cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2724
Views
5
Helpful
14
Replies

Bandwidth division into two LAN

yesenia-m
Level 1
Level 1

Hi team

We need to divide a dedicated 10 Mbps link two LANs for each half of this bandwidth

I have the possible configuration:

          class-map match-all HOTEL_ADMON

          match access-group 100

          class-map match-all GUEST

          match access-group 200

          access-list 100 permit 192.168.10.0 0.0.0.255

          access-list 200 permit 192.168.20.0 0.0.0.255

          policy-map DIV

          class-map HOTEL_ADMON

          bandwidth percent 50

          class-map GUEST

          bandwidth percent 50

          class class-default

          shape average 10000000

          int gi 0/0

          service-policy output DIV

Do I need anything else or is complete?

Thank you.

Regards

1 Accepted Solution

Accepted Solutions

Hi, Yesenia,

Try change class-map to class:

policy-map DIV

class HOTEL_ADMON

bandwidth percent 50

View solution in original post

14 Replies 14

John Blakley
VIP Alumni
VIP Alumni

With this config, you're guaranteeing 50 percent of the bandwidth, but you're not keeping either segment from maxing it out. You should try something like this instead:

policy-map DIV

          class-map HOTEL_ADMON

          bandwidth percent 50

          shape average 5000000

          class-map GUEST

          bandwidth percent 50

          shape average 5000000

          class class-default

          shape average 10000000

Also, you may want to have something inbound to police traffic coming into the clients. Generally, if you're natting on the router, you'll need to police into the public address that you've natted the connection out as so you can catch the traffic coming back.

HTH,

John

HTH, John *** Please rate all useful posts ***

Hi j.blakey

I'm configuring the router but will not let me configure the following commands, I need some other command to enable these options or a problem with the IOS?

class-map match-all HOTEL_ADMON

match access-group 10

class-map match-all GUEST

match access-group 20

!

!

policy-map DIV

Gw_GARDEN_2901(config)#policy-map DIV

Gw_GARDEN_2901(config-pmap)#class-map HOTEL_ADMON

Gw_GARDEN_2901(config-cmap)#?

Class-map configuration commands:

  description  Class-Map description

  exit         Exit from class-map configuration mode

  match        classification criteria

  no           Negate or set default values of a command

  rename       Rename this class-map

thanks for the help

Hi, Yesenia,

Try change class-map to class:

policy-map DIV

class HOTEL_ADMON

bandwidth percent 50

Hi

How I can show the customer that this effectively dividing the bandwidth?, To efficiently execute the command show policy-map int gi 0/0 out, we get:

Gw_GARDEN_2901#sh policy-map int gi 0/0 out

GigabitEthernet0/0

  Service-policy output: DIV

    Class-map: HOTEL_ADMON (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: access-group 10

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      bandwidth 40% (40000 kbps)

      shape (average) cir 4000000, bc 16000, be 16000

      target shape rate 4000000

    Class-map: GUEST (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: access-group 20

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      shape (average) cir 6000000, bc 24000, be 24000

      target shape rate 6000000

    Class-map: class-default (match-any)

      2053638 packets, 1700513757 bytes

      5 minute offered rate 8000 bps, drop rate 0 bps

      Match: any

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 62574/11332279

      shape (average) cir 10000000, bc 40000, be 40000

      target shape rate 10000000

Thank you

Regards

Yesenia,

First, my apologies for the typo above, it is indeed the command "class" that goes under the policy map. Second, the only thing that I'm aware that you can do is show them the above output. Can you post the final configuration for your policy?

HTH,

John

HTH, John *** Please rate all useful posts ***

Hi John

Dont worry , Course this is the configuration of Policy-map:

policy-map DIV

class HOTEL_ADMON

bandwidth percent 40

shape average 4000000

class GUEST

bandwidth percent 60

shape average 6000000

class class-default

shape average 10000000

The above output is correct?

Thank you

Regards

It looks like it You could show them the output for "show policy-map inter g0/0 out" and point out that the measurements are based off of the primary speed of 10Mb.

    Class-map: HOTEL_ADMON (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: access-group 10

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      bandwidth 40% (40000 kbps)

      shape (average) cir 4000000, bc 16000, be 16000

      target shape rate 4000000

    Class-map: GUEST (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: access-group 20

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      shape (average) cir 6000000, bc 24000, be 24000

      target shape rate 6000000

I am curious as to why the Guest class doesn't show a percentage like the Hotel class does. What you could do is generate some traffic to see if it starts to shape. Here's another concern that you'll have. The shape command only works on outbound policy maps which means a user on this subnet sending traffic. If this is the last point that your user goes out before the internet, you'll also want to police traffic inbound going toward that subnet. If you're natting on this interface, then you'll need to map an ip to this subnet and then police inbound on the public address that you've natted to. Does this make sense?

HTH,

John

HTH, John *** Please rate all useful posts ***

I requested that the network had 60 guests some bandwidth, covering the nat is this?

GigabitEthernet0/1.10 interface

  EQUIPMENT_HOTEL description

  encapsulation dot1Q 10

  ip address 192.168.10.1 255.255.255.0

  no ip redirects

  no ip unreachables

  no ip proxy-arp

  ip nat inside

  ip virtual-reassembly in

!

GigabitEthernet0/1.20 interface

  EQUIPMENT_GUEST description

  encapsulation dot1Q 20

  ip address 192.168.20.1 255.255.255.0

  no ip redirects

  no ip unreachables

  no ip proxy-arp

  ip nat inside

  ip virtual-reassembly in

Thanks

Regards

You have nat enabled on the inside. Do you have public addresses that were assigned to you? If so, you'll want to nat your guests out a different public address than what the hotel does. If that's the case, then you'll apply your guest network to a pool of addresses that you can use (one address is enough) and then you can police back in on the public side interface to that address that you've assigned to the guest network. That way the guest network won't be able to download more than 60Mb and send out (shaped) at 60Mb.

John

HTH, John *** Please rate all useful posts ***

I mean do I have to create another nat to output the guest network? have two public IP network one for the hotel's own teams and one for the guest network? it currently has a pat configured: ip nat inside source list 1 interface GigabitEthernet0 / 0 overload

In order to control the guest side, you'll need to know what address it's going out as. In order to do that, you'll nat your guest internal subnet out as a certain address. Suppose you have 5 addresses 1.1.1.1 - 1.1.1.5. Your router gets 1.1.1.1. If you're natting everything out the g0/0 (where assumed 1.1.1.1 is assigned), then your hotel and guest both look like they're coming from 1.1.1.1. You wouldn't want to police the traffic to a certain speed, say 60% inbound, to this address because it would also affect the hotel side as well.

Instead, what you should do is create a nat pool for the hotel and guest side, or at least the guest side:

ip nat pool Guest 1.1.1.2 1.1.1.2 prefix 29

ip access-list ext Guest

permit ip 192.168.20.0 0.0.0.255 any

ip nat inside source list Guest pool Guest overload

Now the outbound traffic from the Guest side is seen as 1.1.1.2 and the Hotel side is seen as 1.1.1.1. Now it's easier to police the return traffic:

access-list 101 permit ip any host 1.1.1.2

class-map PoliceGuest

match access-group 101

policy-map PoliceInbound

class PoliceGuest

police cir percent 60

int g0/0 (assuming WAN facing)

service-policy input PoliceInbound

I haven't seen the WAN interface yet, so I'm assuming your outbound policy is configured there as well. If that's the case, you'll have one output and one input on the WAN interface. The policing would only happen to the public address that the guest side goes out of.

HTH,

John

**** Please rate useful posts *****

HTH, John *** Please rate all useful posts ***

clear to me thanks! I have to have a public IP for each traffic and so to define both inbound traffic as the output.

I'll do the tests next week and will report how everything went, thank you!

Regards

I look forward to hearing the outcome!

HTH, John *** Please rate all useful posts ***

Hi J.Blakley,

I'm doing tests again, when placing the command: service-policy output DIV

I check this error:

w_GARDEN_2901 (config-if) # service-policy output DIV

Insufficient bandwidth 10000 kbps bandwidth for the percent (60%) guarantee

In the interface configure: bandwidth 10000, but still will not let me

I leave as was configured:

class-map match-all HOTEL_ADMON

  match access-group 20

class-map match-all GUEST

  match access-group 10

class-map match-all PoliceGuest

  match access-group 101

!

!

policy-map DIV

  HOTEL_ADMON class

   bandwidth percent 40

   shape average 4000000

class GUEST

  bandwidth percent 60

  shape average 6000000

class class-default

  shape average 10000000

policy-map PoliceInbound

class PoliceGuest

  police cir percent 60

interface GigabitEthernet0/0

description INTERNET

bandwidth 10000

ip address 201.X.X.X 255.255.255.248

ip flow ingress

ip nat outside

no ip virtual-reassembly in

duplex auto

speed auto

service-policy input PoliceInbound

ip nat pool Guest 201.X.X.X 201.X.X.X prefix-length 29

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip nat inside source list Guest pool Guest overload

know will be happening?

Are correct? Commands I added to the inbound policy?

Thank you

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco