Bandwidth managment on Cisco 1841

Renne Stuart · ‎11-06-2012

I am trying to restrict bandwidth for a particular LAN IP address on my network using policy maps but it does not seem to be working, below is my config any ideas what i am doing wrong? My LAN IP address is 192.168.20.199 which i am trying to limit the bandwidth on.

Cisco_1841#sh policy-map interface fa0/0
FastEthernet0/0

Service-policy input: Bandwidth_Allocation_In

    Class-map: BWTest_In (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 110
      police:
          cir 8000 bps, bc 1500 bytes, be 1500 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          transmit
        violated 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps, violate 0 bps

    Class-map: class-default (match-any)
      17224 packets, 13147840 bytes
      5 minute offered rate 5000 bps, drop rate 0 bps
      Match: any

Service-policy output: Bandwidth_Allocation_Out

    Class-map: BWTest_Out (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 111
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval Increment
             Rate           Limit bits/int bits/int (ms)      (bytes)
             8000/8000      2000   8000      8000      1000      1000

        Adapt Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      0         0         0         0         0         no

    Class-map: class-default (match-any)
      19434 packets, 16146034 bytes
      5 minute offered rate 4000 bps, drop rate 0 bps
      Match: any
Cisco_1841#sh run
Building configuration...

Current configuration : 4225 bytes
!
! Last configuration change at 13:11:28 GMT Tue Nov 6 2012 by lloydsadmin
! NVRAM config last updated at 11:36:37 GMT Tue Nov 6 2012 by lloydsadmin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco_1841
!
boot-start-marker
boot-end-marker
!
enable secret 5 ***************
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
clock timezone GMT 0
ip cef
!
!
!
!
no ip domain lookup
ip domain name ********.co.uk
ip ssh version 2
!
!
!
username ******** password 7 ***********
!
!
class-map match-all BWTest_Out
match access-group 111
class-map match-all BWTest_In
match access-group 110
!
!
policy-map Bandwidth_Allocation_Out
class BWTest_Out
shape average 8000
policy-map Bandwidth_Allocation_In
class BWTest_In
police cir 8000
    conform-action transmit
    exceed-action transmit
    violate-action drop
!
!
!
!
!
!
interface FastEthernet0/0
description WAN Uplink to Cisco 2960
ip address 111.111.111.111 255.255.255.224
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
service-policy input Bandwidth_Allocation_In
service-policy output Bandwidth_Allocation_Out
!
interface FastEthernet0/1
description LAN
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
ip route 0.0.0.0 0.0.0.0 111.111.111.112
ip route 192.168.10.0 255.255.255.0 192.168.20.253
!
!
ip http server
no ip http secure-server
ip nat pool Lloyds_Voice 111.111.111.111 111.111.111.111 netmask 255.255.255.224
ip nat pool UDP_Range 192.168.20.6 192.168.20.6 netmask 255.255.255.0 type rotary
ip nat inside source list 1 pool Lloyds_Voice
ip nat inside source static tcp 192.168.20.6 22 111.111.111.111 22 extendable
ip nat inside source static tcp 192.168.20.6 443 111.111.111.111443 extendable
ip nat inside source static udp 192.168.20.6 5060 111.111.111.111 5060 extendable
ip nat inside destination list 100 pool UDP_Range
!
!
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 100 permit udp any any range 6000 40000
access-list 110 permit ip any host 192.168.20.199
access-list 111 permit ip host 192.168.20.199 any
!
!
!
!
!
!

Joseph W. Doherty · ‎11-06-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Not 100% sure without some research, by issue might be related to order of operations on an external NAT interface, i.e. perhaps your policy map doesn't "see" the internal IPs.

Renne Stuart · ‎11-08-2012

Yeah when i run the show command for the policy map it only shows the default class so it is not recognising the internal IP. Is there any other way to do this or get the router to accept the private IP address as a match to a class map and access list?

Not too sure where to go from here, we have this working using a routed public address set up but would like to get it working with a NAT config.

milan.kulik · ‎11-09-2012

Hi,

Joseph is right, according to

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Queueing is always the last step.

Possibly you might configure an input policy on your LAN interface marking the packets coming from

host 192.168.20.199 with some unusual DSCP value, e.g.?

And match this value by an output policy on the WAN interface?

I suppose the Bandwidth_Allocation_In policy is also not working?

Wouldn't it be easier to configure it as an output policy applied on the LAN interface?

HTH,

Milan