Traffice shaping on Cisco 2611 XM router.

Unanswered Question
Jul 10th, 2007
User Badges:

Hi there,

can you do traffic shaping based on ip addresses? In My DMZ i have several servers all having the same gateway to the internet. My gateway router is a 2611XM. I want limit one server for example 256 Kbs (up-down) to the internet and the other let say 512Kbs(up-down). Does anyone can give me a sample config of how this is done if possible?

My topoloy is as follow:


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
royalblues Tue, 07/10/2007 - 08:25
User Badges:
  • Green, 3000 points or more


It can be done but it would be one way as the same needs to configured at the service provider end to work both ways.

ip access-list extended server

permit ip any

*** you can even use the port parameter with TCP to fine tune your settings***

class-map match-all server

match access-group name server

policy-map QoS-to-Internet

class server

shape average


max-reserved-bandwidth 100

service-policy output QoS-to-Internet



greg-bnets Tue, 07/10/2007 - 08:55
User Badges:


Once again thanks. Do you mean that in your config only the upload will be limited?

Is it better to put a bandwidth manager between the Cisco router and the firewall?


royalblues Tue, 07/10/2007 - 09:19
User Badges:
  • Green, 3000 points or more

Yes you got that right...

I have never implemented a bandwidth manager in this scenario...may be someone else can throw more light on this



Tsasbrink Sun, 07/15/2007 - 21:15
User Badges:

Are you using nat ? This usualy tends to make this kind of configs more complicated.

You should use service policy's to configure this and yes it can be done even with nat overloading.

No nat :

Use a class map to indentify traffic belonging to e certain class.

Use a policy map to shape the traffic from a classes.

Apply service-policy to outgoing interface.

If you use nat or pat. I usually classify traffic on the inside interface with dscp tag's.So they can be classified on the ouside interface with their dscp label instead of address.




This Discussion