02-12-2012 01:31 AM - edited 03-03-2019 06:29 AM
I am trying to throttle http traffic for a specific network utilizing a policy-map and class-maps. What I am trying to do is limit facebook, youtube, etc for a specific vlan but allow others to pass unmetered. I have class-maps that match the http hosts which work fine and I have a class-map that matches the source network but I cannot seem to get it to match both at the same time. Does anyone have a sample config that will match a source network and http host and apply a policer or priority to both? So basically I just want to slow down youtube and facebook for the network below.
vlan IP 192.168.30.0/24
websites *youtube* *facebook* *fbcdn*
Thank you all for your support and assistance.
Mike
Solved! Go to Solution.
02-12-2012 02:26 AM
ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )
POLICE-WWW will match url list and source 192.168.30/24
"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :
policy-map filter
class ALL-SOURCES
police rate 10000000
class POLICE-WWW
police rate 1000000
Dan
02-12-2012 01:58 AM
Hi ,
The policy-map works by the first match. I think that the problem is that if you have the first class-map matching all the www traffic , this class-map will match also the "unwanted vlan source". So you should deny the IP sources that you want to police. Your config should look like :
!
ip access-list stan ACL-VLAN30
permit 192.168.30.0 0.0.0.255
!
class-map match-all ALL-SOURCES
match no access-group name ACL-VLAN30
match protocol http url "*facebook*" "*youtube*" "*fbcdn*"
!
!
class-map match-all POLICE-WWW
match access-group name ACL-VLAN30
match protocol http url "*facebook*" "*youtube*" "*fbcdn*"
!
Dan
02-12-2012 02:05 AM
Thanks for the reply,
would the policy-map just match ALL-Sources then POLICE like?
policy-map filter
class ALL-SOURCES
priority 10000000 (10mb)
class POLICE-WWW
priority 1000000 (1mb)
Am I thinking about this right?
Thanks again, this has been a challenge for me.
02-12-2012 02:26 AM
ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )
POLICE-WWW will match url list and source 192.168.30/24
"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :
policy-map filter
class ALL-SOURCES
police rate 10000000
class POLICE-WWW
police rate 1000000
Dan
02-12-2012 02:29 AM
Perfect! I will test this out tomorrow. Thanks for the help and the quick response!
Much appreciated!
Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: