Indeed, I believe whilst c3750 support traffic-shaping, the c3550 does  
not.

BTW, instead of assigning a /30 per user as wasting 75% of your IP  
address space, try looking that the 'private vlan' IOS command, which  
should allow you to use much bigger subnets and still control the user- 
user traffic.

/Pete






On 14 Dec 2008, at 13:10, Marco Matarazzo wrote:

quoted text
> Hi Justin,
>
> I have an ISP situation where there is about 1000 users sitting  
> behind Cisco
>> 3550 switches.  Each port is 1 user and is configured with an  
>> individual
>> VLAN where each VLAN is assigned a small network subnet and  
>> corresponding
>> DHCP scope.
>>
>> The problem is that it seems (so I have been told) is these 3550's  
>> will not
>> effectively bandwidth limit at the port level.  Incoming bandwith is
>> limited
>> as configured, but outgoing is not.  So, I am looking at a pf  
>> solution but
>> google is not turning up any specific information for such a  
>> situation.
>>
>
> This is not true. It's more tricky, but you can actually limit both  
> inbound
> and outbound at the port level, and it's quite effective too. Of  
> course
> OpenBSD is capable of that too, but for 1000 vlans you'll have to  
> split the
> load across multiple firewalls (or multiple cluster of firewalls)  
> since
> there're hardcoded limits on the number of queues you can create  
> (256 cbqs
> and 64 hfsc if I remember well, it's been discussed in the past  
> however!)
>
> The config for the 3550 is something like this:
>
> Define the class-maps (all-in and all-out are different because of  
> hardware
> limitations)
>
> class-map match-any all-out
>  match ip dscp default
> class-map match-any all-in
>  match access-group 100
>
> Define the policy maps:
>
> policy-map 1mbit-in
>  class all-in
>    police 1024000 192000 exceed-action drop
> policy-map 1mbit-out
>  class all-out
>    police 1024000 192000 exceed-action drop
>
> And apply the policies to the interfaces:
>
> interface FastEthernet0/4
> description CustomerX
> no switchport
> ip address 1.2.3.4 255.255.255.x (or if it's a switchport, just  
> "switchport
> mode access" and then "switchport access vlan x")
> ip rip advertise 3
> no cdp enable
> service-policy input 1mbit-in
> service-policy output 1mbit-out
>
> Also note that this is rate-limiting, not bandwidth shaping, but it  
> may fit
> your requirements!
>
> Cheers,
> ]\/[arco