Solved: Re: Bandwidth division into two LAN with same subnet

Muhammad Younus · ‎09-12-2017

Dear,

I know it is very old topic, but I am getting problem. I have ciso 2821 router with 8 Mbps say with ip 192.168.1.1 configured with NAT.

I want to devide internet bandwidth between my two other networks with seperate routers having ip address 192.168.1.2 and 192.168.2.3. I configured NAT on them and my 2821 is WAN router for other two. I want to limit 192.168.1.2 to 5 Mpbs and other to 3 Mbps. Kindly help me in this regards.

Thank you.

Julio E. Moisa · ‎09-12-2017

Hi

You can use Shape or Police through MQC, the first one can be used on outbound direction it works with queues, now Police works dropping packets and it can be deployed for inbound and outbound traffic.

access-list 100 permit 192.168.1.0 0.0.0.255 any
access-list 101 permit 192.168.2.0 0.0.0.255 any

class-map match-all SUBNET1
match access-group 100

class-map match-all SUBNET2
match access-group 101

policy-map INTERNET-POLICY
class SUBNET1
police 5000000 conform-action transmit exceed-action drop

class SUBNET2
police 3000000 conform-action transmit exceed-action drop

interface g0/0
description TO-ISP
service-policy output INTERNET-POLICY

or

policy-map INTERNET-POLICY
class SUBNET1
shape average 5000000

class SUBNET2
shape average 3000000

interface g0/0
description TO-ISP

ip address x.x.x.x y.y.y.y
service-policy output INTERNET-POLICY

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Julio E. Moisa · ‎09-12-2017

Hi

You can use Shape or Police through MQC, the first one can be used on outbound direction it works with queues, now Police works dropping packets and it can be deployed for inbound and outbound traffic.

access-list 100 permit 192.168.1.0 0.0.0.255 any
access-list 101 permit 192.168.2.0 0.0.0.255 any

class-map match-all SUBNET1
match access-group 100

class-map match-all SUBNET2
match access-group 101

policy-map INTERNET-POLICY
class SUBNET1
police 5000000 conform-action transmit exceed-action drop

class SUBNET2
police 3000000 conform-action transmit exceed-action drop

interface g0/0
description TO-ISP
service-policy output INTERNET-POLICY

or

policy-map INTERNET-POLICY
class SUBNET1
shape average 5000000

class SUBNET2
shape average 3000000

interface g0/0
description TO-ISP

ip address x.x.x.x y.y.y.y
service-policy output INTERNET-POLICY

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Muhammad Younus · ‎09-12-2017

Sure it is helpful, thank you for your solution. What if I want to use within same subnet bu different ip i.e. 192.168.1.2 and 192.168.1.3. Should I use the same or some other configuration required, Kindly explain plz.

Joseph W. Doherty · ‎09-12-2017

Just to add to what Julio has already noted. . .

Since policers or shapers set hard caps, another approach is to use a hierarchical policy, shaping for the overall aggregate allowance (8 Mbps, in your case) and using a child policy to split the bandwidth as you desire.

The advantage of this approach is it allows one VLAN to use bandwidth not otherwise being used by the other VLAN. Of course, that can be a disadvantage if you truly want to always limit the amount of traffic to a VLAN regardless of available bandwidth.