Applying rate-limit to a bridge on 1841

twin-turbo · ‎09-23-2011

Dear All,

1841 - IPBASE 12.4.7d

We provide internet access for a number of clients sitting on our WAN, at present they have un-restricted access to the full bandwidth of our 1Gb internet pipe. As they are only paying for a proportion of that we want to set a Mbps limit on the clients, and idealy the device should be transparent between our router and the clients.

I have been trying to set up rate limits on a bridge on our 1841.

#

bridge 1 protocol ieee

bridge 1 route ip

bridge 1 bridge ip

#

int fas0/0

description link to wan router

no ip addr

bridge-group 1

#

int fas0/1

description link to client access switch

no ip address

no shut

bridge-group 1

#

int bvi1

desc L3 interface for bridge-group 1

ip address 192.168.1.14

no shut

rate-limit input access-group 124 8000 1500 2000 conform-action transmit exceed-action drop

rate-limit output access-group 124 8000 1500 2000 conform-action transmit exceed-action drop

#

access-list 124 permit ip 192.168.3.0 0.0.0.255 any

access-list 124 permit ip any 192.168.3.0 0.0.0.255

--

I have tried many combinations but can't get this to limit the traffic, the client still draws as much as they can.

Does rate limit work on bridged interfaces? or am I going to have to try it routed instead?

Thanks

Rob

Marwan ALshawi · ‎09-23-2011

why you do not apply it on one of the physical interface in and out and better to the interface facing the customer router

this is better

also you could try using policing with service policy in and out using MQC

hope this help

twin-turbo · ‎09-23-2011

I tried it on the interface as my first port of call.

----

int fas0/0

description link to wan router

ip addr 192.168.1.14

bridge-group 1

#

int fas0/1

description link to client access switch

no ip address

no shut

bridge-group 1

rate-limit input access-group 124 800000 150000 200000 conform-action transmit exceed-action drop

rate-limit output access-group 124 800000 150000 200000 conform-action transmit exceed-action drop

#

access-list 124 permit ip 192.168.3.0 0.0.0.255 any

access-list 124 permit ip any 192.168.3.0 0.0.0.255

But the user got the full internet speed.

It did seem to work if I specified an IP for the internal interface, but since this is supposed to be a transparent bridge it has more than one network passing through it.

Thanks

Rob

Marwan ALshawi · ‎09-23-2011

have you tried policing with service policy ?

twin-turbo · ‎09-23-2011

I will give policing a go, well actualy I tried with SDM and it made a bit of a hash of things ( seems to be normal for SDM ) and would not allow the interface to have QOS if it was in a bridge.

I had rate limiting working ( or it seemed to be ) on an interface with no Bridge and a different subnet,which proved it does work.

Anyway, I got MUCHO sidetracked as the router was refusing to route correctly, even after blanking the config. even to a third router over serial. I could not ping from one host to another. setting and unsetting "dynamic" routing on the interface sorted that.

Will keep playing. I have already exhausted a number of options on "free router OS's"

Thanks

Rob