Re: how may i limit internet bandwidth?

IngRobert0 · ‎05-01-2019

Hi everyone,

i want to limit the bandwidth for 2 of my public address on my cisco router 4321 , i've tried with this configuration:

class-map match-all INTERNET-2

 match access-group name INTERNET-2

class-map match-all INTERNET-1

 match access-group name INTERNET-1

!

policy-map INTERNET

 class INTERNET-1

  bandwidth percent 20

 class INTERNET-2

  bandwidth percent 80

policy-map RATE-LIMIT

 class class-default

  shape average 30000000

   service-policy INTERNET



interface GigabitEthernet0/0/0

 description TO ISP

 ip address A.B.C.D 255.255.255.240

 ip nat outside

 negotiation auto



interface GigabitEthernet0/0/1

 no ip address

 negotiation auto

 service-policy output RATE-LIMIT



interface GigabitEthernet0/0/1.5

 description LAN-INTERNET-1

 encapsulation dot1Q 5

 ip address 192.168.100.1 255.255.255.0

 ip nat inside

!

interface GigabitEthernet0/0/1.10

 description LAN-INTERNET-2

 encapsulation dot1Q 10

 ip address 192.168.200.1 255.255.255.0

 ip nat inside





ip nat inside source list INTERNET-1 interface GigabitEthernet0/0/0 overload

ip nat inside source list INTERNET-2 interface GigabitEthernet0/0/0 overload

ip forward-protocol nd

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 NEXT-HOP



ip access-list standard INTERNET-1

 permit 192.168.100.0 0.0.0.255

ip access-list standard INTERNET-2

 permit 192.168.200.0 0.0.0.255

but when i tested, the bandwidth is not limited.

By the way, the total bandwidth must be 30 Mbps, could anyone help me?

Thanks

Sebastian Fernandez · ‎05-01-2019

Hi @IngRobert0

In your policy instead of using bandwidth (which is only a gaurantee of BW at the time on congestion) you should use police to rate-limit the BW usage beyond a threshold. for eg

policy-map test
class test
police rate percent 20 conform-action transmit exceed-action drop

You may chose to specify actual value in bits as oppose to the percentage of BW.

Please mark this post help if you find it useful.

Georg Pauwen · ‎05-02-2019

Hello,

you have applied the service policy to a layer 2 interface. It needs to be applied to the outgoing interface. Have a look at the simplified configuration below.

It is unclear what you mean by two public IP addresses, since you appear to have only one ISP connection. Do you want to limit the amount of bandwidth available for your inside networks ? What is the total bandwidth you have available ? The amount of the shaper depends on the amount of bandwidth you have available. That said, policing or rate limiting should be avoided if possible, better to use shaping:

class-map match-all SUBNET_100_CLASS
match access-group 101
!
class-map match-all SUBNET_200_CLASS
match access-group 102
!
policy-map SHAPE_POLICY
class SUBNET_100_CLASS
shape average 24000000
class SUBNET_200_CLASS
shape average 6000000
class class-default
fair-queue
!
interface GigabitEthernet0/0/0
description TO ISP
ip address A.B.C.D 255.255.255.240
ip nat outside
negotiation auto
service-policy output SHAPE_POLICY
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.5
description LAN-INTERNET-1
encapsulation dot1Q 5
ip address 192.168.100.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1.10
description LAN-INTERNET-2
encapsulation dot1Q 10
ip address 192.168.200.1 255.255.255.0
ip nat inside
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 NEXT-HOP
!
access-list 1 permit 192.168.100.0
access-list 1 permit 192.168.200.0
!
access-list 101 permit ip 192.168.100.0 any
access-list 102 permit ip 192.168.200.0 any