Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
844
Views
0
Helpful
3
Replies

Bandwidth managment on Cisco 1841

Renne Stuart
Level 1
Level 1

‎11-06-2012 06:33 AM - edited ‎03-04-2019 06:03 PM

I am trying to restrict bandwidth for a particular LAN IP address on my network using policy maps but it does not seem to be working, below is my config any ideas what i am doing wrong? My LAN IP address is 192.168.20.199 which i am trying to limit the bandwidth on.

Cisco_1841#sh policy-map interface fa0/0
FastEthernet0/0

  Service-policy input: Bandwidth_Allocation_In

    Class-map: BWTest_In (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 110
      police:
          cir 8000 bps, bc 1500 bytes, be 1500 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          transmit
        violated 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps, violate 0 bps

    Class-map: class-default (match-any)
      17224 packets, 13147840 bytes
      5 minute offered rate 5000 bps, drop rate 0 bps
      Match: any

  Service-policy output: Bandwidth_Allocation_Out

    Class-map: BWTest_Out (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 111
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes) 
             8000/8000      2000   8000      8000      1000      1000    

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      0         0         0         0         0         no

    Class-map: class-default (match-any)
      19434 packets, 16146034 bytes
      5 minute offered rate 4000 bps, drop rate 0 bps
      Match: any
Cisco_1841#sh run
Building configuration...

Current configuration : 4225 bytes
!
! Last configuration change at 13:11:28 GMT Tue Nov 6 2012 by lloydsadmin
! NVRAM config last updated at 11:36:37 GMT Tue Nov 6 2012 by lloydsadmin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco_1841
!
boot-start-marker
boot-end-marker
!
enable secret 5 ***************
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
clock timezone GMT 0
ip cef
!
!
!
!
no ip domain lookup
ip domain name ********.co.uk
ip ssh version 2
!
!        
!
username ******** password 7 ***********
!
!
class-map match-all BWTest_Out
match access-group 111
class-map match-all BWTest_In
match access-group 110
!
!
policy-map Bandwidth_Allocation_Out
class BWTest_Out
  shape average 8000
policy-map Bandwidth_Allocation_In
class BWTest_In
  police cir 8000
    conform-action transmit
    exceed-action transmit
    violate-action drop
!
!
!
!
!
!
interface FastEthernet0/0
description WAN Uplink to Cisco 2960
ip address 111.111.111.111 255.255.255.224
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
service-policy input Bandwidth_Allocation_In
service-policy output Bandwidth_Allocation_Out
!
interface FastEthernet0/1
description LAN
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
ip route 0.0.0.0 0.0.0.0 111.111.111.112
ip route 192.168.10.0 255.255.255.0 192.168.20.253
!
!
ip http server
no ip http secure-server
ip nat pool Lloyds_Voice 111.111.111.111 111.111.111.111 netmask 255.255.255.224
ip nat pool UDP_Range 192.168.20.6 192.168.20.6 netmask 255.255.255.0 type rotary
ip nat inside source list 1 pool Lloyds_Voice
ip nat inside source static tcp 192.168.20.6 22 111.111.111.111 22 extendable
ip nat inside source static tcp 192.168.20.6 443 111.111.111.111443 extendable
ip nat inside source static udp 192.168.20.6 5060 111.111.111.111 5060 extendable
ip nat inside destination list 100 pool UDP_Range
!
!
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 100 permit udp any any range 6000 40000
access-list 110 permit ip any host 192.168.20.199
access-list 111 permit ip host 192.168.20.199 any
!
!
!
!
!
!

Labels:
0 Helpful
3 Replies 3

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎11-06-2012 09:40 AM

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Not 100% sure without some research, by issue might be related to order of operations on an external NAT interface, i.e. perhaps your policy map doesn't "see" the internal IPs.

0 Helpful

Renne Stuart
Level 1
Level 1
In response to Joseph W. Doherty

‎11-08-2012 12:42 AM

Yeah when i run the show command for the policy map it only shows the default class so it is not recognising the internal IP. Is there any other way to do this or get the router to accept the private IP address as a match to a class map and access list?

Not too sure where to go from here, we have this working using a routed public address set up but would like to get it working with a NAT config.

0 Helpful

milan.kulik
Level 10
Level 10
In response to Renne Stuart

‎11-09-2012 12:02 AM

Hi,

Joseph is right, according to

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Queueing is always the last step.

Possibly you might configure an input policy on your LAN interface marking the packets coming from

host 192.168.20.199 with some unusual DSCP value, e.g.?

And match this value by an output policy on the WAN interface?

I suppose the Bandwidth_Allocation_In policy is also not working?

Wouldn't it be easier to configure it as an output policy applied on the LAN interface?

HTH,

Milan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card