cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1265
Views
5
Helpful
1
Replies

Need to restrict / control inbound traffic on WAN

anandramapathy
Level 3
Level 3

Hi Gurus,

Please refer the Diagram.  The WAN is on MPLS.  WAAS is deployed in all sites.

The problem -

When a couple of users at any office initiate inbound FTP or Inbound Windows File copy from any other office , the utilization on the WAN link for that office goes to 100 %.

Due to this simple WAN traffic like RDP, VDM access, telnet SSH etc gets affected.

( I am not sure if this is due WAAS, which is probably accelerating the speed of Transfer to choke the Bandwidth)

Solution Required -

A)

I need to Restrict / control FTP & file transfer to 30 % of the WAN bandwidth.

Example for Site A the maximum inbound bandwidth available for FTP & Windows File copy should be 3 Mb.

B)

I need to prioritise / reserve 10 % of the traffic for RDP, VDM SSH telnet traffic

How do i do this ?

I tried the following but looks like it is application only for outbound traffic. I do not want to apply any restriction on other offices router.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ip access-list extended filecopy
permit tcp any any eq 445

permit tcp any any eq 20

permit tcp any any eq 21

ip access-list extended Critical

permit tcp any any eq 3389

permit tcp any any eq 23

permit tcp any any eq 22

class-map match-any Critical
match access-group name Critical_ACL

class-map match-any filecopy
match access-group name filecopy
class-map match-any AutoQoS-VoIP-RTP
match ip dscp ef
class-map match-any Video
match ip dscp af41
class-map match-any AutoQoS-VoIP-Control
match ip dscp cs3
match ip dscp af31
!
!
policy-map QoS-Policy
class AutoQoS-VoIP-RTP
  priority percent 25

class Priority

Priority percent 10
class AutoQoS-VoIP-Control
  bandwidth percent 15
class Video
  bandwidth percent 25
class filecopy
police 4000000
class class-default
  fair-queue
  random-detect


interface GigabitEthernet0/1
description WAN Link
bandwidth 10240
ip address 1.1.1.1 255.255.255.252
ip route-cache flow
load-interval 30
duplex full
speed 100
media-type rj45
no negotiation auto
no cdp enable
service-policy output QoS-Policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1 Accepted Solution

Accepted Solutions

shersmit
Level 1
Level 1

If the customer wishes to restrict/prioritize traffic in an INBOUND direction on the WAN link, then they need to setup the QoS restrictions in an OUTBOUND direction on the router on the opposite end of the WAN link.

View solution in original post

1 Reply 1

shersmit
Level 1
Level 1

If the customer wishes to restrict/prioritize traffic in an INBOUND direction on the WAN link, then they need to setup the QoS restrictions in an OUTBOUND direction on the router on the opposite end of the WAN link.

Review Cisco Networking for a $25 gift card