10-09-2012 04:04 AM - edited 03-07-2019 09:21 AM
Hi Experts,
This is existing network diagram and find attached file for configuration of Router and L3 Switch:
ISP provided 6 Mbps internet access link with ethernet Handoff which is terminated over Cisco 1841.
ISP also provided pool of 30 Public ip's 125.63.74.33 /27 , range from 125.63.74.34 to 125.63.74.62.
In my current setup, all Inside to ouside traffic going out through 125.63.74.34 public ip
because this public-ip NAT overload with Router F0/1 interface.
1) I want to divide 6 Mbps link physically into three parts 2Mbps, 2Mbps, 2Mbps for three VLANs.
2) I want to also configure each vlan IN/OUT traffic with different Public ip. is it possible or not ?
Vlan2 = 172.25.162.0 /24 => Inside to outside / Outside to inside traffic through 125.63.74.40
Vlan3 = 172.25.163.0 /24 => Inside to outside / Outside to inside traffic through 125.63.74.41
Vlan4 = 172.25 164.0 /24 => Inside to outside / Outside to inside traffic through 125.63.74.42
How can i configure above desired setup with CBWFQ, plz send me sample configuration.
Solved! Go to Solution.
10-11-2012 02:05 AM
Dear Giuseppe,
Again thnx you so much for your Best Suggestions........................
KS
10-11-2012 04:03 AM
Hi Giuseppe,
I forgot to ask one thing is that: If i have Network like given below
diagram with two different ISP wan link and i want to do Static NAT
of Internal same private ip "172.25.162.100" with public ip of
each ISP on Router like in this way:
ip nat inside source static 172.25.162.100 125.63.74.40
ip nat inside source static 172.25.162.100 78.55.66.23
is it possible ???
10-11-2012 06:33 AM
Hello Kuldeep,
I think that the NAT static statements have to be modified using route-maps.
I suppose WAN1 is the interface to ISP1 and WAN2 the interface to ISP2
access-list 112 permit ip host 172.25.162.100 any
access-list 113 permit ip host 172.25.162.100 any
route-map ISP1 permit 10
match ip address 112
match interface WAN1
route-map ISP2 permit 10
match ip address 113
match interface WAN2
ip nat inside source static 172.25.162.100 125.63.74.40 route-map ISP1
ip nat inside source static 172.25.162.100 78.55.66.23 route-map ISP2
see
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html
Hope to help
Giuseppe
10-11-2012 11:53 PM
Hi Giuseppe,
These two command are not working on router as u sent me in this post,
plz check syntax once:
class-map VLAN2
match address 72
class-map VLAN3
match address 73
Plz send me Knowledge-base URL for "Policy-map" and "Match" commands.
10-12-2012 02:50 AM
Hello Kuldeep,
I'm sorry I have confused the syntax of route-maps with that of class-maps. As you see it is easy to make errors in preparing a configuration template.
The right command syntax should be the following
class-map VLAN2
match access-group 72
class-map VLAN3
match access-group 73
A link to QoS configuration guide chapter about classifying traffic.
see Table 1 for all the possible match commands in class map configuration, but notice that the real command is match access-group to invoke an IP ACL within a class-map
A link to CBWFQ configuration guide
Hierarchical QoS framework
Edit:
I have also modified the original previous post
Hope to help
Giuseppe
10-12-2012 04:21 AM
Hi Giuseppe,
I have some Queries:
1) is CBWFQ supports only Ingress bandwidth or both ( Ingress + Egress) ??
2) is PBR supports only Igress bandwidth or both (Ingress + Egress) ??
3) We have heard it many times that Web server is very slow.
Assume that i have one web server and i want to allocate
dedicated 5 mbps speed to web-server so that it can fastly
accessible from outside. Is it possible ??
Second thing, is it concept of Egress BW ?
10-12-2012 05:50 AM
Hello Kuldeep,
1) CBFWQ is supported only in EGRESS outbound direction
2) PBR is supported only inbound INGRESS, that is applied to the interface receiving the packets to be policy based routed. PBR provides different routing is not a QoS tool by itself, it may be part of a QoS strategy.
3)
You can provide a better treatment to the server in the direction server ---> internet that is the egress direction of your WAN router.
For example the SCHEDULER child CBWFQ policy described in previous posts can be modified with a traffic class dedicated to traffic originated from the web server to the internet giving it a portion of total traffic.
The direction is egress outbound only. You cannot control what happens in the opposite direction from ISP to your router.
Hope to help
Giuseppe
10-12-2012 06:39 AM
Hi Giuseppe,
3) Actually my question is to increase performance of web server website.
Suppose any outside person have 512 kbps internet connection at
their home and who are accessing my company website and facing
slowness problem but i have 5 Mbps internet connection in Company.
I want to know that what shall i do to open office website quickly
from anywhere. What i will do in this case=>
1) Need to alot fixed speed of 3 Mbps ( from total 5mbps) to web server
ip address in company/office.I think it is not possible bcoz
It does not make sense ?
OR
2) whether i should suggest the person to upgrade internet speed from
512 kbps to more?
Note: here any person is not part of my Network, just imagine that
somebody access website from Cyber cafe or Home...
10-12-2012 08:58 AM
Hello Kuldeep,
3) it is not possible to understand what the issue is from "general slowness complain"
Be aware that the issue may be at an higher level then networking, including the TCP window and other application level aspects.
Different people may connect to the internet using different types of services that are not under your control.
1)
As i wrote before you can have a traffic class dedicated to the SCHEDULER that will use at least 3 Mbps when total traffic is 5 Mbps in egress direction.
Have the web server NATTED with a static NAT to a specific public IP (this is already done I guess) and create a class matching on that IP address as source address. Assign 3 Mbps to this new class and lower the bandwidth of class VLAN2 and class VLAN3 to 500 kbps each. Insert the class WEBSERV into the SCHEDULER policy map.
This is the only reasonable attempt you can do
2) internet speed of a remote user is out of your control you may suggest an upgrade.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: