4. Bandwidth Limitations on Individual VLANs

Bandwidth Limitations on Individual VLANs

  • T

    Hello.  I'm not entirely sure how to go about doing this, so please bear with me as a relative newbie.  I've got multiple VLANs on multiple Interfaces and I'd like to set specific bandwidth limits on each of those VLANs.  Here's basically what I'm trying to achieve when each VLAN tries to reach out to the Internet:

    WAN: 100 Mbps down / 15 Mbps up  (This is what I've got from the ISP, on a good day)

    LAN Interface:  45 Mbps / 10 Mbps (shared limit on all VLANs, such that the total of all VLANs will not exceed this)
    VLAN100  10Mbps downspeed
    VLAN150  10Mbps downspeed
    VLAN200  10Mbps downspeed
    VLAN250  10Mbps downspeed
    VLAN300  5Mbps downspeed

    OPT1 Interface:
    VLAN1020: 1.5 Mbps / 1.5 Mbps strict limit (both internal AND external to internet)
    VLAN1030: 25 Mbps / 10 Mbps (these are the maximum speeds I'd like this to have, however it does not have to be that 100% of the time)

    I'm not really sure how to accomplish this in the Traffic Shaper, can someone give me some pointers?

    0
  • R

    Hi Teward,

    We have a similar setup with one of our sites, and after a bit of messing around this is the setup that seems to work for us -

    Setup "Interface Limits"

    • "VLAN231" limit 50mbps
      – "Default" queue with limit 50mbps
    • "VLAN232" limit 20mbps
      -- "Default" queue with limit 20mbps

    Setup "Limiters"

    • "VLAN231_LIMIT" limit 50mbps
    • "VLAN232_LIMIT" limit 20mbps

    Go to your Firewall Rules, go to VLAN231 and apply the "VLAN231_LIMIT" to the Advanced/Queues/In rule; do the same for VLAN232 and VLAN232_LIMIT rule.

    Apply. You may need to reset your states (depending on how much stuffing around you're doing).

    As our limits are bidirectional, I can't recall which one is the upload and which one is the download limit. But hopefully this should give you a bit of a starting point.

    0
  • Netgate

    Do you want to set, say, a hard limit on VLAN100 of 10Mbps down or do you want the whole 45Mbps available if nobody else is using it? (The latter is harder and I'm not sure if it's even possible using the limiter when multiple interfaces/bandwidth goals are present.)

    If you switch to HFSC you will run into the multi-LAN interface config issues.  See the first part of this post for an brief explanation: https://forum.pfsense.org/index.php?topic=79589.msg434856#msg434856

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy