06-06-2008 04:23 AM - edited 03-05-2019 11:27 PM
Hi,
I have a 876 router, configured with 2 VLANs. Fe0-Fe2 are in VLAN1 and Fe3 is configured as a trunk port. There is a wifi AP connected to Fe3, the AP is configured with 2 separate ssids, one is member of VLAN1 the other VLAN10.
Everything works perfectly (the 2 VLANs, 2 different subnet with dhcp, NAT), but I can not match the VLAN traffic with a class-map.
What I want to do, is limit VLAN1 traffic to 500kbit/40kbit up/downstream.
This is the config i used, but obviously something is wrong with it, because i get 0 packets matched.
class-map match-all limited-vlan
match vlan 1
!
!
policy-map limited-vlan-out
class limited-vlan
police 40000 conform-action transmit exceed-action drop
policy-map limited-vlan-in
class limited-vlan
police 500000 conform-action transmit exceed-action drop
interface Dialer0
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username *removed* password 7 *removed*
service-policy input limited-vlan-in
service-policy output limited-vlan-out
penthecisco#show policy-map interface dialer 0
Dialer0
Service-policy input: limited-vlan-in
Class-map: limited-vlan (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: vlan 1
police:
cir 500000 bps, bc 15625 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Service-policy output: limited-vlan-out
Class-map: limited-vlan (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: vlan 1
police:
cir 40000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
2100 packets, 270030 bytes
5 minute offered rate 3000 bps, drop rate 0 bps
Match: any
penthecisco#show policy-map interface virtual-access 2
Virtual-Access2
Service-policy input: limited-vlan-in
Class-map: limited-vlan (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: vlan 1
police:
cir 500000 bps, bc 15625 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
3346 packets, 1451559 bytes
5 minute offered rate 23000 bps, drop rate 0 bps
Match: any
Service-policy output: limited-vlan-out
Class-map: limited-vlan (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: vlan 1
police:
cir 40000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
59 packets, 2128 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
06-06-2008 12:33 PM
pls narrow down the match criteria from vlan1 to access-group involving the ip subnets defined for vlan1 in the class-map.
create an acl to identify the traffic for vlan1 and refer it to in class-map.
Pls rate if this helps!!!
06-08-2008 10:12 PM
I tried the same thing with ACLs, didn't work. However, if i used for example match protocol http, it did hit the class, but thats not what i want.
Also, what is the point of narrowing down the criteria if i want to match based on vlan id? Only one match rule, can't be narrower than that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide