Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Bandwidth limit and NAT

Just wander if somebody could help me.

I have router with three VLANs (1,2) for internal users NATed to external interface (gi0/0) with overload and VLAN (3) with public IPs routed through the same interface. I’ve created simple QoS policy which will match traffic using IP addressing and assigned it to Gi0/0 as below:

access-list 2103 permit ip host 83.16.91.2 any

access-list 2104 permit ip any host 83.16.91.2

class-map match-any VLAN3QoS

match access-group 2103

match access-group 2104

policy-map QoS

class VLAN3QoS

   police rate 1000000

     conform-action transmit

     exceed-action drop

interface GigabitEthernet0/0

service-policy input QoS

service-policy output QoS

This is working well. However when I try to do the same for private IP addresses:

access-list 2103 permit ip 172.16.1.0 0.0.0.255 any

access-list 2104 permit ip any 172.16.1.0 0.0.0.255

it doesn’t work at all unless I match traffic for any (access-list 2103 permit ip any any).

I believe problem is in NAT as external interface can’t recognize internal IP addressing. I know that I can assign the policy directly to VLAN1 and VLAN2 interfaces but I want to do this on Gi0/0.

Is any way to achieve this goal?

Thank you.

Everyone's tags (2)
229
Views
0
Helpful
0
Replies
CreatePlease to create content