05-28-2008 01:14 PM - edited 03-03-2019 10:08 PM
i want to implement LLQ for my users. I want that when specific user try to access specific subnets it gets
only 8 KBps. I have cisco router 2821 with two FE ports.
I have made the following configuration but still not able to restrict the user to 8 KBps, user when try to download
from remote computer, no policing and LLQ comes in action.
below mention is configuration that I made on router.
Building configuration...
Current configuration : 1307 bytes
!class-map match-all testclass
match access-group 150
!
!
policy-map testpolicy
class testclass
police cir 8000 bc 1000 be 1000
conform-action transmit
exceed-action drop
violate-action drop
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.3.1 255.255.255.0
ip nat outside
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
service-policy input testpolicy
!
interface FastEthernet0/1
ip address 10.1.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.3.2
!
!
ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet0/0 overload
!
access-list 100 permit ip any any
access-list 150 permit ip host 10.1.4.3 any
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end
Router-C#
Router-C#wr me
Building configuration...
[OK]
Router-C#show int
Router-C#show poli
Router-C#show policy-map inte
Router-C#show policy-map interface fas
Router-C#show policy-map interface fastEthernet 0/0
FastEthernet0/0
Service-policy input: testpolicy
Class-map: testclass (match-all)
14 packets, 1605 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group 150
police:
cir 8000 bps, bc 1000 bytes, be 1000 bytes
conformed 1 packets, 243 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
315852 packets, 461648032 bytes
30 second offered rate 2000 bps, drop rate 0 bps
Match: any
Router-C#show int
Router-C#show interfaces fas
Router-C#show interfaces fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 001d.a16c.9b70 (bia 001d.a16c.9b70)
Internet address is 10.1.3.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:27, output 00:00:03, output hang never
Last clearing of "show interface" counters 00:16:00
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
315916 packets input, 461657577 bytes
Received 461 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
167296 packets output, 11153399 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
05-28-2008 01:24 PM
You have a NAT configuration that is translating every IP device transiting F0/1 to 10.1.3.1 IP Address.
You have the class-map pointing to ACL 150 and the source IP is of the host 10.1.4.3
Are you sure you are matching the host 10.1.4.3 in order to execute the input policy?
__
Edison.
05-28-2008 02:17 PM
Thanks for the reply, I wil change it in the morning and then let u know the effect, one thing more please tell me i m using ethernet interface and ethernet has bandwidth 100 Mbps,
is there any need to change the bandwidth to actual bandwidth like 2 MB, 3 MB that i will get from my service provider.
bcz router will assign bandwidth by seeing the interface actual bandwidth.?????? am i right or
05-28-2008 03:52 PM
one thing more please tell me i m using ethernet interface and ethernet has bandwidth 100 Mbps,
is there any need to change the bandwidth to actual bandwidth like 2 MB, 3 MB that i will get from my service provider.
No. The bandwidth statement is useful for QoS and Dynamic Routing Protocols.
With QoS, is implemented when using the 'percentage' option instead of the whole number.
For instance, priority percent 90 instead of priority 90000
With Dynamic Routing Protocols, is used to calculate the best metric.
In short, it does not affect the speed of the circuit.
__
Edison.
05-28-2008 02:04 PM
It doesn't look like you are correctly matching the traffic on your policy map due to NAT. Since you are trying to affect downloads and key on the ip address, you might be able to apply the policy map on the inside interface and police the traffic that way (you'd have to adjust your acl 150 accordingly).
HTH,
Jim
05-29-2008 02:15 AM
Hi wasim,
- Nat has been done before queuing method.So it does not make any sense if we still use the source ip address to classify packets to be used by QOS
- To trigger QOS(Congestion management) when you use the fastethernet interface connecting to ISP. I should use shaping method and child-policy.
You want to apply qos to 10.1.4.3. I would mark this host first. I should do as follows:
!
class-map match-all match10-1-4-3
match access-group name only10-1-4-3
!
!
policy-map mark10-1-4-3
class match10-1-4-3
set ip dscp af31
!
!
ip access-list extended only10-1-4-1
permit ip host 10.1.4.1 any
!
!
interface FastEthernet0/0
service-policy input mark10-1-4-3
!
Now marking should work.Then I would shape all traffics to confine link's bandwidth that ISP has provided. Let's say 2M. When packets are sent to shaping queue then LLQ should be applied.
!
class-map match-all matchaf31
match dscp af31
policy-map LLQ-10-1-4-3
class match af31
priority 8000
class class-default
fair-queue
random-detect
policy-map Shape2M
class class-default
shape average 2000000
service-policy output LLQ-10-1-4-3
interface FastEthernet0/0
service-policy output Shape2M
Hopes this helps
Thot
05-29-2008 05:24 AM
I modify the access list and direction of service policy now i m able to do the police and it is working fine. But one problem arise, i want to configure LLQ on same setup so that one user get fix amount of bandwidth but still not able to configure it see the belwo mention configuration for LLQ
I want to configure LLQ on my Router which has 2 FE interface.
I want only specific application always gets min 74990 Bandwidth in either case. and one user get 8 kbps.
I configure the router with below mention command but still not able to get the desired result.
both users are able to get bandwidth in MB and no LLQ is working.
version 12.4
!
!
class-map match-all testclass2
match access-group 160
class-map match-all testclass
match access-group 150
!
!
policy-map testpolicy
class testclass
priority 8
class testclass2
priority 74990
!
!
interface FastEthernet0/0
bandwidth 8000
ip address 10.1.3.1 255.255.255.0
ip nat outside
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.3.2
!
ip nat inside source list 100 interface FastEthernet0/0 overload
!
access-list 150 permit ip host 10.1.4.3 any
access-list 160 permit ip host 10.1.4.5 any
Router-C#show policy-map interface fastEthernet 0/0
FastEthernet0/0
Service-policy output: testpolicy
Class-map: testclass (match-all)
91678 packets, 5680284 bytes
30 second offered rate 698000 bps, drop rate 0 bps
Match: access-group 150
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 8 (kbps) Burst 200 (Bytes)
(pkts matched/bytes matched) 9/612
(total drops/bytes drops) 0/0
Class-map: testclass2 (match-all)
144133 packets, 8696430 bytes
30 second offered rate 898000 bps, drop rate 0 bps
Match: access-group 160
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 5990 (kbps) Burst 149750 (Bytes)
(pkts matched/bytes matched) 22/1251
(total drops/bytes drops) 0/0
Class-map: class-default (match-any)
27 packets, 2235 bytes
30 second offered rate 0 bps, drop rate 0 bps
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: