07-10-2007 08:11 AM - edited 03-05-2019 05:13 PM
Hi there,
can you do traffic shaping based on ip addresses? In My DMZ i have several servers all having the same gateway to the internet. My gateway router is a 2611XM. I want limit one server for example 256 Kbs (up-down) to the internet and the other let say 512Kbs(up-down). Does anyone can give me a sample config of how this is done if possible?
My topoloy is as follow:
DMZ--->Firewall---->2611XM--->Internet
07-10-2007 08:25 AM
Greg
It can be done but it would be one way as the same needs to configured at the service provider end to work both ways.
ip access-list extended server
permit ip
*** you can even use the port parameter with TCP to fine tune your settings***
class-map match-all server
match access-group name server
policy-map QoS-to-Internet
class server
shape average
int
max-reserved-bandwidth 100
service-policy output QoS-to-Internet
HTH
Narayan
07-10-2007 08:55 AM
Narayan
Once again thanks. Do you mean that in your config only the upload will be limited?
Is it better to put a bandwidth manager between the Cisco router and the firewall?
Greg
07-10-2007 09:19 AM
Yes you got that right...
I have never implemented a bandwidth manager in this scenario...may be someone else can throw more light on this
HTH
Narayan
07-15-2007 09:15 PM
Are you using nat ? This usualy tends to make this kind of configs more complicated.
You should use service policy's to configure this and yes it can be done even with nat overloading.
No nat :
Use a class map to indentify traffic belonging to e certain class.
Use a policy map to shape the traffic from a classes.
Apply service-policy to outgoing interface.
If you use nat or pat. I usually classify traffic on the inside interface with dscp tag's.So they can be classified on the ouside interface with their dscp label instead of address.
H.T.H.
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: