Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9562
Views
5
Helpful
24
Replies

bandwidth allocation ...

Go to solution
JATINDER KUMAR
Level 1
Level 1

‎11-27-2011 07:19 AM - edited ‎03-04-2019 02:25 PM

Dear Friends.. Good day ..

i have a requirement .. in which i have a router which is having a big pipe of bandwidth is coming .. and now i have to allocate the bandwidth - 128K very exact to one of our client... not very sure how i can do this and how i can make sure this is working correctly and can also show this to client about the bandwidth allocated to him

please read below point and correct me if m wrong ...

1. from client rack / switch .. pull a wire and put it into our switch which then connecte to WAN router - not connecting client LAN directly to router becoz of port usage .. dont want to give single client a dedicated port .. inturn planning of using VLAN and then terminate from switch to router LAN interface.

2. configure routing + NAT and ACL (if required)

3. .................? this is missing .. how can i allocate him specific bandwidth based on his subnet .this router will be having multiple clients like this .. with their own subnets

Please advice. and if you have some sample configuration please share if u can .Thanks for the help

Labels:
0 Helpful
5 Accepted Solutions

Accepted Solutions

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎11-27-2011 09:21 AM

Lets assume the subnet of client 1 is 10.1.1.0/24

Access-list 100 permit ip 10.1.1.0 0.0.0.255 any

Class-map client1

Match access-group 100

Policy-map p1

Class client1

Police 128000

The apply the policy inbound on the router LAN interface

You can add another acl and class map like the above per subnet

Int x/x

Service policy p1 in

Hope this help

If helpful rate

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-27-2011 10:15 PM

See answers below

1- no as the vlan interface works differently because it might be assigned to multiple physical interfaces

2-you might try to use shown policy map interface x/x to display the bandwidth allocation per class and the drop if any

Or you can enable net flow in the interface and use a net flow application to collect real time statistical data to see the usage per ip source, dscp marking ...etc

3- this something you have to configure as per your requirements if you can do any of the options you mentioned using same policing calm and with burst and you can mark down the exceeded traffic rather than drop it if want to

4- use same police command with burst key work

Nating will be performed to the traffic going via the outside interface so it has no issue with matching the source ip from the inbound interface

Hope this help

Plz rate the helpful posts

View solution in original post

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-28-2011 12:05 AM

What I meant by vlan interface is layer 3  vlan interface

In your case you will need layer 2 vlan only in the switch

And configure the router interface with above qos policy concept and all will good

HTH

View solution in original post

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-28-2011 09:35 PM

If you are going to divid the fe interface of the routers to sub interfaces per vlan then just apply the qos policy on the main physical interface with the appropriate class maps per source subnet

And I meant by vlan interface on the switch not the router one you referring to

HTH

View solution in original post

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-28-2011 10:30 PM

See below links

Use inbound inur case for the policy application

http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a0080114326.shtml

http://ardenpackeer.com/qos-voip/qos-applying-cbwfq-to-a-sub-interface/

http://www.configrouter.com/topic/qos-configuration-on-fe-subinterface

You can chose to use per sub interface policy

Or one on the main interface but you need to have all the class maps of all subnets under this policy in this case

Hope this help

View solution in original post

0 Helpful
24 Replies 24

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎11-27-2011 09:21 AM

Lets assume the subnet of client 1 is 10.1.1.0/24

Access-list 100 permit ip 10.1.1.0 0.0.0.255 any

Class-map client1

Match access-group 100

Policy-map p1

Class client1

Police 128000

The apply the policy inbound on the router LAN interface

You can add another acl and class map like the above per subnet

Int x/x

Service policy p1 in

Hope this help

If helpful rate

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
JATINDER KUMAR
Level 1
Level 1
In response to Marwan ALshawi

‎11-27-2011 09:54 AM

Thanks for the quick reply ... couple of questions..

1. the interface you mentioned .. can be a vlan interface...?

2. can i monitor this .. and can i show this to client..in action so that he gets a confidence that he got the perfect what he asked.

3. traffic if goes above 128 will be dropped or queued ... means what will happen in this case...?

4. how can i configure CIR and bursting .. and packet drop (what do you say .. recommended or not - packet dropping)

Thansk for the help and time

one more things NAT will also come into play to convert the private to public .. no worries...?

