Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NBAR configuration for specific Vlan to throttle youtube

I am trying to throttle http traffic for a specific network utilizing a policy-map and class-maps.  What I am trying to do is limit facebook, youtube, etc for a specific vlan but allow others to pass unmetered.  I have class-maps that match the http hosts which work fine and I have a class-map that matches the source network but I cannot seem to get it to match both at the same time.  Does anyone have a sample config that will match a source network and http host and apply a policer or priority to both?  So basically I just want to slow down youtube and facebook for the network below.

vlan IP 192.168.30.0/24

websites *youtube* *facebook* *fbcdn*

Thank you all for your support and assistance.

Mike

1 ACCEPTED SOLUTION

Accepted Solutions

Re: NBAR configuration for specific Vlan to throttle youtube

ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )

POLICE-WWW will match url list and source 192.168.30/24

"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :

policy-map filter

class ALL-SOURCES

   police rate 10000000

class POLICE-WWW

   police rate 1000000

Dan

4 REPLIES

Re: NBAR configuration for specific Vlan to throttle youtube

Hi ,

The policy-map works by the first match. I think that the problem is that if you have the first class-map matching all the www traffic , this class-map will match also the "unwanted vlan source". So you should deny the IP sources that you want to police. Your config should look like :

!

ip access-list stan ACL-VLAN30

  permit 192.168.30.0 0.0.0.255

!

class-map match-all ALL-SOURCES

  match no access-group name ACL-VLAN30

  match protocol http url "*facebook*" "*youtube*" "*fbcdn*"

!

!

class-map match-all POLICE-WWW

  match access-group name ACL-VLAN30

  match protocol http url "*facebook*" "*youtube*" "*fbcdn*"

!

Dan

New Member

Re: NBAR configuration for specific Vlan to throttle youtube

Thanks for the reply,

would the policy-map just match ALL-Sources then POLICE like?

policy-map filter

class ALL-SOURCES

     priority 10000000  (10mb)

class POLICE-WWW

     priority 1000000 (1mb)

Am I thinking about this right?

Thanks again, this has been a challenge for me.

Re: NBAR configuration for specific Vlan to throttle youtube

ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )

POLICE-WWW will match url list and source 192.168.30/24

"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :

policy-map filter

class ALL-SOURCES

   police rate 10000000

class POLICE-WWW

   police rate 1000000

Dan

New Member

Re: NBAR configuration for specific Vlan to throttle youtube

Perfect! I will test this out tomorrow. Thanks for the help and the quick response! 

Much appreciated!

Mike

711
Views
0
Helpful
4
Replies