Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
7
Helpful
1
Replies

Rate Limiting on ISP router

rajakumar.P
Level 1
Level 1

‎05-08-2007 10:17 PM - edited ‎03-10-2019 03:09 PM

Hi,

We have multiple internal lans/networks sharing a common internet pipe/link terminated on a Cisco router.

We have seperate NAT IPs ( Public IPs ) configured for each network to differentiate them from one another outside the firewall.

My requirement is like this ,

1) I want to do a QOS on my internet router by restricting a maximum of 1 Mb internet bandwidth for each internal network.

2) Presently i have configured a rate-limiting command on my interface with a matching ACL.

!

interface FastEthernet0/1

description ### MY ISP facing interface ###

ip address xxx.xxx.xxx.xxx 255.255.255.252

rate-limit input access-group 101 1024000 64000 64000 conform-action transmit exceed-action drop

rate-limit output access-group 102 1024000 64000 64000 conform-action transmit exceed-action drop

access-list 101 remark ### input ACL 4 BW Cap test for network1 ###

access-list 101 permit ip any host network1-NAT-IP

access-list 101 remark ### deny any any ###

access-list 101 deny ip any any

access-list 102 remark ### output ACL 4 BW Cap test for network1 ###

access-list 102 permit ip host network1-NAT-IP any

access-list 102 remark ### deny any any ###

access-list 102 deny ip any any

3) What will happen if i add one more NAT-IP in my rate-limit matching ACL as shown below.

access-list 101 remark ### input ACL 4 BW Cap test for network1 ###

access-list 101 permit ip any host network1-NAT-IP

access-list 101 remark ### input ACL 4 BW Cap test for network2 ###

access-list 101 permit ip any host network2-NAT-IP

access-list 101 remark ### deny any any ###

access-list 101 deny ip any any

access-list 102 remark ### output ACL 4 BW Cap test for network1 ###

access-list 102 permit ip host network1-NAT-IP any

access-list 101 remark ### input ACL 4 BW Cap test for network2 ###

access-list 102 permit ip host network2-NAT-IP any

access-list 102 remark ### deny any any ###

access-list 102 deny ip any any

!! a) Will my second network ( network2-NAT-IP) will also have a maximum BW cap of 1 Mb

!! b) Is so can I add all more QOS needed NAT IPs to this matching ACL.

Any help regarding the same is appreciated

Labels:
0 Helpful
1 Reply 1

hoogen_82
Level 4
Level 4

‎05-08-2007 10:23 PM

a) Your second network would also have the same set of parameters.

b) You can more networks.

-Hoogen

Do rate this post if it helps :)

Customers Also Viewed These Support Documents