08-14-2003 03:58 AM - edited 03-02-2019 09:35 AM
Dear all,
I want to reduce bottleneck to our ISP link (256kbps) caused by users' download, etc. Below is my configuration.
interface Serial0/0
ip address rtr.ip net_mask_rtr
ip access-group 100 in
ip nat outside
rate-limit input access-group 104 128000 8000 8000 conform-action transmit exceed-action drop
rate-limit input access-group 105 128000 8000 8000 conform-action transmit exceed-action drop
encapsulation ppp
access-list 104 permit any 192.168.1.0 0.0.0.255
access-list 104 deny any
access-list 105 permit any 192.168.2.0 0.0.0.255
access-list 105 deny any
ACL 100 is more general (i.e: tcp established, and allowed type of connection). I'm not very confident that above 104 & 105 could help me to limit users traffic, and also it seems to me there are two acls for s0/0 to forward traffic to each local 1.x & local 2.x networks.
Any suggestions and helps will be greatly appreciated.
Thank you.
Best regards,
b.go
08-15-2003 05:35 AM
hi,
write me your nat and ethernet configuration.....
szicsu
08-18-2003 08:27 AM
Seems like this wont stop them from tying up the internet circuit, it will just stop the data from getting throught the router once it has come over the internet link.
08-22-2003 07:29 PM
Hi, here is my ethernet and NAT config.
I'm using router on a stick configuration with Catalyst-2950 at the perimeter with (VLAN1<1.x>, VLAN2<2.x>, and DMZ).
ip nat pool net1 ext_ip1 ext_ip1 netmask ext.ip.net.mask
ip nat pool net2 ext_ip2 ext_ip2 netmask ext.ip.net.mask
ip nat inside source list 1 pool net1 overload
ip nat inside source list 2 pool net2 overload
interface FastEthernet0/0
description TRUNK-TO-SWITCH
no ip address
speed 100
full-duplex
interface FastEthernet0/0.A
description TO NET1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nat inside
interface FastEthernet0/0.B
description TO NET2
encapsulation dot1Q 10
ip address 192.168.2.1 255.255.255.0
ip nat inside
interface FastEthernet0/0.C
description TO DMZ
encapsulation dot1Q 100
ip address ext_ip_address net_mask
ip access-group 103 in
ip access-group 102 out
Many thanks for any suggestions and helps.
Best regards,
b.go
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide