Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
950
Views
5
Helpful
1
Replies

QoS to restrict Internet Traffic Bandwidth between 2 sites connected via mpls and Internet Traffic via Tunnel between 2 Sites suing Fortigate Firewall

Go to solution
Irshad Mohammed Hussain
Level 1
Level 1

‎03-09-2021 10:30 PM

QoS to restrict Internet Traffic Bandwidth between 2 sites connected via mpls and for  Internet  they are using a Tunnel which is over  Fortigate Firewall between Sites i.e. HQ and Branch.

 

access-list 101 permit ip host X.X.X.X host Y.Y.Y.Y
access-list 101 permit ip host Y.Y.Y.Y host X.X.X.X



class-map match-all QOS-CMCisco Qos 
match access-group 101

policy-map QOS-PM
class QOS-CM
bandwidth 15360

interface GigabitEthernet0/0/1
description LAN-INTERFACE
service-policy output QOS-PM

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-10-2021 09:50 AM - edited ‎03-10-2021 09:50 AM

Insufficient information to say whether your policy's placement would be able to restrict your traffic as you desire.

However, the "normal" CBWFQ class bandwidth does not limit bandwidth it sets a minimum bandwidth guarantee.

If you want to restrict the amount of bandwidth, you'll want to use either a police or shape statement.

If you want to totally block such traffic, within a policy you can "drop" it, but you might also do that just using the same ACL, using deny rather than permit, and an ingress and/or egress ACL.  (BTW, if using an ACL, don't forget an ACL denies all, by default.)

View solution in original post

1 Reply 1

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-10-2021 09:50 AM - edited ‎03-10-2021 09:50 AM

Insufficient information to say whether your policy's placement would be able to restrict your traffic as you desire.

However, the "normal" CBWFQ class bandwidth does not limit bandwidth it sets a minimum bandwidth guarantee.

If you want to restrict the amount of bandwidth, you'll want to use either a police or shape statement.

If you want to totally block such traffic, within a policy you can "drop" it, but you might also do that just using the same ACL, using deny rather than permit, and an ingress and/or egress ACL.  (BTW, if using an ACL, don't forget an ACL denies all, by default.)

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card