Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1615
Views
5
Helpful
1
Replies

ASR Traffic shape & Bandwidth

Ali Cavit Davutoglu
Level 1
Level 1

‎12-06-2010 12:14 AM - edited ‎03-04-2019 10:41 AM

Hello everyone,

I want to configure traffic shaping (or bandwidth) on ASR 1006 but somehow it is not working. Interesting ACL is not catch the traffic? You can see the configuration at the below.

MY PC(10.200.0.217) ------> FW (with NAT - 194.X.X.X) -------> ASR 1006 (with Traffic Shaping)

!

ip access-list extended POLICY_ACL
permit ip host 194.X.X.X any (THIS IP ADD is my PUBLIC IP)
permit ip host 10.200.0.217 any (THIS IP ADD is my local PC)
!

class-map match-any POLICY
  match access-group name POLICY_ACL
!
policy-map POLICY
class POLICY

    shape average 1000000
!

interface GigabitEthernet0/0/4
description OUTSIDE_Interface
  ip address x.x.x.x 255.255.255.252
  ip nbar protocol-discovery
  negotiation auto
  crypto map clientmap
  service-policy output POLICY
!       

Thank you very much,

My best.

Cavit Davutoglu

Labels:
0 Helpful
1 Reply 1

Lei Tian
Cisco Employee
Cisco Employee

‎12-06-2010 03:20 AM

Hi Cavit,

That is because the order of process on router is to process queueing at then end. In your case, packets will be encrypted first, and then queue. So, the header of the encrypted packets will be either ipsec peer IP or tunnel IP, depends the ESP mode you using.

To address that, you can

1,classify and mark the traffic at LAN inbound direction. Then match the DSCP and queue on the WAN outbound direction.

2,use ipsec pre-classify on the crypto-map.

HTH,

Lei TIan

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card