cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4047
Views
17
Helpful
18
Replies

How to route public IP and assign particulr speed on same routed public Ip

Pankaj Palyekar
Level 1
Level 1

Hello,

I have a cisco 2600 router.

I have /27 public Ip Pool which has been provided by my Isp

Link Speed 25mbps

I want to assign 5mbps to one of the public ip address and remaining 20 mbps should be shared among remaining IP addresses

18 Replies 18

Francesco Molino
VIP Alumni
VIP Alumni

Hi

You can't assign a specific bandwidth to 1 public IP. What you can do is assigning a specific bandwidth to a traffic sourced from that IP or destined to that IP depends if it's inbound or outbound traffic

You'll need to create a class-map matching your acl traffic. Then a policy-map calling that class-map with a shadow of police (based on what you want to do) and apply this policy-map to your interface as inbound or outbound based on what traffic you want to police.

Hope that's clear

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

will u pls elaborate and tell. Its difficult for me to understand the concept. Please suggest some
refferences where I can go and read these topic deeply. I am from electronics background. I m trying to
learn this concept

What I understood routing is where we use one router, where one interface will have wan and other will
have lan. Both interface will be on diffrent subnet.

In order to route traffic from lan to the wan we use NAT concept

Now the question is, I have only one pool of public IP address.

Lets consider one IP of it , which we called gateway is assign to ISP routing device interface

from there one link which is coming will go to the our router 2600 wan interface, and for that WAN interface I'll assign one public of the same pool which we have received from the ISP.

Now the question is, how I'll access other remaining IP through the  other ethernet interface of the same router.


Where I know that other interface should be used as ETHERNET Interface that is using private IP.

Hi

To assign bandwidth to specific traffic, you'll need to classify this traffic based on acl (for example) and use these class-map under a policy-map that'll be attached to an interface.

Here an example: (I tried to find a concrete simple example on Google)

http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfmcli2.html

You don't need to configure other public IP addresses on your router. Normally your SP is routing all public IP they gave you to your wan ip (the one configured on your router)

As all traffic to these IP is routed to your equipment, you can use them to do nat.

To allow internal hosts with private IP, you'll need to nat them to your wan interface for example.

Here an example of nat configuration: 

http://evilrouters.net/2009/07/09/configuring-basic-nat-with-overloading/

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thank U for yur rply sir,

ISP is using GPON tech. they have given connection from OLT to ONU by fibre and from ONU they gave us ethernet cabel. They normaly (ISP) register  mac address of ONU to the OLT.

Now u mean to say, simply  if I connect ethernet cable coming from ONU to my router interface  (G1) and from int (G2) I connect cable to my laptop I put one of the public Ip and all other necessary detail then My internet will work?

Without any configuration on the router?

I need to do just  no shut on both the router interface?

Hi

Let me clarify everything by using a quick drawing.

First of all, GPON technology is the "physical" layer and how the Layer3 works behind that is the same

Now let's assume some points:

A.  1 is your WAN subnet. Let's says you get subnet 21.20.20.0/29 from your ISP.

That means, you have IPs from 21.20.20.1 to 21.20.20.6. Your ISP IP is 21.20.20.1 and your WAN router interface is 21.20.20.2. Others IP are free to be used for whatever your want. 

Usually, your ISP is routing remaining IPs (from 21.20.20.3 to 21.20.20.6) to your WAN router interface 21.20.20.2.

IP 21.20.20.3 is a static NAT for your internal server which have IP 192.168.1.10. This static nat is used to forward all ports (TCP and UDP) to your internal server. That means if someone is trying to access the IP 21.20.20.3 using smtp, the smtp traffic will be forwarded to your 192.168.1.10 internal server. You can do nat by restricting port, but in this example it was just to show up how to use a public IP assigned by your ISP that isn't configured to any of your router interfaces.

B.  2 is your LAN subnet, Let's say you have 192.168.1.0/24 as internal subnet.

C.  Based on your first question, you have 3 types of traffic: (your WAN bandwidth is 20Mbps)

 - All voice traffic is prioritized with a bandwidth of 5Mbps

 - Traffic incoming to IP 21.20.20.3 has a bandwidth reserved of 5Mbps

 - All default traffic as default (no prioritization of bandwidth reservation)

D. your wan interface is Gi0/0 and LAN is Gi0/1

Now let's show the config:

A. WAN config interface and default route

interface Gi0/0

 description ### WAN interface ###

 ip address 21.20.20.2 255.255.255.248

 bandwidth 20000

!

ip route 0.0.0.0 0.0.0.0 21.20.20.1

B. LAN interface configuration

interface Gi0/1

 description ### LAN interface ###

 ip address 192.168.1.1 255.255.255.0

C. NAT Configuration (dynamic NAT to allow all internal hosts to access internet)

ip access-list NAT extended ip permit 192.168.1.0 0.0.0.255 any

!

ip nat inside source list NAT interface Gi0/0 overload

!

