Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1174
Views
5
Helpful
3
Replies

Controlling bandwidth on WAN Interface

Go to solution
Kevin Melton
Level 2
Level 2

‎02-26-2010 07:24 AM - edited ‎03-04-2019 07:38 AM

I have a client whom has a Metro Ethernet connection.  I have been tasked by the client to give a certain amount of bandwidth to specific groups, i.e., 2 meg to the Admin staff, 1.5 Meg to the Guests, and then another .5 Meg to a group we will call group x.

I configured the following on the 3825 router that faces the Internet and hosts the Metro E connection, but when I run speedtests out to the Internet, and even though I see hit counts on the associated ACL's, the policy does not seem to work, and I am not limiting the bandwidth per group.

Here is the config I have used to try to get this to work

class-map match-any groupx
 match access-group name groupx
class-map match-any BHI
 match access-group name BHI
class-map match-any Rooms
 match access-group name Rooms

policy-map SplitBandwidth
 class Rooms
  bandwidth 1500
class BHI
  bandwidth 2000
class groupx
  bandwidth 500

ip access-list extended BHI
permit ip host xxx.xxx.224.3 any
permit ip any host xxx.xxx.224.3
permit ip any host xxx.xxx.224.7
permit ip host xxx.xxx.224.7 any
permit ip any host xxx.xxx.224.4
permit ip host xxx.xxx.224.4 any
permit ip host xxx.xxx.224.5 any
permit ip any host xxx.xxx.224.5
ip access-list extended Rooms
permit ip host xxx.xxx.224.8 any
permit ip any host xxx.xxx.224.8
ip access-list extended groupx
permit ip any host xxx.xxx.224.9
permit ip host xxx.xxx.224.9 any

interface GigabitEthernet0/0
description FACES INSIDE - CONNECTS TO BHIASAOP$FW_INSIDE$$ETH-LAN$
ip address xxx.xxx.224.1 255.255.255.0
ip access-group restrict_SSH in
ip access-group blockNomadixports out
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
no ip route-cache cef
duplex auto
speed auto
media-type rj45
service-policy output SplitBandwidth

What have I missed here?

Thanks

Kevin


Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-26-2010 07:43 AM

Kevin

Unless there is congestion on the link then the bandwidth command will do nothing. If you want to actually restrict each dept to a specfic bandwidth then you need to consider policing or more likely shaping the traffic of each dept so they cannot go above their alloted bandwidth.


But is this what you want to do ie. if you police/shape and there is spare bandwidth from another dept that is not being used it will remain unused whereas currently with your config the spare bandwidth could be used any another dept.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-26-2010 07:43 AM

Kevin

Unless there is congestion on the link then the bandwidth command will do nothing. If you want to actually restrict each dept to a specfic bandwidth then you need to consider policing or more likely shaping the traffic of each dept so they cannot go above their alloted bandwidth.


But is this what you want to do ie. if you police/shape and there is spare bandwidth from another dept that is not being used it will remain unused whereas currently with your config the spare bandwidth could be used any another dept.

Jon

0 Helpful

Go to solution
Kevin Melton
Level 2
Level 2
In response to Jon Marshall

‎02-26-2010 08:20 AM

Jon

The answer is a mixed answer.

There are times when we will want to limit a specific group to a bandwidth ceiling.  This client is a Resort Hotel.  A group may come in and ask us for (as in this example) 500KB available.  And we want to make sure that they do not ever cut into the other groups (Admin, Guests in general) bandwidth.  Would I implement shaping or policing in these instances?

Thanks Jon

Kevin

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Kevin Melton

‎02-26-2010 02:30 PM 

k-melton wrote:
Jon
The answer is a mixed answer.
There are times when we will want to limit a specific group to a bandwidth ceiling.  This client is a Resort Hotel.  A group may come in and ask us for (as in this example) 500KB available.  And we want to make sure that they do not ever cut into the other groups (Admin, Guests in general) bandwidth.  Would I implement shaping or policing in these instances?
Thanks Jon
Kevin

Kevin

Shaping or policing would both work fine. Generally speaking using shaping is a better solution because with shaping packets that exceed the configured bandwidth are queued to be resent later. Policing on the other hand simply drops packets that exceed the configured bandwidth.

That will allow you to simply limit them to a specific bandwidth but all the time ie. regardless of whether there is spare bandwidth outside of the shaped bandwidth it cannot be used.

Jon

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card