Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
746
Views
0
Helpful
3
Replies

Rate Limiting Problem with Cisco C3750G-24PS

Go to solution
Steve Ballantyne
Level 1
Level 1

‎06-07-2013 07:39 AM - edited ‎03-07-2019 01:46 PM

Hello all,

I am attempting to perform rate limiting on a sattelite office which has a 10Mb point to point connection back to us.  I understand that I can only rate-limit on incoming traffic, which is fine.  I am trying to limit *Internet traffic* through our proxy server (10.0.47.251).  One of the office users occassionally has to download very large files, and it consumes all available bandwidth, causing the other users a bit of pain and suffering.  And I thought this would be an easy solution?

For whatever reason - my rate limiting is IGNORED.  I am running speed tests (through the proxy server of course) to see if this policy has any affect on or off - and I get no change in the bandwidth.  I am consistently pulling 10Mbps in both directions with or without the policy.

Here are the changes I made:

mls qos
ip access-list extended limit_internet_proxy_traffic_acl 
 permit ip any host 10.0.47.251
class-map limit_internet_proxy_traffic_cm
 match access-group name limit_internet_proxy_traffic_acl 
policy-map limit_internet_proxy_traffic_pm
 class limit_internet_proxy_traffic_cm
 police 2048000 262144 exceed-action drop
!police 6291456 196608 exceed-action drop
int g1/0/24
 service-policy input limit_internet_proxy_traffic_pm

And here is the entire config, slightly scrubbed and trimmed:

!
! Last configuration change at 09:22:49 EST Fri Jun 7 2013
! NVRAM config last updated at 09:22:50 EST Fri Jun 7 2013
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LittleOffice_C375024PS
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 *SNIP*
!
no aaa new-model
clock timezone EST -5 0
switch 1 provision ws-c3750g-24ps
system mtu routing 1500
ip domain-name mydomain.local
ip name-server 10.0.47.253
!
!
!
!
mls qos
!
crypto pki trustpoint TP-self-signed-2197671040
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2197671040
 revocation-check none
 rsakeypair TP-self-signed-2197671040
!
!
crypto pki certificate chain TP-self-signed-2197671040
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
!
!
!
archive
 log config
  logging enable
  logging size 500
  notify syslog contenttype plaintext
  hidekeys
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
class-map match-all limit_internet_proxy_traffic_cm
  match access-group name limit_internet_proxy_traffic_acl
!
policy-map limit_internet_proxy_traffic_pm
 class limit_internet_proxy_traffic_cm
  police 2048000 262144 exceed-action drop
!
interface GigabitEthernet1/0/1
 switchport access vlan 493
 switchport mode access
 switchport voice vlan 495
 spanning-tree portfast
!
interface GigabitEthernet1/0/2
 switchport access vlan 493
 switchport mode access
 switchport voice vlan 495
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 switchport access vlan 493
 switchport mode access
 switchport voice vlan 495
 spanning-tree portfast
!
interface GigabitEthernet1/0/4
 switchport access vlan 493
 switchport mode access
 switchport voice vlan 495
 spanning-tree portfast
!
interface GigabitEthernet1/0/5
 switchport access vlan 493
 switchport mode access
 switchport voice vlan 495
 spanning-tree portfast
!!! SNIP SNIP SNIP !!!
!
interface GigabitEthernet1/0/24
 description BRIDGE TO MAIN
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
 spanning-tree link-type point-to-point
 service-policy input limit_internet_proxy_traffic_pm
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 ip address 10.0.44.250 255.255.252.0
!
ip default-gateway 10.0.45.1
ip http server
ip http secure-server
!
!
!
ip access-list extended limit_internet_proxy_traffic_acl
 permit ip any host 10.0.47.251
!
logging esm config
!
snmp-server community mypassword RW
snmp-server enable traps license
!
!
line con 0
line vty 0 4
 password mysecrettelnet
 login
line vty 5 15
 login
!
ntp server 10.0.47.254
end


Lastly, some show version details:

VentureDr_C375024PS# sho ver
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 15.0(1)SE, RE
LEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 20-Jul-11 09:32 by prod_rel_team
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE
 (fc1)
VentureDr_C375024PS uptime is 1 week, 3 days, 17 hours, 24 minutes
System returned to ROM by power-on
System restarted at 16:13:14 EST Mon May 27 2013
System image file is "flash:c3750-ipservicesk9-mz.150-1.SE.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco WS-C3750G-24PS (PowerPC405) processor (revision K0) with 131072K bytes of
memory.
Processor board ID FOC1526X1CT
Last reset from power-on
1 Virtual Ethernet interface
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : D0:C2:82:FD:CC:80
Motherboard assembly number     : 73-10217-10
Power supply part number        : 341-0108-04
Motherboard serial number       : FOC15254MJD
Power supply serial number      : AZS152601KL
Model revision number           : K0
Motherboard revision number     : A0
Model number                    : WS-C3750G-24PS-S
System serial number            : FOC1526X1CT
Top Assembly Part Number        : 800-26855-04
Top Assembly Revision Number    : C0
Version ID                      : V08
CLEI Code Number                : COMB400BRA
Hardware Board Revision Number  : 0x09

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 28    WS-C3750G-24PS     15.0(1)SE             C3750-IPSERVICESK9-M

Configuration register is 0xF

Thanks for any light you can shed on this.  ;-)

-Steve Ballantyne

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-07-2013 08:38 AM

You need to use a router for that, and shaping.

Not a switch, and not rate-limiting (policing).

View solution in original post

0 Helpful
3 Replies 3

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-07-2013 08:38 AM

You need to use a router for that, and shaping.

Not a switch, and not rate-limiting (policing).

0 Helpful

Go to solution
Steve Ballantyne
Level 1
Level 1
In response to paolo bevilacqua

‎06-07-2013 09:41 AM

You know, I was just mindlessly following instructions and I hadn't really thought about it.


I am trying to create a policy with an IP address on a layer 2 device.  Woops.

Thanks Paolo.  :-)

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Steve Ballantyne

‎06-07-2013 10:45 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

A 3750G is a L3 device, and even when not routing, it can examine L3 info.

In your situation, something I'm not sure about is matching L3 information on a trunk interface.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card