Hi,

I am doing the shaping for the download traffic towards the LAN facing clients

that's why its 

ip access-list extended PRIORITY_ACL_DOWNLOAD
 permit ip any host 192.168.1.200

which means source is anything but destination is known to be my LAN clients and that would be their download traffic.

what you think!

Hello,

as far as I know, you cannot shape ingress traffic, you can only police it, as Paul has suggested.

Yes you are right. But clearly see as per my config the shaper is definately outbound but not towards WAN but towards the clients (LAN).

For DOWNLOAD Stream (see arrow direction)

Client (192.168.1.20)<-------[3750-X]<-------(<<outbound shaper for download at G0/2 for clients )[c2911]<--------Internet

In ACLs, I am matching on the destination address of the outgoing packet to be classified. That is why you do not see any keyword in the end!

Please also review my config I pasted above.

OR

please suggest what should i do to accomplish the goal of prioritizing the download/upload traffic for PRIORITY Internet users (with an example :)).

NOTE: My question is similar to the below post but in my case I do not see the PRIORITY working, suppose I say 192.168.2.250 and 192.168.2.100 both downloading a file and as 192.168.2.250 is in PRIORITY_ACL_DOWNLOAD it must get 15000kbps of bandwidth alone leaving rest for 192.168.2.100, but i do not see policy working this way.

https://supportforums.cisco.com/discussion/10956426/limiting-bandwidth-cisco-router-possible-1800-series

NOTE: My question is similar to the below post but in my case I do not see the PRIORITY working . . .

Again, I've already posted what you're doing will be ineffective, and why that's so.

To recap that, if your ingress is physically limited to some bandwidth, and downstream of that bandwidth you shape a higher bandwidth port for the same bandwidth as the upstream supports, the shaper won't queue any traffic, and if no traffic is queued, there's nothing to prioritize.

If you wanted to see your shaper do "something", shape slower than your 16 Mbps.  Then you should be able to see some traffic getting priority.  However, doing this, you've only mostly held back your non-priority traffic.  If you queue enough of your non-priority traffic that it starts to drop packets, depending on the nature of that traffic, it may slow its transmission rate allowing more bandwidth, upstream, for your priority traffic.

As noted above, if some traffic "sees" drops, it may slow its transmission rate.  So you might also police inbound non-priority traffic trying to keep bandwidth available for your priority traffic.  Likewise, some traffic, for example, TCP, will also slow it's transmission rate if you slow its returning ACKs.  Both of these approaches aren't very dynamic regarding the needs of the priority traffic.  You may not preserve enough bandwidth for your priority traffic and/or allow bandwidth to go unused.

Where you really want your inbound QoS policy is on the service provider's egress port, unfortunately most service providers will not support/allow this.

Trying to manage ingress bandwidth, at the receiving end, can be very difficult especially if only using router QoS features.  "Special" dedicated traffic shaping appliances can do much more, but even they are not 100% effective in all cases.  However, if you really need to better manage ingress bandwidth, and your service provider won't provide QoS on their end of the link, that's likely your most effective option.

Joseph,

Thanks for the reply.

Can you please tell me a way i achieve the result? that is prioritizing the download traffic for some specific users based on ACL.

I shall be thankfull to you!

Any One////////////

Hello,

replace the 'priority' with 'police'. 

policy-map MBSD
 class PRIORITY_DOWNLOAD
  police 15000000

policy-map MBS_DOWNLOAD
class class-default
 police 16000000

Once you have changed those settings, do you get any matches when you do a 'show policy-map interface' ?

Yes ...but How can I be sure that PRIORITY USER is being preferred first.

One more thing.. do i need to put the non-priority users in police too!

Hello,

I would simplify the policy and just use the priority download class:

class-map match-all PRIORITY_DOWNLOAD
 match access-group name PRIORITY_ACL_DOWNLOAD

policy-map MBSD
 class PRIORITY_DOWNLOAD
  priority 15000000
 class class-default

Hello

Dont forget
class-map match-ANY PRIORITY_DOWNLOAD

res
Paul

class-map match-any PRIORITY_DOWNLOAD
 match access-group name PRIORITY_ACL_DOWNLOAD

policy-map MBSD
 class PRIORITY_DOWNLOAD
  priority 15000
 class class-default

..............Still the bandwidth is divided into half, if both (Priority and Non_priority) aggressively try downloading some file from Internet.

This is so frustrating.....:(

Hello,

I am wondering if the policy should be configured inbound instead of outbound. From the point of view of the interface, you are prioritizing inbound traffic

So try:

service-policy input MBS_DOWNLOAD