traffic shaping w/ router as a transparent bridge

Nov 16th, 2007

Ive got some issues with traffic shaping, I assume Im just missing

something silly but cant seem to find the issue. Im hoping some kind

person can point out the obvious

Ive reviewed: Configuring Generic Traffic Shaping

... as well as ...

Heres my network layout:

see attached if this ascii diagram is messed up in the post

hh1 ( ) |

(0017.0830.cb00) |


h2( |- (f0/0) r1 (e1/0) --( r2 - inet


h2 ( -----|

i need to shape in and out bound traffic for various hosts

independantly (ie h1, h2, h3). i also need to do this with a bridge

since i dont want to create any more confusion than needed by fooling

with more subnets, consuming extra addresses, or nat. i have a spare

router (r1) which is:

bw_throttle>sh ver

Cisco Internetwork Operating System Software

IOS (tm) 3600 Software (C3620-IS-M), Version 12.3(17), RELEASE


and has the following relevant config:

no ip routing


interface FastEthernet0/0

no ip address

traffic-shape group 1 500000 18000 18000 1000

traffic-shape group 700 500000 18000 18000 1000

bridge-group 1


interface Ethernet1/0

no ip address

traffic-shape group 1 500000 18000 18000 1000

traffic-shape group 700 500000 18000 18000 1000

bridge-group 1


access-list 1 permit

access-list 700 permit 0017.0830.cb00


bridge 1 protocol ieee

this doesn't shape traffic to the expected 500kbps for h1; the only

way i can seem to shape any traffic is with something like the

following on both interfaces

traffic-shape rate 500000 18000 18000 1000

unfortunately this is not what i need; i instead need to shape traffic

for specific hosts, preferably specifiying those hosts by ip address,

not mac address, but at this point ill take whatever i can get

perhaps i just cant do what im trying to pull off? since im trying to

make a router act as a layer 2 device and shape traffic based on layer

3 addresses. perhaps thats not a possibility?

m.brentlinger Tue, 11/20/2007 - 09:41

Ive not gotten any help with doing this with cisco equipment... though

ive moved on to doing it with BSD

Building a transparent traffic-shaping bridge

There was a bit more to building the openbsd box, but with some help

from the following I figured it out

Things not in the guide were I had to add pftop...

# pkg_add

and to see queue info once you run pftop you have to use the left and

right arrow keys

I also had to find info on how to change and reapply rules

Configure rules for pf:

write your rules and save them in pf.test

To test your rules type:

# pfctl -nf /etc/pf.test

When you are confident that you want to apply the rules type:

# cp pf.conf pf.old && cp pf.test pf.conf

To load your rules type:

# pfctl -f /etc/pf.conf

Hope that helpls someone. If ayone figures out how to do it with something better

or with cisco equipment id love to know how.


This Discussion