interface Gi0/1

 ip nat inside

!

interface Gi0/0

 ip nat outside

C. NAT configuration (static NAT) for your email server

ip nat inside source static 192.168.1.10 21.20.20.3

D. QoS configuration

==> Classify voice RTP traffic

access-list 100 permit udp any any range 16384 32767

class-map voip 

  match access-group 100

==> Classify traffic incoming to your email server

access-list 110 permit ip any host 21.20.20.3

class-map email

  match access-group 110

==> Configuration of outbound policy-map (from internal to internet)

policy-map PMAP-OUT

  class voip

     priority 5000

  class class-default

==> Configuration of outbound policy-map (from internet to internal)

policy-map PMAP-IN

  class email

     bandwidth 5000

  class class-default

==> Apply policy-map to your WAN interface

interface Gi0/0

 service-policy output PMAP-OUT

 service-policy input PMAP-IN

For you sure, if you never done any QoS configuration, you'll ask the difference between bandwidth and priority. Here a Cisco documentation that's explaining all these stuffs: http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10100-priorityvsbw.html

Hope I've answered all your questions in detailled.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Sir, We R slightly moving towards differnet topic.

Q1. I have publc Ip /27 Subnet, link total speed is 25mbps.

Q2. I want to take one of its Ip and limit speed on that  perticular IP.

Q3.Out of 30 valid host one of the IP is used for gateway by our ISP

Q4. I have 29 IPS remaining, out of which some of the starting IPS we already used for our network.

Q5. Now we have 2600 router, now whichever free IP's are remaining out of those I have to picked up one and limit the speed to 5MBPS eg. X.X.X.61

(So that I could assign the same ip to perticular user system or his device like small Home wifi router. Dedicated connection to him only, no matter what he does with that IP.)

Q6. How I'll implement this on my 2600 router which has two ethernet interface

(G0/0 and G0/1).

Q7. simply I have to no shut both the interface and I'll get access of that perticular Ip from G0/1.

like INPUT=OUTPUT logic is already implimented inside the router?

only I need to take help of QoS cammand and limt the bandwidth on that perticular IP Address eg. X.X.X.61.

Hi

Here are answers to your questions:

Q1. OK fine. You can configure the bandwidth on the interface with bandwidth command.

Q2. To limit bandwidth for a particular IP you need to apply a config like I posted before using ACL, class-map and policy-map:

access-list 110 permit ip any host 21.20.20.3

class-map email

  match access-group 110

policy-map PMAP-IN

  class email

     bandwidth 5000

  class class-default

Apply this policy map to your interface as Inbound. If you want to limit outbound, then you need to add a new acl that will look like:

access-list 111 permit ip host 21.20.20.3 any

the policy map outbound will look like what I've explained on my previous post.

Q3. Ok that's normal one of your IP is for your ISP.

Q4. I can use this public IP directly on your network if the vlan id is span over it. They'll be direct connected to Internet.

Q5. QoS config like I posted and explained back on Q2

Q6. Don't understand your point. If you have 2 interfaces (1 for WAN and 1 for LAN), take a look on my previous post as I've given all information. If you need more of can specifically details your needs I may be able to help.

Q7. Not sure to understand your need. If the question is routing between router interfaces, yes just unshut interfaces and without adding routes, router will be able to route packet to subnets attached directly.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thank u sir,

pls find  the attachment (Network.jpg), below my previous post.

U will understood my query

Based on your quick drawing, your G0/0 interface will be your WAN Public IP and G0/1 will be your internal IP.

Now on your G0/1 you want to set QoS, take a look on policy-map I posted and adapt it with your own internal IP.

Is that what you were after?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

 but my doubt is still there,

But How l'll get access of remaining public IP at G0/1.

U r saying internal ip that is private Ip. Why I want private IP at G0/1 side,

where I am not going to use those private IP.

I want to use further, one of our ISP assign public ip through that port (G0/1 port)

I would be assigning the public IP further to one of our wifi router.

And before assigning to wifi router I want to limit speed on that particular IP

I do not want NAT in my 2600 router.

Only I want to limit speed on that perticular IP, further I ll give that IP to the wifi router.

Reading all exchange we had, it looks like that you want to use 2 public ip in the same subnet that your isp gave you in 2 different interfaces within the same router.

This isn't possible. For that purpose you'll need a switch.

Is that what you want to achieve?

Otherwise you lost me and still don't understand what you want to do.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Switch it is possible I know but on switch we can limit speed on particular IP address? Using QoS. We have 3850 switch.  Other IPs I do not want accessible from that particular port (accept given IP and Gateway to that particular individual).

He should be able to access only that perticular IP and Gateway Which I am going to give him from My public IP'S. The rest of the Ip's He should

not.

Thanks For Ur Support.

You'll need to configure a SVI within the same subnet to apply acl and QoS.

But Yes you can do. It's not a router and you can have some limitations.

Thanks.

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

@Francesco Molino This is very helpful

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: