Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
616
Views
0
Helpful
4
Replies

How to restrict bandwidth

virenderj
Level 1
Level 1

‎02-14-2007 10:05 PM - edited ‎03-03-2019 03:46 PM

we have a very simple setup

L3 switch --> Pix firewall --> internet router (cisco 2801)---> ISP

We just have a default static route in L3 switch to point to pix so that all internet traffic gets routed to pix.

Now we have a bunch of users using various vpn clients to connect so that they can work in client's/partner environments. I just want that the total bandwidth consumed by such VPN traffic does not exceed 20% of total bandwidth. I want to restrict it for upload and download traffic both. I know all the destination VPN gateway IP addresses for such connections. Let me know what is best method to do it.

Labels:
0 Helpful
4 Replies 4

brispin
Level 1
Level 1

‎02-21-2007 07:37 AM

can try class based weighted fair queuing.

For more details refer the url given below,

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800b75af.html

0 Helpful

mheusinger
Level 10
Level 10
In response to brispin

‎02-21-2007 07:58 AM

Hi,

just a note: CBWFQ gives minimum bandwidth guarantees, but NO upper limit.

So the more appropriate feature to achieve your stated goals would be a shaper (or policer).

With shaping you define an upper bandwidth limit, excess traffic is queued. A policer would drop excess traffic and might not be appropriate in your case.

You could apply a shaper in each direction on your 2800. For configuration details have a look at "Policing and Shaping Overview" and consecutive chapters.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080465b25.html

Another idea (slightly modifying your stated requirements): why not using CBWFQ and give 80% minimum guarantee to all traffic except VPN? This way you would not impose an upper limit on VPN traffic, IF no other traffic needs to be served?

Hope this helps!

Regards, Martin

0 Helpful

jheckart
Level 3
Level 3

‎02-21-2007 08:50 AM

You could also try Policing the VPN traffic. You could match the traffic by protocol as IPSEC, or could limit the user based on IP address.

After you have matched the traffic, you will have to build a policy to police whatever traffic you are matching to either a percent of bandwidth or a fixed kbps.

0 Helpful

virenderj
Level 1
Level 1
In response to jheckart

‎02-21-2007 08:00 PM

thanks a lot folks for your expert views. It would be great if someone can post a sample config to accompalish the shaping matching to either a percent of bandwidth or a fixed kbps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card