Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1257
Views
0
Helpful
4
Replies

NBAR configuration for specific Vlan to throttle youtube

Go to solution
spartain
Level 1
Level 1

‎02-12-2012 01:31 AM - edited ‎03-03-2019 06:29 AM

I am trying to throttle http traffic for a specific network utilizing a policy-map and class-maps.  What I am trying to do is limit facebook, youtube, etc for a specific vlan but allow others to pass unmetered.  I have class-maps that match the http hosts which work fine and I have a class-map that matches the source network but I cannot seem to get it to match both at the same time.  Does anyone have a sample config that will match a source network and http host and apply a policer or priority to both?  So basically I just want to slow down youtube and facebook for the network below.

vlan IP 192.168.30.0/24

websites *youtube* *facebook* *fbcdn*

Thank you all for your support and assistance.

Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7
In response to spartain

‎02-12-2012 02:26 AM

ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )

POLICE-WWW will match url list and source 192.168.30/24

"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :

policy-map filter

class ALL-SOURCES

   police rate 10000000

class POLICE-WWW

   police rate 1000000

Dan

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7

‎02-12-2012 01:58 AM

Hi ,

The policy-map works by the first match. I think that the problem is that if you have the first class-map matching all the www traffic , this class-map will match also the "unwanted vlan source". So you should deny the IP sources that you want to police. Your config should look like :

!

ip access-list stan ACL-VLAN30

  permit 192.168.30.0 0.0.0.255

!

class-map match-all ALL-SOURCES

  match no access-group name ACL-VLAN30

  match protocol http url "*facebook*" "*youtube*" "*fbcdn*"

!

!

class-map match-all POLICE-WWW

  match access-group name ACL-VLAN30

  match protocol http url "*facebook*" "*youtube*" "*fbcdn*"

!

Dan

0 Helpful

Go to solution
spartain
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎02-12-2012 02:05 AM

Thanks for the reply,

would the policy-map just match ALL-Sources then POLICE like?

policy-map filter

class ALL-SOURCES

     priority 10000000  (10mb)

class POLICE-WWW

     priority 1000000 (1mb)

Am I thinking about this right?

Thanks again, this has been a challenge for me.

0 Helpful

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7
In response to spartain

‎02-12-2012 02:26 AM

ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )

POLICE-WWW will match url list and source 192.168.30/24

"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :

policy-map filter

class ALL-SOURCES

   police rate 10000000

class POLICE-WWW

   police rate 1000000

Dan

0 Helpful

Go to solution
spartain
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎02-12-2012 02:29 AM

Perfect! I will test this out tomorrow. Thanks for the help and the quick response! 

Much appreciated!

Mike

0 Helpful
Customers Also Viewed These Support Documents