cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1207
Views
0
Helpful
4
Replies

NBAR configuration for specific Vlan to throttle youtube

spartain
Level 1
Level 1

I am trying to throttle http traffic for a specific network utilizing a policy-map and class-maps.  What I am trying to do is limit facebook, youtube, etc for a specific vlan but allow others to pass unmetered.  I have class-maps that match the http hosts which work fine and I have a class-map that matches the source network but I cannot seem to get it to match both at the same time.  Does anyone have a sample config that will match a source network and http host and apply a policer or priority to both?  So basically I just want to slow down youtube and facebook for the network below.

vlan IP 192.168.30.0/24

websites *youtube* *facebook* *fbcdn*

Thank you all for your support and assistance.

Mike

1 Accepted Solution

Accepted Solutions

ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )

POLICE-WWW will match url list and source 192.168.30/24

"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :

policy-map filter

class ALL-SOURCES

   police rate 10000000

class POLICE-WWW

   police rate 1000000

Dan

View solution in original post

4 Replies 4

Hi ,

The policy-map works by the first match. I think that the problem is that if you have the first class-map matching all the www traffic , this class-map will match also the "unwanted vlan source". So you should deny the IP sources that you want to police. Your config should look like :

!

ip access-list stan ACL-VLAN30

  permit 192.168.30.0 0.0.0.255

!

class-map match-all ALL-SOURCES

  match no access-group name ACL-VLAN30

  match protocol http url "*facebook*" "*youtube*" "*fbcdn*"

!

!

class-map match-all POLICE-WWW

  match access-group name ACL-VLAN30

  match protocol http url "*facebook*" "*youtube*" "*fbcdn*"

!

Dan

Thanks for the reply,

would the policy-map just match ALL-Sources then POLICE like?

policy-map filter

class ALL-SOURCES

     priority 10000000  (10mb)

class POLICE-WWW

     priority 1000000 (1mb)

Am I thinking about this right?

Thanks again, this has been a challenge for me.

ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )

POLICE-WWW will match url list and source 192.168.30/24

"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :

policy-map filter

class ALL-SOURCES

   police rate 10000000

class POLICE-WWW

   police rate 1000000

Dan

Perfect! I will test this out tomorrow. Thanks for the help and the quick response! 

Much appreciated!

Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco