Solved: Re: Rate limiting multiple mac addresses

slerbeton79 · ‎01-04-2011

Hello I am trying to rate limit specific computers on my network and since all pc's are DHCP I would need to use the mac address of each specific pc.

on

access lists are:

access-list rate-limit 101 0026.9e6b.d87b
access-list rate-limit 102 0003.7f8e.a82d
access-list rate-limit 103 e0cb.4e54.82bf

on WAN facing interface i have the commands:

rate-limit input access-group rate-limit 101 16000 30000 35000 conform-action transmit exceed-action drop
rate-limit input access-group rate-limit 102 16000 30000 35000 conform-action transmit exceed-action drop
rate-limit input access-group rate-limit 103 16000 30000 35000 conform-action transmit exceed-action drop

But with this none of the these 3 mac address are being rate-limited

any ideas?

Jigar Dave · ‎01-05-2011

Hello Sheldon,

You can try this.

you have already created ACL and put them in Access-group right

1. now create class-map and match these ACL in it.
2. then create one policy map and attach those class-maps in policy map

3. then apply these class map as service policy on your outer interface.

example

access-list rate-limit 101 0026.9e6b.d87b - this is ACL

rate-limit input access-group rate-limit 101 16000 30000 35000 conform-action transmit exceed-action drop - this is access-group

class-map match-any MACADDR_CLASSMAP
match access-group 101

policy-map MACADDR_POLICYMAP
class MACADDR_CLASSMAP

int fa0/1
duplex-full
speed 100
service-policy output/input MACADDR_POLICYMAP - direction is as per your design

by creating policy map you can combine several access-group on same interface.

Hope this helps.

Jigar

View solution in original post

Jigar Dave · ‎01-04-2011

where have you applied access-group command on interface ( inside of interface or outside of interface), can you share config? that would help a lot.

- Jigar

slerbeton79 · ‎01-05-2011

Actually when looking up rate-limit command using mac address I found that it only accepts one entry, and if multiple entries are found as in my config only the first one works. Since I have only 3 clients that I needed to reduce bandwidth I have given them a static binding then rate-limited by their IP address.

THanks for your help though.

Jigar Dave · ‎01-05-2011

Hello Sheldon,

You can try this.

you have already created ACL and put them in Access-group right

1. now create class-map and match these ACL in it.
2. then create one policy map and attach those class-maps in policy map

3. then apply these class map as service policy on your outer interface.

example

access-list rate-limit 101 0026.9e6b.d87b - this is ACL

rate-limit input access-group rate-limit 101 16000 30000 35000 conform-action transmit exceed-action drop - this is access-group

class-map match-any MACADDR_CLASSMAP
match access-group 101

policy-map MACADDR_POLICYMAP
class MACADDR_CLASSMAP

int fa0/1
duplex-full
speed 100
service-policy output/input MACADDR_POLICYMAP - direction is as per your design

by creating policy map you can combine several access-group on same interface.

Hope this helps.

Jigar

slerbeton79 · ‎01-06-2011

Hello Dave, I am about to to try this, in your example, to add all three mac addresses under the:

"class-map match-any MACADDR_CLASSMAP
match access-group 101"

would I do this to add remaining two

class-map match-any MACADDR_CLASSMAP
match access-group 101

match access-group 102

match access-group 103

Jigar Dave · ‎01-06-2011

Hi,

Yes, you can, please try and let us know the results.

- Jigar