That looks better. Now - Page 3

gasparmenendez · ‎08-03-2017

Hi folks,

I have a problem with bandwidth limitation on a Cisco 1841 Router. The thing is that I need to limit the internet bandwidth with class and policy maps in my 1841 but it's not working... when I check my Cacti (monitoring system) it shows 1841 is using more than 2 Mbps, when apparently I limited to 1 Mbps. Here's is my configuration:

Building configuration...

Current configuration : 2548 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname IntRegManzanas
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$r/qO$L.tQ0JnkA
enable password 7 1511021
!
aaa new-model
!
!
aaa authentication login default local
!
!
aaa session-id common
clock timezone MX -6
clock summer-time MX recurring
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool REDINTERNA
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 189.194.28.161 200.52.167.161
!
!
ip domain name somosggl.com
!
multilink bundle-name authenticated
!
!
!
!
username gaspar privilege 15 password 7 094B4F1A0
username extra privilege 15 password 7 10692E3500
archive
log config
hidekeys
!
!
!
!
ip ssh version 2
!
class-map match-all CLASS1M
match access-group name ACL1M
!
!
policy-map POLICE1M
class CLASS1M
   police cir 1000000 bc 187500 pir 1000000
!
!
!
!
interface FastEthernet0/0
description *** Externa ***
ip address 10.227.225.33 255.255.252.0
ip nat outside
ip virtual-reassembly
rate-limit input 1000000 187500 375000 conform-action transmit exceed-action drop
rate-limit output 1000000 187500 375000 conform-action transmit exceed-action drop
duplex auto
speed auto
!
interface FastEthernet0/1
description *** Interna ***
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
service-policy output POLICE1M
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.227.224.1
!
!
ip http server
no ip http secure-server
ip nat inside source list 110 interface FastEthernet0/0 overload
!
ip access-list standard ELCACTI
permit 10.227.224.11
deny   any
!
ip access-list extended ACL1M
deny   ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
!
logging 10.227.224.11
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
snmp-server community ******** RO ELCACTI
snmp-server location Canatlan
snmp-server contact Irma Mtz
!
!
!
!
!
!
control-plane
!
!
banner login ^C

*******************************
*******************************

    Acceso restringido
   Solo personal autorizado

*******************************
*******************************
^C
!
line con 0
password 7 040F5D515
logging synchronous
line aux 0
line vty 0 4
password 7 040F5D515
logging synchronous
transport input all
!
scheduler allocate 20000 1000
end

Can somebody help me please??

Thanks in advence. BR.

gasparmenendez · ‎08-10-2017

now I've got this:

IntRegManzanas#show policy-map interface FastEthernet0/1
FastEthernet0/1

Service-policy input: POLICE1M

    Class-map: CLASS1M (match-any)
      56691 packets, 5508977 bytes
      5 minute offered rate 39000 bps, drop rate 0 bps
      Match: access-group name ACL1M
        56691 packets, 5508977 bytes
        5 minute rate 39000 bps
      police:
          cir 1000000 bps, bc 31250 bytes
        conformed 56683 packets, 5499708 bytes; actions:
          transmit
        exceeded 8 packets, 9269 bytes; actions:
          drop
        conformed 16000 bps, exceed 0 bps

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

I'll keep watching bandwidth...

Georg Pauwen · ‎08-10-2017

That looks better. Now nothing matches the default class, which is good.

Curious to see what happens to the bandwidth utilization...

gasparmenendez · ‎08-10-2017

sorry, still no luck...

bandwidth goes to 2 Mbps almost.

I'll apply the service policy outbound on FastEthernet0/0 to see what happens

Thanks.

gasparmenendez · ‎08-05-2017

didn't work my friend, today client reached 2.74 Mbps....

Georg Pauwen · ‎08-05-2017

Hello,

what do you have configured, both the rate limiting and the service policy ?

Can you post the output of 'show policy-map interface FastEthernet0/1

?

gasparmenendez · ‎08-05-2017

hi,

IntRegManzanas#show policy-map interface FastEthernet0/1
FastEthernet0/1

Service-policy output: POLICE1M

    Class-map: CLASS1M (match-all)
      4 packets, 1368 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name ACL1M
      police:
          cir 1000000 bps, bc 8000 bytes
          pir 1000000 bps, be 31250 bytes
        conformed 4 packets, 1368 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        violated 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps, violate 0 bps

    Class-map: class-default (match-any)
      3797153 packets, 3701670310 bytes
      5 minute offered rate 764000 bps, drop rate 0 bps
      Match: any

and have this configure:

policy-map POLICE1M
class CLASS1M
police cir 1000000 bc 8000 pir 1000000
!
!
!
!
interface FastEthernet0/0
description *** Externa ***
ip address 10.227.225.33 255.255.252.0
ip nat outside
ip virtual-reassembly
rate-limit input 1000000 8000 8000 conform-action transmit exceed-action drop
rate-limit output 1000000 8000 8000 conform-action transmit exceed-action drop
duplex auto
speed auto
!
interface FastEthernet0/1
description *** Interna ***
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
service-policy output POLICE1M

Thanks!!

paul driver · ‎08-07-2017

Hello

Personally i wouldn't apply CB policing and Custom rate-limiting together, I would suggest apply CB policing ingress on your rtr Lan facing interface and CB shaping egress on your wan facing interface.

This example is just matching on any traffic and limiting it to 1mb

Lan Ingress
access-list 100 permit ip any any

class-map match-any Police_cm
match ip address 100

Policy-Map Police _lan_pm
class Police_cm
police 10240000 32000conform-action transmit
exceed-action drop

Int x/x
description Lan_facing_interface
service-policy input Police _lan_pm

Wan Egress
policy-map Wan_Child
class-class default
fair queue

policy-map Wan_Parent
class-class default
shape average 1024000 128000
service-policy Wan_Child

Int x/x
description Wan_facing_interface
service-policy output Wan_Parent

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

gasparmenendez · ‎08-07-2017

hi @Paul, I think there is an error here: match ip address 100, how it should be??

Thanks.

gasparmenendez · ‎08-07-2017

I have this configured:

class-map match-all Police_cm
match access-group 100
!
!
policy-map Wan_Child
class class-default
fair-queue
policy-map Wan_Parent
class class-default
shape average 1024000 128000
service-policy Wan_Child
policy-map Police_lan_pm
class Police_cm
police 10240000 5120 conform-action transmit exceed-action drop
!
!
!
!
interface FastEthernet0/0
description *** Externa ***
ip address 10.227.225.33 255.255.252.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
service-policy output Wan_Parent
!
interface FastEthernet0/1
description *** Interna ***
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
service-policy input Police_lan_pm

and:

access-list 100 permit ip any any

but the client are still reaching 2Mbps+

thanks.

paul driver · ‎08-07-2017

Hello

but the client are still reaching 2Mbps+

policy-map Wan_Parent
class class-default
shape average 1024000 128000
service-policy Wan_Child
policy-map Police_lan_pm
class Police_cm
police 10240000 5120 conform-action transmit exceed-action drop < this is 10mbp not 1mb

Note:

Shaping
1024000 128000 < this is 1mbs
2048000 256000 < this is 2mbs

Policing
1024000 32000 < this is 1mbs
2048000 64000 < this is 2mbs

Also for a better reading drop the load interval in the interface

int x/x
load interval 30

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

gasparmenendez · ‎08-09-2017

same o same o, traffic is reaching whatever client needs....

1841 bandwidth limitation (traffic shapping) not working