02-12-2013 06:49 AM - edited 03-04-2019 07:00 PM
I just wonder if there is simply way on Cisco 800 to set bandwidth priority for internal IP address. Basically I have server and would like to make sure, whatever comes to it or goes out has the highest priority and users won’t kill bandwidth for the server connection. Is any easy way to achieve this? I’ve tried to read documents about QoS but they are not very for me.
Thank you.
Solved! Go to Solution.
02-19-2013 02:18 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Something like (NB: syntax not verified):
ip acesss-list extended NotServer
deny ip any host (Server's IP)
class-map match-any NotServer
match access-group NotServer
policy-map Sample
class NotServer
police #
interface F4
service-policy input Sample
02-15-2013 11:09 PM
The best approach is that you give the job to a reputable consultant, or certified Cisco partner.
02-16-2013 06:12 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
In general, it's often easy to prioritize egress traffic as you desire. Ingress traffic control is much more difficult to manage (ideally you manage ingress on the other side of the link's egress).
For example, for ingress you could rate limit non-server traffic but that doesn't always guarantee non-server traffic won't fill your ingress capacity, and even when it does, it's not dynamic (i.e. non-server traffic won't obtain bandwidth not being used by the server).
For best ingress traffic management, a 3rd party traffic shaping device would be the best option, but again, even they can't deal with every situation.
Assuming your 800 WAN connection is some inexpensive DSL/CABLE connection, assuming you cannot control other side's egress, the least expensive option might be to obtain another DSL/CABLE connection, i.e. one for users and one for the server. As 800 series often have a special WAN port, you might need another or you might upgrade to a higher level ISR that can manage two WAN ports equally.
02-18-2013 12:57 AM
Joseph,
Thank you for reply. Unfortunately ordering additional connection is not an option in my case. I’ve just wander, if prioritize is so difficult, maybe there is other solution which will help to achieve my goal - like minimum dedicated bandwidth. I want to make sure; there is always bandwidth available to connect to my server.
02-18-2013 02:21 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Then you can try rate-limiting non-server ingress traffic. Again, not a sure thing, but probably better than nothing.
02-18-2013 04:19 AM
Hi Joseph,
Could you give me more details how to do this please?
02-19-2013 02:18 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Something like (NB: syntax not verified):
ip acesss-list extended NotServer
deny ip any host (Server's IP)
class-map match-any NotServer
match access-group NotServer
policy-map Sample
class NotServer
police #
interface F4
service-policy input Sample
02-19-2013 07:09 AM
Thank you Joseph
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide