05-31-2011 02:47 PM - edited 03-06-2019 05:17 PM
I am trying to figure out a way to make it so that no 1 user can consume more than 512Kbps of internet bandwitdth. I do not what muliple users to have to share the same cap, but get their own. I have tried the below config and it works wonderfully, however I found that you can only have 255 entries per policy map. I am wanting to do this on a per address basic and we have 600+ addresses in use.
The configuration i tried was:
(Created 1 access-list per IP)
ip access-list extended police.internet-10.1.0.3
permit tcp any host 10.1.0.3
permit tcp host 10.1.0.3 any
(Created 1 class-map per IP)
class-map match-all police.internet-10.1.0.3
match access-group name police.internet-10.1.0.3
(Added each class-map to the policy-map -limit is 255 so I can't put them all here)
policy-map inside_policy-police-internet
class police.internet-10.1.0.3
police 512000 conform-action transmit exceed-action drop
interface FastEthernet0/1
service-policy input inside_policy-police-internet
service-policy output inside_policy-police-internet
Any assistance would be greatly appreciated.
05-31-2011 05:29 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Not sure, but I thought I read somewhere that later IOSs might support more than 255 classes in a class map. Just tried to find a reference but only found mention of the original 64 class limitation.
If unable to extend beyond 255 classes, perhaps you could group your IP addresses into groups of 4. (NB: you don't have to mask out the LSB, you could mask our 4 addresses from different subnets.)
Otherwise, only platform that I know that supports Microflow policing is the 6500.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide