Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
975
Views
0
Helpful
2
Replies

Internet router with NAT and control bandwidth limit

Go to solution
ssweehinlew
Level 1
Level 1

‎02-10-2015 12:52 AM - edited ‎03-05-2019 12:45 AM

I would like to control the bandwidth limit from the router interface with policy map. But, it does not work. Below is the configuration. Please help me to take a look. I suspect it is due to the NAT setting cause the bandwidth limit does not work. If I remove the NAT, users with that subnet will not be able to access internet. 


class-map match-all subnet-a
 match access-group 101

 policy-map physical
 class subnet-a
   police 1200000 8000000 conform-action transmit  exceed-action drop 

interface FastEthernet0/0
 ip address 10.1.3.254 255.255.255.0
 ip nat inside
 speed auto
 full-duplex
 service-policy input physical
 service-policy output physical
!
interface FastEthernet0/1
 ip address 192.168.2.29 255.255.255.0
 ip nat outside
 duplex auto
 speed auto

ip route 0.0.0.0 0.0.0.0 192.168.2.1 permanent
ip nat inside source list 101 interface FastEthernet0/1 overload
access-list 101 permit ip 10.1.3.0 0.0.0.255 any

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jose Jara
Level 3
Level 3

‎02-10-2015 06:46 AM

Hi,

The inbound traffic - the traffic coming to the interface - will be policed as the class-map is matching traffic sourced from 10.1.3.X range. On the other hand, for the outbound traffic - the outgoing traffic from the interface - will not be policed as the class-map is matching traffic sourced from 10.1.3.X range and this is the destination instead the source.

So, for this to work you must create another class-map matching the traffic destined to 10.1.3.X, then create another policy-map and apply it to the interface with service-policy output. Another option would be to match all the traffic coming from interface Fa0/1 with match input-interface in the class-map and in this way you do not have to create another ACL.

Hope this helps,

Jose.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jose Jara
Level 3
Level 3

‎02-10-2015 06:46 AM

Hi,

The inbound traffic - the traffic coming to the interface - will be policed as the class-map is matching traffic sourced from 10.1.3.X range. On the other hand, for the outbound traffic - the outgoing traffic from the interface - will not be policed as the class-map is matching traffic sourced from 10.1.3.X range and this is the destination instead the source.

So, for this to work you must create another class-map matching the traffic destined to 10.1.3.X, then create another policy-map and apply it to the interface with service-policy output. Another option would be to match all the traffic coming from interface Fa0/1 with match input-interface in the class-map and in this way you do not have to create another ACL.

Hope this helps,

Jose.

0 Helpful

Go to solution
ssweehinlew
Level 1
Level 1

‎02-10-2015 11:27 PM

Thanks. It is working fine now.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card