topic Rate Limiting on ISP router in Network Access Control https://community.cisco.com/t5/network-access-control/rate-limiting-on-isp-router/m-p/781055#M420791 <P>Hi,</P><P></P><P>We have multiple internal lans/networks sharing a common internet pipe/link terminated on a Cisco router.</P><P></P><P>We have seperate NAT IPs ( Public IPs ) configured for each network to differentiate them from one another outside the firewall.</P><P></P><P>My requirement is like this ,</P><P></P><P>1) I want to do a QOS on my internet router by restricting a maximum of 1 Mb internet bandwidth for each internal network.</P><P></P><P>2) Presently i have configured a rate-limiting command on my interface with a matching ACL.</P><P>!</P><P>interface FastEthernet0/1</P><P> description ### MY ISP facing interface ###</P><P> ip address xxx.xxx.xxx.xxx 255.255.255.252</P><P> rate-limit input access-group 101 1024000 64000 64000 conform-action transmit exceed-action drop</P><P> rate-limit output access-group 102 1024000 64000 64000 conform-action transmit exceed-action drop</P><P></P><P></P><P></P><P>access-list 101 remark ### input ACL 4 BW Cap test for network1 ###</P><P>access-list 101 permit ip any host network1-NAT-IP</P><P>access-list 101 remark ### deny any any ###</P><P>access-list 101 deny ip any any</P><P>access-list 102 remark ### output ACL 4 BW Cap test for network1 ###</P><P>access-list 102 permit ip host network1-NAT-IP any</P><P>access-list 102 remark ### deny any any ###</P><P>access-list 102 deny ip any any</P><P> </P><P></P><P>3) What will happen if i add one more NAT-IP in my rate-limit matching ACL as shown below.</P><P></P><P>access-list 101 remark ### input ACL 4 BW Cap test for network1 ###</P><P>access-list 101 permit ip any host network1-NAT-IP</P><P>access-list 101 remark ### input ACL 4 BW Cap test for network2 ###</P><P>access-list 101 permit ip any host network2-NAT-IP</P><P>access-list 101 remark ### deny any any ###</P><P>access-list 101 deny ip any any</P><P>access-list 102 remark ### output ACL 4 BW Cap test for network1 ###</P><P>access-list 102 permit ip host network1-NAT-IP any</P><P>access-list 101 remark ### input ACL 4 BW Cap test for network2 ###</P><P>access-list 102 permit ip host network2-NAT-IP any</P><P>access-list 102 remark ### deny any any ###</P><P>access-list 102 deny ip any any</P><P></P><P></P><P></P><P>!! a) Will my second network ( network2-NAT-IP) will also have a maximum BW cap of 1 Mb </P><P>!! b) Is so can I add all more QOS needed NAT IPs to this matching ACL.</P><P></P><P>Any help regarding the same is appreciated</P> Sun, 10 Mar 2019 22:09:03 GMT rajakumar.P 2019-03-10T22:09:03Z Rate Limiting on ISP router https://community.cisco.com/t5/network-access-control/rate-limiting-on-isp-router/m-p/781055#M420791 <P>Hi,</P><P></P><P>We have multiple internal lans/networks sharing a common internet pipe/link terminated on a Cisco router.</P><P></P><P>We have seperate NAT IPs ( Public IPs ) configured for each network to differentiate them from one another outside the firewall.</P><P></P><P>My requirement is like this ,</P><P></P><P>1) I want to do a QOS on my internet router by restricting a maximum of 1 Mb internet bandwidth for each internal network.</P><P></P><P>2) Presently i have configured a rate-limiting command on my interface with a matching ACL.</P><P>!</P><P>interface FastEthernet0/1</P><P> description ### MY ISP facing interface ###</P><P> ip address xxx.xxx.xxx.xxx 255.255.255.252</P><P> rate-limit input access-group 101 1024000 64000 64000 conform-action transmit exceed-action drop</P><P> rate-limit output access-group 102 1024000 64000 64000 conform-action transmit exceed-action drop</P><P></P><P></P><P></P><P>access-list 101 remark ### input ACL 4 BW Cap test for network1 ###</P><P>access-list 101 permit ip any host network1-NAT-IP</P><P>access-list 101 remark ### deny any any ###</P><P>access-list 101 deny ip any any</P><P>access-list 102 remark ### output ACL 4 BW Cap test for network1 ###</P><P>access-list 102 permit ip host network1-NAT-IP any</P><P>access-list 102 remark ### deny any any ###</P><P>access-list 102 deny ip any any</P><P> </P><P></P><P>3) What will happen if i add one more NAT-IP in my rate-limit matching ACL as shown below.</P><P></P><P>access-list 101 remark ### input ACL 4 BW Cap test for network1 ###</P><P>access-list 101 permit ip any host network1-NAT-IP</P><P>access-list 101 remark ### input ACL 4 BW Cap test for network2 ###</P><P>access-list 101 permit ip any host network2-NAT-IP</P><P>access-list 101 remark ### deny any any ###</P><P>access-list 101 deny ip any any</P><P>access-list 102 remark ### output ACL 4 BW Cap test for network1 ###</P><P>access-list 102 permit ip host network1-NAT-IP any</P><P>access-list 101 remark ### input ACL 4 BW Cap test for network2 ###</P><P>access-list 102 permit ip host network2-NAT-IP any</P><P>access-list 102 remark ### deny any any ###</P><P>access-list 102 deny ip any any</P><P></P><P></P><P></P><P>!! a) Will my second network ( network2-NAT-IP) will also have a maximum BW cap of 1 Mb </P><P>!! b) Is so can I add all more QOS needed NAT IPs to this matching ACL.</P><P></P><P>Any help regarding the same is appreciated</P> Sun, 10 Mar 2019 22:09:03 GMT https://community.cisco.com/t5/network-access-control/rate-limiting-on-isp-router/m-p/781055#M420791 rajakumar.P 2019-03-10T22:09:03Z Re: Rate Limiting on ISP router https://community.cisco.com/t5/network-access-control/rate-limiting-on-isp-router/m-p/781056#M420792 <HTML><HEAD></HEAD><BODY><P>a) Your second network would also have the same set of parameters. </P><P></P><P>b) You can more networks.</P><P></P><P>-Hoogen</P><P></P><P>Do rate this post if it helps <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Wed, 09 May 2007 05:23:42 GMT https://community.cisco.com/t5/network-access-control/rate-limiting-on-isp-router/m-p/781056#M420792 hoogen_82 2007-05-09T05:23:42Z