02-03-2014 09:01 AM - edited 03-04-2019 10:14 PM
I want to rate limit a specific public ip address on a sub-interface (VLAN 100) to 500k of it so that the group of people in that VLAN 100 do not suck up all bandwidth with cloudsync. So, couple questions.
Question 1:
CloudSync has one public IP address let's say 1.1.1.1 How do I limit traffic going out to my ISP to allowing only 500k on it? It's only for a specific group of people. Say VLAN 100. Would I limit it on just that sub-interface?
Would this be what I need to put?
int gig 0/0.100
rate-limit input access-group 125 496000 20000 40000 conform-action transmit exceed-action drop
rate-limit output access-group 125 496000 20000 40000 conform-action transmit exceed-action drop
access list 125 permit ip 1.1.1.1 0.0.0.0 any
2nd question:
Let's say the same scenario but I want to limit box.com, which has a multitude of ip addresses.
From box support site -- To enable Box.com and the Box Sync product, the new IP addresses that should be allowed are 173.236.154.8 and 209.249.140.0/24.
int gig 0/0.100
rate-limit input access-group 125 496000 20000 40000 conform-action transmit exceed-action drop
rate-limit output access-group 125 496000 20000 40000 conform-action transmit exceed-action drop
access list 125 permit ip 173.236.154.8 0.0.0.0 any
access list 125 permit ip 209.249.140.0 0.0.0.255 any
02-03-2014 09:34 AM
Dawn,
Would this be what I need to put?
int gig 0/0.100
rate-limit input access-group 125 496000 20000 40000 conform-action transmit exceed-action drop
rate-limit output access-group 125 496000 20000 40000 conform-action transmit exceed-action drop
access list 125 permit ip 1.1.1.1 0.0.0.0 any
Your acl would be good for input, but for output, you'd want to have another acl matching anything going to 1.1.1.1/32.
access-list 126 permit ip any host 1.1.1.1
Same thing for question number 2.
HTH,
John
*** Please rate all useful posts ***
02-04-2014 08:14 AM
Like this?
access-list 125 permit ip any host 191.1.1.1
access-list 125 permit ip host 191.1.1.1 any
02-04-2014 08:24 AM
I only seem to be matching packets in one direction.
C2821#show interfaces rate-limit
GigabitEthernet0/0.250 connected to LA
Input
matches: access-group 125
params: 496000 bps, 20000 limit, 40000 extended limit
conformed 23567 packets, 1668671 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
last packet: 28ms ago, current burst: 0 bytes
last cleared 00:14:29 ago, conformed 15000 bps, exceeded 0 bps
Output
matches: access-group 125
params: 496000 bps, 20000 limit, 40000 extended limit
conformed 36617 packets, 51847319 bytes; action: transmit
exceeded 2882 packets, 4090875 bytes; action: drop
last packet: 28ms ago, current burst: 18124 bytes
last cleared 00:14:29 ago, conformed 477000 bps, exceeded 37000 bps
02-04-2014 09:40 AM
It looks like you're seeing traffic in both directions to me:
Input
matches: access-group 125
params: 496000 bps, 20000 limit, 40000 extended limit
conformed 23567 packets, 1668671 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
last packet: 28ms ago, current burst: 0 bytes
last cleared 00:14:29 ago, conformed 15000 bps, exceeded 0 bps
Output
matches: access-group 125
params: 496000 bps, 20000 limit, 40000 extended limit
conformed 36617 packets, 51847319 bytes; action: transmit
exceeded 2882 packets, 4090875 bytes; action: drop
last packet: 28ms ago, current burst: 18124 bytes
last cleared 00:14:29 ago, conformed 477000 bps, exceeded 37000 bps
HTH,
John
*** Please rate all useful posts ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide