how to limit the bandwidth of a VLAN
Freshman Member
Hi, I have one more question. One of my WANs has a speed of 500Mb Full Duplex, and I would like 100Mb of that speed to be directed to a specific VLAN. How can I do this on the USG Flex 200?
All Replies
-
I've tried everything, and it doesn't work. They said I needed to create a rule in object/address/GeoIP, but that didn't work either. I need to resolve this issue because I need to limit the bandwidth for my VLANs.
0 -
1- I have this VLAN40 for example. Would the configuration be the same in this part?
2 - in BWM, editing vlan40, what do I need to change in these options so that its bandwidth is 50Mb?
3- In address/Geo ip, do I need to create this rule?
I've tried everything and I can't limit the download and upload bandwidth of the VLANs. If anyone can help me, I'd be very grateful.
0 -
Hi @Gel,
From the second screenshot you shared, if your goal is to allow the traffic between VLAN40 and the WAN and limit the speed to 100 Mbps, you will need to adjust the BWM (Bandwidth Management) settings.
Specifically, the Outgoing Interface should be set to the desired WAN, and the Guaranteed Bandwidth should be configured as 100,000 kbps.
Zyxel Tina
0 -
The way in which the BWM works and the Guaranteed Bandwidth is based on interface Egress limiting
Before we begin I recommand this option by SSH
configure terminal
bwm control-tcp-ack
writeSo let say you have a LAN and VLAN subnet and you don't set any interface Egress limiting but use BWM I'm guessing this is download speed?
So
incoming VLAN40
outgoing WANSo this is when VLAN40 makes outgoing connections to WAN
inbound is download
outbound uploadand enter your speed if it needs to be Guaranteed and check maximize bandwidth for extra speed if available or set maximum box as Guaranteed speed for limiting
so with that rule in place if VLAN download at 100Mb can LAN affect the VLAN Guaranteed download speed and the answer is YES! To which your rate limit is determined by your ISP rate limiting of 500Mb
So how do stop that so that Guaranteed download speed is for VLAN meet well download speed has a interesting where if you rate limit at 500Mb you would think the USG then handles it but no because your ISP rate limit you at 500Mb meaning the USG does not fully handle the speed so how do you stop this? The only way is the rate limit less then your ISP rate limit and finding the balance of limit too much and not enough can be a art. but upload limit does not have this problem but you limit like -1Mb less then your ISP rate limit
But this only works if you Egress rate limit on one interface then you have the problem of that interface rate limits for all traffic on that interface which may or may not be a problem.
So back to you have 500Mb download limit and you have two subnet LAN and VLAN on VLAN40 interface where its got Egress bandwidth you limit at 100Mb along with your BWM rule to Guaranteed speed then on the other LAN subnet for interface Egress bandwidth you limit at say 380Mb~
Now when LAN subnet tries to be greedy when downloading it can't due to your total download bandwidth is being limited by USG and the BWM rule insures 100Mb to VLAN
the priority setting are another thing and how they work with maximize bandwidth usage option so best to use 7 for now.
0 -
Hi guys, I haven't been able to get it to work yet and I don't understand it. Let me give you more details.
1- I have two WANs coming into the Flex 200 firewall, UMTELCOM and SMARTLINK. Each of them provides 500Mb Full Duplex speeds.
2- I created several VLANs, and let's take VLAN30 as an example. I need to limit the speed of anyone using VLAN30 to 200Mb.
3- I created a shared BWM rule. The problem is that it's not working. Regarding the priority, it is already marked as 4 in the firewall, should I change it?
4 - In the incoming interface option, what should I select? Should I select WAN1TELECOM, which is where this VLAN30 will receive internet?
5- What should I select for the outgoing interface? What is the correct configuration for these options?
In my configuration I set VLAN30 for outgoing interface and VLAN30 for incoming interface, but this does not limit the speed.
I would like to understand the issue of input interface and output interface.
I really appreciate everyone's patience.
0 -
So your trying to limit the same subnet like PC1 192.168.30.2 and PC2 192.168.30.3 to 200Mb each other? in which cause this will not work their are ways to make it work however.
Unless your trying to limit from LAN to WAN in which case you don't set outgoing a LAN but WAN
0 -
I want to limit the internet coming in from the WAN on the firewall so that everyone connected to the switch via VLAN 30 gets 200 MB. This 200 MB isn't for each person, but for everyone, combined.
0 -
So how it the connection being made? In most cases the client will be making the connection outbound so you need the BWM incoming VLAN and outgoing WAN you then set a limit inbound and outbound Guaranteed of as low as 64 Kbps then set the maximum box with inbound as 204800kbps and outbound the same if needed.
You can also limit the interface on Egress to 204800kbps which is a better option more advanced (but I have not tested but should work) is the use of Per-Source-IP of the VLAN subnet such that if you do interface on Egress to 204800kbps you can make a BWM rule with like incoming VLAN outgoing WAN limit inbound and outbound Guaranteed bandwidth as per source IP and set Maximize Bandwidth Usage as you have limited max inbound by interface on Egress.
0
Master Member
Guru Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 197 Nebula Ideas
- 123 Nebula Status and Incidents
- 6.3K Security
- 483 USG FLEX H Series
- 318 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 46 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 450 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