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-27-2011 10:15 PM

See answers below

1- no as the vlan interface works differently because it might be assigned to multiple physical interfaces

2-you might try to use shown policy map interface x/x to display the bandwidth allocation per class and the drop if any

Or you can enable net flow in the interface and use a net flow application to collect real time statistical data to see the usage per ip source, dscp marking ...etc

3- this something you have to configure as per your requirements if you can do any of the options you mentioned using same policing calm and with burst and you can mark down the exceeded traffic rather than drop it if want to

4- use same police command with burst key work

Nating will be performed to the traffic going via the outside interface so it has no issue with matching the source ip from the inbound interface

Hope this help

Plz rate the helpful posts

0 Helpful

Go to solution
JATINDER KUMAR
Level 1
Level 1
In response to Marwan ALshawi

‎11-27-2011 10:34 PM

thanks for the rpely .. but you saying it will not work with VLAN.. first of al am not able to understand why .. secondly .. then are you saying for each client we have to give him dedicated port from his lan to come to my router which is having WAN connection .. > i dont thnk this is practical ... ?

Please advice.. i told you wany m doing VLAN just to have multiple clients terminatiing their LAN on same interface... do you have some better idea for this

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-28-2011 12:05 AM

What I meant by vlan interface is layer 3  vlan interface

In your case you will need layer 2 vlan only in the switch

And configure the router interface with above qos policy concept and all will good

HTH

0 Helpful

Go to solution
JATINDER KUMAR
Level 1
Level 1
In response to Marwan ALshawi

‎11-28-2011 12:19 AM

thanks for the time and reply again ...

when u say i dont need layer 3 interface.. what do you mean by this .. sorry it this is basic .. but i will have a switch .. Cisco 3750 on which all my client's lan will come and connect .. and from there a wire will connect the router's fe interface which logically will be then divided into LANs based on each client. and then qos policy will come into play and will be applied on each vlan interface

Please correct me if i am wrong .. Thansk for the help

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-28-2011 09:35 PM

If you are going to divid the fe interface of the routers to sub interfaces per vlan then just apply the qos policy on the main physical interface with the appropriate class maps per source subnet

And I meant by vlan interface on the switch not the router one you referring to

HTH

0 Helpful

Go to solution
JATINDER KUMAR
Level 1
Level 1
In response to Marwan ALshawi

‎11-28-2011 09:54 PM

Thanks for the time and reply SIR...

do you have some sample configuration ... for my scenario ... dont have much idea how to do this .. or some article ..

i will have VLAN on the switch also which will differentiate and then on router also becoz of WAN line terminating on router.

so just to sum up .. i can have different policies per vlan interface... just worried about one thing .. if i am terminating multiple clients on same router then they will be able to see each other .. becoz of inter VLan routing. sorrent me if i am wrong. Any suggestion on this side.

Please provide some article or some sample configuration if you have ..thanks for the help

Happiness Always

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-28-2011 10:30 PM

See below links

Use inbound inur case for the policy application

http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a0080114326.shtml

http://ardenpackeer.com/qos-voip/qos-applying-cbwfq-to-a-sub-interface/

http://www.configrouter.com/topic/qos-configuration-on-fe-subinterface

You can chose to use per sub interface policy

Or one on the main interface but you need to have all the class maps of all subnets under this policy in this case

Hope this help

0 Helpful

Go to solution
JATINDER KUMAR
Level 1
Level 1
In response to Marwan ALshawi

‎11-28-2011 10:38 PM

Thanks for the help.. happiness Always

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-28-2011 10:40 PM

For the other question of isolating clients traffic and not to have then routed to each other the best way to achieve it is by using vrf lite which is a bit advanced topic in routing where you can have multiple routing instances in one physical routing and they are isolated and you need to address this with your nat cofig

Examples

http://irwanp.wordpress.com/2009/02/10/multiple-vrf-on-one-customer-site/

http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/

http://fengnet.com/book/MPLS%20VPN%20Security/ch09lev1sec2.html

Vrf with nat

http://packetlife.net/forums/thread/680/

Hope this help

Go to solution
JATINDER KUMAR
Level 1
Level 1
In response to Marwan ALshawi

‎11-28-2011 10:48 PM

was thinking to use ACL to block traffic on sub interfaces not good ...?

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to JATINDER KUMAR

‎11-28-2011 10:57 PM

Yes it is another option as well

0 Helpful

Go to solution
JATINDER KUMAR
Level 1
Level 1
In response to Marwan ALshawi

‎11-29-2011 02:06 AM

i just followed this in my case..

Access-list 100 permit ip 10.1.1.0 0.0.0.255 any

Class-map client1

Match access-group 100

Policy-map p1

Class client1

Police 128000

The apply the policy inbound on the router LAN interface

You can add another acl and class map like the above per subnet

Int x/x

Service policy p1 in

but this is only working one side on uploading .. downloading is coming as it is ... secondly .. the value which u gave 128000 is this 128kbps .. how can i make sure this ..

Please advice..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card