08-18-2009 11:42 AM - edited 03-04-2019 05:46 AM
Hello Everyone,
We have a Cisco 3825 router. I would like to limit the bandwidth for three IP addresses.
60.203.x.1 - LAN (no limit)
60.203.x.2 - Web Server (3mb limit)
60.203.x.3 - FTP Server (3mb limit)
60.203.x.4 - Mail Server (3mb limit)
I found the following config. Is this the best way to approach this? Does this add a lot of overhead to the router? How would I do this config for the three IP addresses?
Thanks in advance.
--------
access-list 101 permit ip any 60.203.x.2 255.255.255.248
class-map match-any RESTRICTED
description Web Server
match access-group 101
policy-map BANDWIDTH-RESTRICTED
class RESTRICTED
police 3000000 30000 exceed-action drop
int GigabitEthernet0/0
service-policy output BANDWIDTH-RESTRICTED
--------
Here is our current config:
version 12.4
no service pad
!
!
card type t3 1
!
!
no aaa new-model
no ip source-route
ip cef
!
multilink bundle-name authenticated
!
!
controller T3 1/0
clock source line
cablelength 10
!
!
interface GigabitEthernet0/0
ip address 60.203.x.x 255.255.255.248
no ip redirects
no ip proxy-arp
duplex full
speed auto
media-type rj45
ntp disable
!
!
interface Serial1/0
ip address 201.x.x.x 255.255.255.252
no ip redirects
no ip proxy-arp
encapsulation ppp
no ip mroute-cache
load-interval 30
ntp disable
scramble
no cdp enable
!
!
no ip forward-protocol nd
no ip forward-protocol udp
!
ip route 0.0.0.0 0.0.0.0 201.x.x.x
!
!
no cdp run
!
control-plane
!
scheduler allocate 30000 1000
!
end
08-18-2009 12:49 PM
" Is this the best way to approach this?"
Probably not. You're limiting all 3 hosts aggregate to 3 Mbps, but did you want to limit each to 3 Mbps?
Also, the policy is only applied in the output direction on the gig interface, what about the reverse direction?
Further, it's not clear what's actually trying to be accomplished. If the issue bandwidth consumption on the serial link? If so, policing after the traffic has crossed the link (inbound) doesn't give precise results. If it's a question of about outbound bandwidth on the serial link, CBWFQ with bandwidth allocations might be a better choice.
"Does this add a lot of overhead to the router?"
Policing generally doesn't.
"How would I do this config for the three IP addresses? "
You could use an ACL and class map for each host.
e.g.
access-list 102 permit ip any host 60.203.x.2
access-list 103 permit ip any host 60.203.x.3
access-list 104 permit ip any host 60.203.x.4
class-map match-any RESTRICTED1
description Web Server
match access-group 102
class-map match-any RESTRICTED2
description FTP Server
match access-group 103
class-map match-any RESTRICTED3
description Mail Server
match access-group 104
policy-map BANDWIDTH-RESTRICTED
class RESTRICTED1
police 3000000 30000 exceed-action drop
class RESTRICTED2
police 3000000 30000 exceed-action drop
class RESTRICTED3
police 3000000 30000 exceed-action drop
08-18-2009 01:48 PM
We have a 21mbs DS3 connection. Our LAN, web server, FTP server and mail server use this DS3 connection.
I'm trying to prevent our web and FTP server from using up all the bandwidth. I would like the web server, FTP server and mail server to each have a maximum of 3mbs of bandwidth. In peak conditions this would leave 12mbs available for our LAN connection.
Is the config you provided a good way of doing this? Thanks.
08-18-2009 03:40 PM
"Is the config you provided a good way of doing this?"
It wouldn't be my first choice.
Is your concern about inbound, outbound or both directions utilization of the serial link?
Do you control the router on the other side of the serial link?
08-18-2009 03:59 PM
My main concern is outbound.
We don't. This is a internet facing router.
08-18-2009 04:41 PM
For outbound, I would suggest your first try FQ for all traffic.
e.g.
policy-map anExample
or
policy-map anExample
class class-default
fair-queue
int serial 1/0
service-policy output anExample
If that isn't enough (and it might be vs. a default FIFO on a high speed serial), you can further extend the CBWFQ policy. You could weight traffic types (or per source server) differently (somewhat effective if the FQ is actually WFQ - many platforms IOSs are) or you can break the servers into other classes and adjust their class parameters.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide