08-03-2017 11:37 AM - edited 03-08-2019 11:36 AM
Hi folks,
I have a problem with bandwidth limitation on a Cisco 1841 Router. The thing is that I need to limit the internet bandwidth with class and policy maps in my 1841 but it's not working... when I check my Cacti (monitoring system) it shows 1841 is using more than 2 Mbps, when apparently I limited to 1 Mbps. Here's is my configuration:
Building configuration...
Current configuration : 2548 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname IntRegManzanas
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$r/qO$L.tQ0JnkA
enable password 7 1511021
!
aaa new-model
!
!
aaa authentication login default local
!
!
aaa session-id common
clock timezone MX -6
clock summer-time MX recurring
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool REDINTERNA
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 189.194.28.161 200.52.167.161
!
!
ip domain name somosggl.com
!
multilink bundle-name authenticated
!
!
!
!
username gaspar privilege 15 password 7 094B4F1A0
username extra privilege 15 password 7 10692E3500
archive
log config
hidekeys
!
!
!
!
ip ssh version 2
!
class-map match-all CLASS1M
match access-group name ACL1M
!
!
policy-map POLICE1M
class CLASS1M
police cir 1000000 bc 187500 pir 1000000
!
!
!
!
interface FastEthernet0/0
description *** Externa ***
ip address 10.227.225.33 255.255.252.0
ip nat outside
ip virtual-reassembly
rate-limit input 1000000 187500 375000 conform-action transmit exceed-action drop
rate-limit output 1000000 187500 375000 conform-action transmit exceed-action drop
duplex auto
speed auto
!
interface FastEthernet0/1
description *** Interna ***
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
service-policy output POLICE1M
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.227.224.1
!
!
ip http server
no ip http secure-server
ip nat inside source list 110 interface FastEthernet0/0 overload
!
ip access-list standard ELCACTI
permit 10.227.224.11
deny any
!
ip access-list extended ACL1M
deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
!
logging 10.227.224.11
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
snmp-server community ******** RO ELCACTI
snmp-server location Canatlan
snmp-server contact Irma Mtz
!
!
!
!
!
!
control-plane
!
!
banner login ^C
*******************************
*******************************
Acceso restringido
Solo personal autorizado
*******************************
*******************************
^C
!
line con 0
password 7 040F5D515
logging synchronous
line aux 0
line vty 0 4
password 7 040F5D515
logging synchronous
transport input all
!
scheduler allocate 20000 1000
end
Can somebody help me please??
Thanks in advence. BR.
08-10-2017 02:23 PM
now I've got this:
IntRegManzanas#show policy-map interface FastEthernet0/1
FastEthernet0/1
Service-policy input: POLICE1M
Class-map: CLASS1M (match-any)
56691 packets, 5508977 bytes
5 minute offered rate 39000 bps, drop rate 0 bps
Match: access-group name ACL1M
56691 packets, 5508977 bytes
5 minute rate 39000 bps
police:
cir 1000000 bps, bc 31250 bytes
conformed 56683 packets, 5499708 bytes; actions:
transmit
exceeded 8 packets, 9269 bytes; actions:
drop
conformed 16000 bps, exceed 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
I'll keep watching bandwidth...
08-10-2017 02:27 PM
That looks better. Now nothing matches the default class, which is good.
Curious to see what happens to the bandwidth utilization...
08-10-2017 02:47 PM
sorry, still no luck...
bandwidth goes to 2 Mbps almost.
I'll apply the service policy outbound on FastEthernet0/0 to see what happens
Thanks.
08-05-2017 11:39 AM
didn't work my friend, today client reached 2.74 Mbps....
08-05-2017 12:15 PM
Hello,
what do you have configured, both the rate limiting and the service policy ?
Can you post the output of 'show policy-map interface FastEthernet0/1
?
08-05-2017 02:13 PM
hi,
IntRegManzanas#show policy-map interface FastEthernet0/1
FastEthernet0/1
Service-policy output: POLICE1M
Class-map: CLASS1M (match-all)
4 packets, 1368 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name ACL1M
police:
cir 1000000 bps, bc 8000 bytes
pir 1000000 bps, be 31250 bytes
conformed 4 packets, 1368 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
3797153 packets, 3701670310 bytes
5 minute offered rate 764000 bps, drop rate 0 bps
Match: any
and have this configure:
policy-map POLICE1M
class CLASS1M
police cir 1000000 bc 8000 pir 1000000
!
!
!
!
interface FastEthernet0/0
description *** Externa ***
ip address 10.227.225.33 255.255.252.0
ip nat outside
ip virtual-reassembly
rate-limit input 1000000 8000 8000 conform-action transmit exceed-action drop
rate-limit output 1000000 8000 8000 conform-action transmit exceed-action drop
duplex auto
speed auto
!
interface FastEthernet0/1
description *** Interna ***
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
service-policy output POLICE1M
Thanks!!
08-07-2017 09:29 AM
Hello
Personally i wouldn't apply CB policing and Custom rate-limiting together, I would suggest apply CB policing ingress on your rtr Lan facing interface and CB shaping egress on your wan facing interface.
This example is just matching on any traffic and limiting it to 1mb
Lan Ingress
access-list 100 permit ip any any
class-map match-any Police_cm
match ip address 100
Policy-Map Police _lan_pm
class Police_cm
police 10240000 32000conform-action transmit
exceed-action drop
Int x/x
description Lan_facing_interface
service-policy input Police _lan_pm
Wan Egress
policy-map Wan_Child
class-class default
fair queue
policy-map Wan_Parent
class-class default
shape average 1024000 128000
service-policy Wan_Child
Int x/x
description Wan_facing_interface
service-policy output Wan_Parent
res
Paul
08-07-2017 09:29 AM
hi @Paul, I think there is an error here: match ip address 100, how it should be??
Thanks.
08-07-2017 11:45 AM
I have this configured:
class-map match-all Police_cm
match access-group 100
!
!
policy-map Wan_Child
class class-default
fair-queue
policy-map Wan_Parent
class class-default
shape average 1024000 128000
service-policy Wan_Child
policy-map Police_lan_pm
class Police_cm
police 10240000 5120 conform-action transmit exceed-action drop
!
!
!
!
interface FastEthernet0/0
description *** Externa ***
ip address 10.227.225.33 255.255.252.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
service-policy output Wan_Parent
!
interface FastEthernet0/1
description *** Interna ***
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
service-policy input Police_lan_pm
and:
access-list 100 permit ip any any
but the client are still reaching 2Mbps+
thanks.
08-07-2017 01:38 PM
Hello
but the client are still reaching 2Mbps+
policy-map Wan_Parent
class class-default
shape average 1024000 128000
service-policy Wan_Child
policy-map Police_lan_pm
class Police_cm
police 10240000 5120 conform-action transmit exceed-action drop < this is 10mbp not 1mb
Note:
Shaping
1024000 128000 < this is 1mbs
2048000 256000 < this is 2mbs
Policing
1024000 32000 < this is 1mbs
2048000 64000 < this is 2mbs
Also for a better reading drop the load interval in the interface
int x/x
load interval 30
res
Paul
08-09-2017 01:52 PM
same o same o, traffic is reaching whatever client needs....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide