I’m the chairman of the wiring committee for a hundred-unit condominium, and not a Cisco expert. We have a trio of Cisco Catalyst 3550 switches, connected to an old Cisco 1417 router, connected to a DSL connection which we realize we need to upgrade. Our consultants configured, but did not enable, policing on each switch, so that each owner gets a guaranteed amount of bandwidth; once I enabled it (with mls qos), this seemed to work as documented:
policy-map USER_INGRESS
class ANY
police 32000 8000 exceed-action drop
policy-map USER_EGRESS
class DSCP0
police 96000 24000 exceed-action drop
But we were sold the switches on the basis that rationing would be more flexible when all the bandwidth wasn’t being used up, which this doesn’t seem to do.
Cisco IOS Quality of Service Solutions Command Reference 12.2 seems to suggest that set-dscp-transmit 0 might mark excess packets as best-effort, which I’d hoped would act sensibly at times of low usage. But it looks like this isn’t supported on our switches; trying to enable it gives % Invalid input detected at '^' marker at the beginning of set-dscp-transmit.
I might be able to offer more than just reputation points for hand-holding on followup issues; I’ve got a budget for some consulting hours, and might get approval for ongoing consulting. But for that, since we’ve had some bad experience with previous consultants, and I’m responsible to our directors, you’d need Cisco certification as well as reputation points here, and a public means of verifying your identity and reputation, since at some point I might need to trust you with our passwords.
Best Answer
This strikes me as the wrong way to handle traffic shaping in your environment -- you are effectively limiting an unlimited resource (internal bandwidth - on your local switches) to try to prevent exhausting a limited resource (upstream bandwidth - on your DSL line).
Your router (or barring that, a decent router/firewall appliance like pfSense) should probably be doing the traffic shaping. You can assign each unit/owner an IP or subnet, limiting them to a proportionate share of the total bandwidth but letting them borrow from other queues (See http://www.openbsd.org/faq/pf/queueing.html and read about the "borrow" keyword - handy feature!).
As a bonus if you take this route your more tech-savvy residents can share files with each other at wire speed since the switch ports won't be restricted.
A Cisco expert may be better able to advise you on how to set that up for your environment/hardware, or how to accomplish what you're asking for with your existing hardware if possible.