06-06-2008 04:23 AM - edited 03-05-2019 11:27 PM
Hi,
I have a 876 router, configured with 2 VLANs. Fe0-Fe2 are in VLAN1 and Fe3 is configured as a trunk port. There is a wifi AP connected to Fe3, the AP is configured with 2 separate ssids, one is member of VLAN1 the other VLAN10.
Everything works perfectly (the 2 VLANs, 2 different subnet with dhcp, NAT), but I can not match the VLAN traffic with a class-map.
What I want to do, is limit VLAN1 traffic to 500kbit/40kbit up/downstream.
This is the config i used, but obviously something is wrong with it, because i get 0 packets matched.
class-map match-all limited-vlan
match vlan 1
!
!
policy-map limited-vlan-out
class limited-vlan
police 40000 conform-action transmit exceed-action drop
policy-map limited-vlan-in
class limited-vlan
police 500000 conform-action transmit exceed-action drop
interface Dialer0
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username *removed* password 7 *removed*
service-policy input limited-vlan-in
service-policy output limited-vlan-out
penthecisco#show policy-map interface dialer 0
Dialer0
Service-policy input: limited-vlan-in
Class-map: limited-vlan (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: vlan 1
police:
cir 500000 bps, bc 15625 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Service-policy output: limited-vlan-out
Class-map: limited-vlan (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: vlan 1
police:
cir 40000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
2100 packets, 270030 bytes
5 minute offered rate 3000 bps, drop rate 0 bps
Match: any
penthecisco#show policy-map interface virtual-access 2
Virtual-Access2
Service-policy input: limited-vlan-in
Class-map: limited-vlan (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: vlan 1
police:
cir 500000 bps, bc 15625 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
3346 packets, 1451559 bytes
5 minute offered rate 23000 bps, drop rate 0 bps
Match: any
Service-policy output: limited-vlan-out
Class-map: limited-vlan (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: vlan 1
police:
cir 40000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
59 packets, 2128 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
06-06-2008 12:33 PM
pls narrow down the match criteria from vlan1 to access-group involving the ip subnets defined for vlan1 in the class-map.
create an acl to identify the traffic for vlan1 and refer it to in class-map.
Pls rate if this helps!!!
06-08-2008 10:12 PM
I tried the same thing with ACLs, didn't work. However, if i used for example match protocol http, it did hit the class, but thats not what i want.
Also, what is the point of narrowing down the criteria if i want to match based on vlan id? Only one match rule, can't be narrower than that.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: