02-12-2012 01:31 AM - edited 03-03-2019 06:29 AM
I am trying to throttle http traffic for a specific network utilizing a policy-map and class-maps. What I am trying to do is limit facebook, youtube, etc for a specific vlan but allow others to pass unmetered. I have class-maps that match the http hosts which work fine and I have a class-map that matches the source network but I cannot seem to get it to match both at the same time. Does anyone have a sample config that will match a source network and http host and apply a policer or priority to both? So basically I just want to slow down youtube and facebook for the network below.
vlan IP 192.168.30.0/24
websites *youtube* *facebook* *fbcdn*
Thank you all for your support and assistance.
Mike
Solved! Go to Solution.
02-12-2012 02:26 AM
ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )
POLICE-WWW will match url list and source 192.168.30/24
"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :
policy-map filter
class ALL-SOURCES
police rate 10000000
class POLICE-WWW
police rate 1000000
Dan
02-12-2012 01:58 AM
Hi ,
The policy-map works by the first match. I think that the problem is that if you have the first class-map matching all the www traffic , this class-map will match also the "unwanted vlan source". So you should deny the IP sources that you want to police. Your config should look like :
!
ip access-list stan ACL-VLAN30
permit 192.168.30.0 0.0.0.255
!
class-map match-all ALL-SOURCES
match no access-group name ACL-VLAN30
match protocol http url "*facebook*" "*youtube*" "*fbcdn*"
!
!
class-map match-all POLICE-WWW
match access-group name ACL-VLAN30
match protocol http url "*facebook*" "*youtube*" "*fbcdn*"
!
Dan
02-12-2012 02:05 AM
Thanks for the reply,
would the policy-map just match ALL-Sources then POLICE like?
policy-map filter
class ALL-SOURCES
priority 10000000 (10mb)
class POLICE-WWW
priority 1000000 (1mb)
Am I thinking about this right?
Thanks again, this has been a challenge for me.
02-12-2012 02:26 AM
ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )
POLICE-WWW will match url list and source 192.168.30/24
"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :
policy-map filter
class ALL-SOURCES
police rate 10000000
class POLICE-WWW
police rate 1000000
Dan
02-12-2012 02:29 AM
Perfect! I will test this out tomorrow. Thanks for the help and the quick response!
Much appreciated!
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide