05-15-2013 03:25 AM - edited 03-07-2019 01:21 PM
Hello. I'm trying to shape users on uplink vlan.
cisco6509#show version
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXJ5, RELEASE SOFTWARE (fc2)
Do this:
interface TenGigabitEthernet1/1
switchport
switchport trunk allowed vlan 1234,2345,3456
switchport mode trunk
switchport nonegotiate
mls qos vlan-based
!
interface Vlan1234
ip address zzz.zzz.zzz.zzz 255.255.255.252
ip access-group in in
ip access-group out out
service-policy input shapein
service-policy output shapeout
ip flow ingress
Extended IP access list shape10in
10 permit ip any host xxx.xxx.xxx.xxx
20 permit ip any host yyy.yyy.yyy.yyy
...
Extended IP access list shape10out
10 permit ip host xxx.xxx.xxx.xxx any
20 permit ip host yyy.yyy.yyy.yyy any
...
class-map match-any shape10out
match access-group name shape10out
class-map match-any shape10in
match access-group name shape10in
i try with match-all to, all the same.
policy-map shapeout
class shape10out
police 10000000 conform-action transmit exceed-action drop
policy-map shapein
class shape10in
police 10000000 conform-action transmit exceed-action drop
and for these addresses(xxx and yyy) I get the separation speed in half the 5 megabits per ip, not 10 mbit to each.
I try with flow mask, but
police flow mask src-only 1000000 1000 conform-action transmit exceed action drop
i can't apply it on vlan.
Tell me, please, how to organize a speed limit for each user separately.
05-20-2013 01:24 AM
Any suggestions?
05-22-2013 02:55 AM
QoS: Specified match criteria cannot use match-all in class shape10in
05-22-2013 09:55 AM
reworked like this:
show policy-map
Policy Map shapein
Class shape10in
police flow mask dest-only 10000000 312500 conform-action transmit exceed-action drop
Class shape05in
police flow mask dest-only 512000 16000 conform-action transmit exceed-action drop
Class shape1in
police flow mask dest-only 1000000 31250 conform-action transmit exceed-action drop
Class shape2in
police flow mask dest-only 2000000 62500 conform-action transmit exceed-action drop
Class shape4in
police flow mask dest-only 4000000 125000 conform-action transmit exceed-action drop
Class shape20in
police flow mask dest-only 20000000 625000 conform-action transmit exceed-action drop
Class shape30in
police flow mask dest-only 30000000 937500 conform-action transmit exceed-action drop
Class shape55in
police flow mask dest-only 55000000 1718750 conform-action transmit exceed-action drop
Class shape80in
police flow mask dest-only 80000000 2500000 conform-action transmit exceed-action drop
Class Map match-any shape1in (id 4)
Match access-group name shape1in
Class Map match-any shape2in (id 6)
Match access-group name shape2in
Class Map match-any shape4in (id 8)
Match access-group name shape4in
Class Map match-any shape80in (id 17)
Match access-group name shape80in
Class Map match-any shape55in (id 15)
Match access-group name shape55in
Class Map match-any shape10in (id 1)
Match access-group name shape10in
Class Map match-any shape20in (id 11)
Match access-group name shape20in
Class Map match-any shape30in (id 13)
Match access-group name shape30in
Class Map match-any shape05in (id 2)
Match access-group name shape05in
show access-list shape1in
Extended IP access list shape1in
10 permit ip any host xx.xx.xx.xx
20 permit ip any host xx.xx.xx.yy
30 permit ip any host xx.xx.xx.zzz
show running-config interface vlan 1234
Building configuration...
Current configuration : 167 bytes
!
interface Vlan1234
ip address xxx.xxx.xxx.xxxx 255.255.255.252
ip access-group 198 out
mls qos bridged
service-policy input shapein
end
All fine. Inbound UBRL work fine. How to configure outbound shaping on this vlan. I can't apply flow mask src-only for this vlan. How to shape outbound traffic?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide