any 172.20.0.0 0.0.255.255 time-range FTR

The good part of this ACL is that it is standard on each router.

The bad part is that any host VLAN 25 (say 172.20.2.0/24) will use unlimited bandwidth when it transfers files to 172.20.3.0/24.
*********************************

Is there some kind of policy-map ability on the Aruba 2930 switch ?

I want to limit traffic from the Class C  Subnet  on each switch where I have VLAN 25 configured.

permit ip VLAN25 any time-range FTR
permit ip any  time-range FTR

I am trying to think of a way to create a way of applying an Access-list that would be standard across multiple locations.

***************************************************************************

VLAN25 is standard on many of my network switches.

VLAN 25 is always on the 172.20.0.0/16 subnet.

We have at least 50 locations with VLAN 25.

Each office location has a Class "C" out of the 172.20.0.0/16 subnet.

Hosts on VLAN 25 normally replicate data to the data centers and it can flood out bandwidth.

My manager asked if I could limit traffic ffrom VLAN 25 to 20% of total traffic from 8AM to 5 PM AND he wanted to be able to apply the same ACL on all routers.

OK, that was easy,,I added this ACL & "matched" it on a policy map configured on the router at each office.l

Iip access-list extended FTR-Limit
permit ip 172.20.0.0 0.0.255.255 any time-range FTR
permit ip any 172.20.0.0 0.0.255.255 time-range FTR

The good part of this ACL is that it is standard on each router.

The bad part is that any host VLAN 25 (say 172.20.2.0/24) will use unlimited bandwidth when it transfers files to 172.20.3.0/24.
*********************************

Is there some kind of policy-map ability on the Aruba 2930 switch ?

I want to limit traffic from the Class C  Subnet  on each switch where I have VLAN 25 configured.

permit ip VLAN25 any time-range FTR
permit ip any  time-range FTR

That is a fantastic option & I plan to work with it.

My current access list is time based.

Rate limiting only occurs between 8 AM & 5 PM.
I very much appreciate this answer,, but do you know of any way I can apply a rate limit to the VLAN and have the rate limiting be time-based ?

I am trying to think of a way to create a way of applying an Access-list that would be standard across multiple locations.

***************************************************************************

VLAN25 is standard on many of my network switches.

VLAN 25 is always on the 172.20.0.0/16 subnet.

We have at least 50 locations with VLAN 25.

Each office location has a Class "C" out of the 172.20.0.0/16 subnet.

Hosts on VLAN 25 normally replicate data to the data centers and it can flood out bandwidth.

My manager asked if I could limit traffic ffrom VLAN 25 to 20% of total traffic from 8AM to 5 PM AND he wanted to be able to apply the same ACL on all routers.

OK, that was easy,,I added this ACL & "matched" it on a policy map configured on the router at each office.l

Iip access-list extended FTR-Limit
permit ip 172.20.0.0 0.0.255.255 any time-range FTR
permit ip any 172.20.0.0 0.0.255.255 time-range FTR

The good part of this ACL is that it is standard on each router.

The bad part is that any host VLAN 25 (say 172.20.2.0/24) will use unlimited bandwidth when it transfers files to 172.20.3.0/24.
*********************************

Is there some kind of policy-map ability on the Aruba 2930 switch ?

I want to limit traffic from the Class C  Subnet  on each switch where I have VLAN 25 configured.

permit ip VLAN25 any time-range FTR
permit ip any  time-range FTR

That is a fantastic option & I plan to work with it.

My current access list is time based.

Rate limiting only occurs between 8 AM & 5 PM.
I very much appreciate this answer,, but do you know of any way I can apply a rate limit to the VLAN and have the rate limiting be time-based ?

I am trying to think of a way to create a way of applying an Access-list that would be standard across multiple locations.

***************************************************************************

VLAN25 is standard on many of my network switches.

VLAN 25 is always on the 172.20.0.0/16 subnet.

We have at least 50 locations with VLAN 25.

Each office location has a Class "C" out of the 172.20.0.0/16 subnet.

Hosts on VLAN 25 normally replicate data to the data centers and it can flood out bandwidth.

My manager asked if I could limit traffic ffrom VLAN 25 to 20% of total traffic from 8AM to 5 PM AND he wanted to be able to apply the same ACL on all routers.

OK, that was easy,,I added this ACL & "matched" it on a policy map configured on the router at each office.l

Iip access-list extended FTR-Limit
permit ip 172.20.0.0 0.0.255.255 any time-range FTR
permit ip any 172.20.0.0 0.0.255.255 time-range FTR

The good part of this ACL is that it is standard on each router.

The bad part is that any host VLAN 25 (say 172.20.2.0/24) will use unlimited bandwidth when it transfers files to 172.20.3.0/24.
*********************************

Is there some kind of policy-map ability on the Aruba 2930 switch ?

I want to limit traffic from the Class C  Subnet  on each switch where I have VLAN 25 configured.

permit ip VLAN25 any time-range FTR
permit ip any  time-range FTR

I am trying to think of a way to create a way of applying an Access-list that would be standard across multiple locations.

***************************************************************************

VLAN25 is standard on many of my network switches.

VLAN 25 is always on the 172.20.0.0/16 subnet.

We have at least 50 locations with VLAN 25.

Each office location has a Class "C" out of the 172.20.0.0/16 subnet.

Hosts on VLAN 25 normally replicate data to the data centers and it can flood out bandwidth.

My manager asked if I could limit traffic ffrom VLAN 25 to 20% of total traffic from 8AM to 5 PM AND he wanted to be able to apply the same ACL on all routers.

OK, that was easy,,I added this ACL & "matched" it on a policy map configured on the router at each office.l

Iip access-list extended FTR-Limit
permit ip 172.20.0.0 0.0.255.255 any time-range FTR
permit ip any 172.20.0.0 0.0.255.255 time-range FTR

The good part of this ACL is that it is standard on each router.

The bad part is that any host VLAN 25 (say 172.20.2.0/24) will use unlimited bandwidth when it transfers files to 172.20.3.0/24.
*********************************

Is there some kind of policy-map ability on the Aruba 2930 switch ?

I want to limit traffic from the Class C  Subnet  on each switch where I have VLAN 25 configured.

permit ip VLAN25 any time-range FTR
permit ip any  time-range FTR