03-07-2012 05:30 AM - edited 03-04-2019 03:34 PM
hello cisco enthusiast.
I would like to ask help from you how would this configuration goes.
I got a 5MBps Lease Line Connection via FAST ETHERNET PORT. i got a Cisco 1841 Router.
I want to distribute bandwidth in this ratio 2MBps/2MBps/1MBps
2MBps = Office Connection
2MBps = Computer Laboratory Connection
1MBps = WIFI Connection
1841 has only 2 Fast Ethernet ports
so im planning to add up a 2modules of 2-Port Fast Ethernet High-Speed WIC for Cisco Integrated Services Routers
thank you
03-07-2012 07:42 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
For leased line, if your router supports CBWFQ, you can setup classes for your 3 groups. This would work well for outbound traffic, but inbound (unless you manage the far side's egress) is very, very difficult to effectively manage.
policy-map egressSample
class office
bandwidth percent 20
class lab
bandwidth percent 20
class wifi
bandwidth percent 10
You'll need class-maps to match traffic.
03-07-2012 11:42 PM
!
class-map match-all OFFICE
description *** Office Network ***
class-map match-all LAB
description *** Laboratory Network ***
class-map match-all WIFI
description *** Public Network***
!
policy-map EGRESS
class OFFICE
bandwidth percent 40
class LAB
bandwidth percent 40
class WIFI
bandwidth percent 20
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet0/0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1/0
ip address 212.115.130.140 255.255.255.0
clock rate 2000000
just confirmed the ISP Providers side they will be deploying the Lease Line via FE.
i was lookinf for a guide how would i apply the following policy map into each port. simulation done on packet tracert.
can you assist me further?
thank you
03-08-2012 02:18 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Unknown exactly what your simulator will support, i.e. what I might suggest might not be accepted on it. Also, even with real routers, features can vary, i.e. also again what I might suggest might not be accepted on your actual router. Lastly, I'm not at a real router, at the moment, to verify syntax. All that noted, something like:
ip access-list extended OFFICE
permit ip 192.168.0.1 0.0.0.255 any
class-map match-all OFFICE
match access-group OFFICE
(similar for other networks)
interface serial0/1/0 (or whatever interface you'll be using to isp)
service-policy output EGRESS
PS:
If hand-off will be FE, you'll like want a hierarchal policy.
e.g.
policy-map EGRESS_SHAPE
class class-default
service-policy EGRESS
shape average 5000000
(apply this policy to interface instead)
03-08-2012 02:38 AM
I'm aware that simulator vary on actual device especially with the IOS installed on it.
but with this. it will help me with the goal i want to attain. if i could make this work. all left with me to do access-list blocking like p2p and other bandwidth hog protocols.
the main concern is with the outbound traffic going to different locations.
will give feedback anytime once i got this working with a simulator. GNS3 would be a better option.
thank you for now.
03-08-2012 02:44 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If your targeted IOS support HQF, I would also suggest adding fair-queue to each class queue.
If your IOS is pre-HQF, you policy might not be accepted with your bandwidth settings since the total beyond 75% (excluding default). Either using smaller percentages (as I did earlier - ratios will still be preserved) or you'll need to change reserved bandwidth on interface.
03-08-2012 03:05 AM
for 1841 router. what IOS should be installed to support all your suggestions? im not familiar with IOS capability all i know enterprise has it all.
03-08-2012 04:14 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Assuming its supported for the 1841, recall HQF is 12.4(20)T or later; any feature set.
03-11-2012 05:47 AM
Hello Joseph,
current version of the 1841 router im using is
Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(17b)
Unknown exactly what your simulator will support, i.e. what I might suggest might not be accepted on it. Also, even with real routers, features can vary, i.e. also again what I might suggest might not be accepted on your actual router. Lastly, I'm not at a real router, at the moment, to verify syntax. All that noted, something like:ip access-list extended OFFICE
permit ip 192.168.0.1 0.0.0.255 any
class-map match-all OFFICE
match access-group OFFICE
(similar for other networks)
interface serial0/1/0 (or whatever interface you'll be using to isp)
service-policy output EGRESS
PS:
If hand-off will be FE, you'll like want a hierarchal policy.
e.g.
policy-map EGRESS_SHAPE
class class-default
service-policy EGRESS
shape average 5000000
(apply this policy to interface instead)
I wasn't able to apply the highlighted part...
current config as follows:
i got this error
Router(config-cmap)#match access-group OFFICE
^
% Invalid input detected at '^' marker.
current config:
class-map match-all OFFICE
description ** Office Network **
class-map match-all LABORATORY
description ** Laboratory Network **
class-map match-all WIFI
description ** Public Network **
!
!
policy-map EGRESS
class OFFICE
bandwidth percent 20
shape average 2000000
class LABORATORY
bandwidth percent 20
shape average 2000000
class WIFI
bandwidth percent 10
shape average 1000000
!
!
!
interface FastEthernet0/0
description *** LAN to OFFICE ***
ip address 192.168.0.1 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
description *** LAN to LABORATORY ***
ip address 192.168.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0/0
description *** WAN to ISP ***
ip address 212.115.130.140 255.255.255.0
clock rate 2000000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 212.115.130.13
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended LABORATORY
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended OFFICE
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended WIFI
permit ip 192.168.2.0 0.0.0.255 any
!
I lack 1FE port on actual device
03-11-2012 06:03 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Try:
class-map match-all OFFICE
match access-group name OFFICE
You should be able to apply policy to your serial.
Unless you have a really need to restrict outbound usage per class, remove the child class shapers. The CBWFQ policy will insure each class gets its minimum proportion of bandwidth, but they can use more if its available (i.e. not being used by your other classes).
PS:
Since your simulator is pre-HQF, I would just shape for your aggregate. This will enable WFQ for all flows.
03-11-2012 06:15 AM
Try:
class-map match-all OFFICE
match access-group name OFFICE
You should be able to apply policy to your serial.
i was missing a syntax.
Unless you have a really need to restrict outbound usage per class, remove the child class shapers. The CBWFQ policy will insure each class gets its minimum proportion of bandwidth, but they can use more if its available (i.e. not being used by your other classes).
All need to restrict is Download bandwidth from WAN to LAN(either OFFICE/LAB/WIFI), while Upload bandwidth will be maximized by OFFICE only(if possible to config this)
will i remove the shaping from the config?
PS:
Since your simulator is pre-HQF, I would just shape for your aggregate. This will enable WFQ for all flows.
how would i "shape for aggregate?"
QOS really confused me alot....
current config:
!
class-map match-all OFFICE
description ** Office Network **
match access-group name OFFICE
class-map match-all LABORATORY
description ** Laboratory Network **
match access-group name LABORATORY
class-map match-all WIFI
description ** Public Network **
match access-group name WIFI
!
!
policy-map EGRESS
class OFFICE
bandwidth percent 20
shape average 2000000
class LABORATORY
bandwidth percent 20
shape average 2000000
class WIFI
bandwidth percent 10
shape average 1000000
policy-map EGRESS_SHAPE
class class-default
shape average 5000000
service-policy EGRESS
!
!
!
interface FastEthernet0/0
description *** LAN to OFFICE ***
ip address 192.168.0.1 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
description *** LAN to LABORATORY ***
ip address 192.168.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0/0
ip address 212.115.130.140 255.255.255.0
clock rate 2000000
service-policy output EGRESS
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 212.115.130.13
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended LABORATORY
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended OFFICE
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended WIFI
permit ip 192.168.2.0 0.0.0.255 any
!
03-11-2012 04:49 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
All need to restrict is Download bandwidth from WAN to LAN(either OFFICE/LAB/WIFI), while Upload bandwidth will be maximized by OFFICE only(if possible to config this)will i remove the shaping from the config?
Download is difficult to correctly restrict. For upload, you need the shaper if working with less than full interface bandwidth.
how would i "shape for aggregate?"
policy-map EGRESS_SHAPE
class class-default
shape average 5000000
03-11-2012 05:50 PM
Posting
All need to restrict is Download bandwidth from WAN to LAN(either OFFICE/LAB/WIFI), while Upload bandwidth will be maximized by OFFICE only(if possible to config this)will i remove the shaping from the config?
Download is difficult to correctly restrict. For upload, you need the shaper if working with less than full interface bandwidth.
Do the Current config will work?
to what interface will I put the EGRESS_SHAPE?
!
class-map match-all OFFICE
description ** Office Network **
match access-group name OFFICE
class-map match-all LABORATORY
description ** Laboratory Network **
match access-group name LABORATORY
class-map match-all WIFI
description ** Public Network **
match access-group name WIFI
!
!
policy-map EGRESS
class OFFICE
bandwidth percent 20
shape average 2000000
class LABORATORY
bandwidth percent 20
shape average 2000000
class WIFI
bandwidth percent 10
shape average 1000000
policy-map EGRESS_SHAPE
class class-default
shape average 5000000
service-policy EGRESS
!
!
!
interface FastEthernet0/0
description *** LAN to OFFICE ***
ip address 192.168.0.1 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
description *** LAN to LABORATORY ***
ip address 192.168.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0/0
ip address 212.115.130.140 255.255.255.0
clock rate 2000000
service-policy output EGRESS
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 212.115.130.13
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended LABORATORY
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended OFFICE
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended WIFI
permit ip 192.168.2.0 0.0.0.255 any
!
Thank you
03-12-2012 02:13 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Carl Alfred Gumapas wrote:
Do the Current config will work?
It should, although I suggest this as better:
policy-map EGRESS
class OFFICE
bandwidth percent 20
class LABORATORY
bandwidth percent 20
class WIFI
bandwidth percent 10
policy-map EGRESS_SHAPE
class class-default
shape average 5000000
service-policy EGRESS
interface x
service-policy output EGRESS_SHAPE
Carl Alfred Gumapas wrote:
to what interface will I put the EGRESS_SHAPE?
Your WAN interface.
03-07-2012 12:50 PM
You want CBWFQ for outbound traffic (shaping) and policing for inbound traffic. Policing is described in further detail:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftpoli.html#wp1019755
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide