I mean University X Clinet ?
and you mean with central site router The Core Router (Co-location router //see my topology) ? or One of the university x
Because i see this setting should applied to my core router ?
Notes : not all univerisy use Cisco router we shoud take care with these university .
Please amendment to the configuration so that everything is clear to me (configuration
previously has been added)
I am not good in english
central site router = Core router
NAT is needed in one place: or you do it on Core router or you do it in each client site/university.
Client site with indipendent internet access will have a static default route pointing to the interface with public IP address instead of pointing to GRE tunnel.
WARNING: my statements are suggestions you need to understand NAT in order to be able to achieve this.
Hope to help
i hope you are fine
you know i have 25MBPS (Link Speed via VPN) for each university
All universities communicate with each other as internal network
25 * 12 = 300 MBPS (INTERNAL TRAFFIC)
and the policy applied to interface that connect all university (GigabitEthernet0/1)
the internet came on interface (GigabitEthernet0/2)
my problem :
i think this policy not working as I expect (the internal and extenal traffic limited to 34 MBPS )
I need the internal network working without any problems and without limitation on link speed
the Internet only limited to each university
i think the policy should applied to interface ---> internet (GigabitEthernet0/2)
please i need your advise ?
class-map match-all Class_144
match access-group 144
class-map match-all Class_132
match access-group 132
class-map match-all Class_120
match access-group 120
class-map match-all Class_112
match access-group 112
class-map match-all Class_104
match access-group 104
class-map match-all Class_140
match access-group 140
class-map match-all Class_136
match access-group 136
class-map match-all Class_124
match access-group 124
class-map match-all Class_116
match access-group 116
class-map match-all Class_108
match access-group 108
class-map match-all Class_128
match access-group 128
class-map match-all Class_148
match access-group 148
shape average 34816000
ip address 172.25.90.2 255.255.255.0
service-policy output Egress
access-list 104 permit ip any 172.25.90.4 0.0.0.3
access-list 108 permit ip any 172.25.90.8 0.0.0.3
access-list 112 permit ip any 172.25.90.12 0.0.0.3
access-list 116 permit ip any 172.25.90.16 0.0.0.3
access-list 120 permit ip any 172.25.90.20 0.0.0.3
access-list 124 permit ip any 172.25.90.24 0.0.0.3
access-list 128 permit ip any 172.25.90.28 0.0.0.3
access-list 132 permit ip any 172.25.90.32 0.0.0.3
access-list 136 permit ip any 172.25.90.36 0.0.0.3
access-list 140 permit ip any 172.25.90.40 0.0.0.3
access-list 144 permit ip any 172.25.90.44 0.0.0.3
access-list 148 permit ip any 172.25.90.48 0.0.0.3
I agree that the internet facing interface would be the interface to apply the QoS policy but you control only the upstream direction not the downstream direction.
By applying the policy map to the internet facing interface you would control the upstream direction of traffic from universities to the internet, that is lower in traffic volume and not the traffic from internet to the universities.
Actually the downstream direction is not under your control.
On the other hand, if the policy would be able to discriminate between traffic coming from internet and traffic between universities, it could be applied outbound on the interface towards the universities and would control the downstream direction from the internet.
Traffic between universities travel on GRE tunnels making difficult to discriminate.
There is a special command for these cases that is qos pre-classify to be configured on all tunnel interfaces. It should allow the router to examine the traffic before GRE encapsulation.
The only doubt I have is if the service policy should be applied to each tunnel interface to take advantage of the qos pre-classify command.
A totally different configuration of the policy map would be needed.
At this point a different policy map for each GRE Tunnel would be needed using two traffic classes on each.
access-list 181 deny ip 10.0.0.0 0.255.255.255 10.0.k.0 0.0.255.255
access-list 181 permit ip any 10.0.k.0 0.0.255.255
match access-group 181
shape average 2900000
interface tunnel K
description to university K
service-policy output TO-UNI-K
Hope to help
Tired of all this
I Need something simple to apply on my router .
i need to know how ISP COMPANY Limit Traffic ?
you know I have 34meg internet i need to distribute to 12 university without effect internal traffic . (Traffic base idle use )
All branch = 34/12 =2.8 MEG
BUT when one branch not using internet
All branch = 34/11 =3 MEG
12 branch exchange data internaly with all the line speed (25meg vpn) but when the brancj need to use internet () traffic policy must applied to use the quota .