09-23-2011 03:54 AM - edited 03-04-2019 01:42 PM
Dear All,
1841 - IPBASE 12.4.7d
We provide internet access for a number of clients sitting on our WAN, at present they have un-restricted access to the full bandwidth of our 1Gb internet pipe. As they are only paying for a proportion of that we want to set a Mbps limit on the clients, and idealy the device should be transparent between our router and the clients.
I have been trying to set up rate limits on a bridge on our 1841.
#
bridge 1 protocol ieee
bridge 1 route ip
bridge 1 bridge ip
#
int fas0/0
description link to wan router
no ip addr
bridge-group 1
#
int fas0/1
description link to client access switch
no ip address
no shut
bridge-group 1
#
int bvi1
desc L3 interface for bridge-group 1
ip address 192.168.1.14
no shut
rate-limit input access-group 124 8000 1500 2000 conform-action transmit exceed-action drop
rate-limit output access-group 124 8000 1500 2000 conform-action transmit exceed-action drop
#
access-list 124 permit ip 192.168.3.0 0.0.0.255 any
access-list 124 permit ip any 192.168.3.0 0.0.0.255
--
I have tried many combinations but can't get this to limit the traffic, the client still draws as much as they can.
Does rate limit work on bridged interfaces? or am I going to have to try it routed instead?
Thanks
Rob
09-23-2011 04:40 AM
why you do not apply it on one of the physical interface in and out and better to the interface facing the customer router
this is better
also you could try using policing with service policy in and out using MQC
hope this help
09-23-2011 05:04 AM
I tried it on the interface as my first port of call.
----
int fas0/0
description link to wan router
ip addr 192.168.1.14
bridge-group 1
#
int fas0/1
description link to client access switch
no ip address
no shut
bridge-group 1
rate-limit input access-group 124 800000 150000 200000 conform-action transmit exceed-action drop
rate-limit output access-group 124 800000 150000 200000 conform-action transmit exceed-action drop
#
access-list 124 permit ip 192.168.3.0 0.0.0.255 any
access-list 124 permit ip any 192.168.3.0 0.0.0.255
But the user got the full internet speed.
It did seem to work if I specified an IP for the internal interface, but since this is supposed to be a transparent bridge it has more than one network passing through it.
Thanks
Rob
09-23-2011 05:19 AM
have you tried policing with service policy ?
09-23-2011 09:43 AM
I will give policing a go, well actualy I tried with SDM and it made a bit of a hash of things ( seems to be normal for SDM ) and would not allow the interface to have QOS if it was in a bridge.
I had rate limiting working ( or it seemed to be ) on an interface with no Bridge and a different subnet,which proved it does work.
Anyway, I got MUCHO sidetracked as the router was refusing to route correctly, even after blanking the config. even to a third router over serial. I could not ping from one host to another. setting and unsetting "dynamic" routing on the interface sorted that.
Will keep playing. I have already exhausted a number of options on "free router OS's"
Thanks
Rob
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: