12-24-2003 08:36 AM - edited 03-02-2019 12:33 PM
Hi,
I'm trying to limit the network bandwidth provided to my web server to be 128Kb instead of having all 512Kb (ADSL. I have read some information about policy-map, traffic-shap but still don't understand how to implement it (or even if it is posible)
this implementation can be implemented either by IP or ports i'm not bottered either way
the web server IP is x.x.x.235
at this time I don't want to touch my smtp server 213.2.27.236 or Private Network controlled by another router running NAT on 213.2.27.234
Below is my config etc.
Please advice on how I can achive this
Thanks in advance
Luke
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C837 Software (C837-K9O3SY6-M), Version 12.2(8)YN, EARLY DEPLOYMENT REL
EASE SOFTWARE (fc1)
Synched to technology version 12.2(11.2u)T
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 30-Oct-02 15:28 by ealyon
Image text-base: 0x800131D8, data-base: 0x8097D1E8
ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)
ROM: C837 Software (C837-K9O3SY6-M), Version 12.2(8)YN, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
Router uptime is 1 week, 1 day, 19 hours, 54 minutes
System returned to ROM by power-on
System image file is "flash:c837-k9o3sy6-mz.122-8.YN.bin"
CISCO C837 (MPC857DSL) processor (revision 0x400) with 29492K/3276K bytes of mem
ory.
Processor board ID AMB071501F4 (2314893168), with hardware revision 0000
CPU rev number 7
Bridging software.
1 Ethernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
128K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)
Configuration register is 0x2102
Router#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#show
Building configuration...
Current configuration : 3246 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
logging buffered 4096 informational
enable secret xxxxxxx/
!
username Router password xxxxx
username CRWS_Bijoy privilege 15 password xxxxxx
xxxxx
ip subnet-zero
ip name-server 194.119.131.65
ip name-server 194.119.131.66
!
ip inspect name myfw cuseeme timeout 360
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
!
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:x.x.x.233-255.255
.255.248
ip address x.x.x.x 255.255.255.248 secondary
ip address 10.10.10.1 255.255.255.0
ip access-group 122 out
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
dsl power-cutback 0
!
interface Dialer1
ip address x.x.x.x 255.255.255.0
ip access-group 111 in
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password xxxxxxx
ppp pap sent-username lukesmithadsl.vianw.co.uk@vianw.co.uk password xxxxxxxxx
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
!
!
access-list 111 permit tcp any any eq telnet
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit gre any any
access-list 111 permit tcp any any eq 6500
access-list 111 permit udp any any eq 6500
access-list 111 permit udp any any eq 6700
access-list 111 permit tcp any any eq 6700
access-list 111 permit tcp any any eq 3074
access-list 111 permit udp any any eq 3074
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq ftp-data
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit tcp any any eq 87
access-list 111 permit tcp any any eq 84
access-list 111 permit tcp any any eq 3389
access-list 111 permit tcp any any eq 1723
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq non500-isakmp
access-list 111 permit udp any any eq 1023
access-list 122 deny tcp any any eq telnet
access-list 122 permit ip any any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
end
12-25-2003 10:07 PM
if you want to limit the bandwidth by IP try out this.
1. create a standard access list to just permit that particular IP
2. go to the interface where you have the IP as a part of the network and put the rate-limit command or the traffic shape with the associated access list number.
ramesh
12-26-2003 05:04 PM
thanks for the reply.
I have a very small amount of knowledge of CISCO ISO programming (just about managed updating the access list), would you be able to send me the update to accomplish this using my config.
Thanks in advance
Luke
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide