11-27-2011 07:19 AM - edited 03-04-2019 02:25 PM
Dear Friends.. Good day ..
i have a requirement .. in which i have a router which is having a big pipe of bandwidth is coming .. and now i have to allocate the bandwidth - 128K very exact to one of our client... not very sure how i can do this and how i can make sure this is working correctly and can also show this to client about the bandwidth allocated to him
please read below point and correct me if m wrong ...
1. from client rack / switch .. pull a wire and put it into our switch which then connecte to WAN router - not connecting client LAN directly to router becoz of port usage .. dont want to give single client a dedicated port .. inturn planning of using VLAN and then terminate from switch to router LAN interface.
2. configure routing + NAT and ACL (if required)
3. .................? this is missing .. how can i allocate him specific bandwidth based on his subnet .this router will be having multiple clients like this .. with their own subnets
Please advice. and if you have some sample configuration please share if u can .Thanks for the help
Solved! Go to Solution.
11-27-2011 09:21 AM
Lets assume the subnet of client 1 is 10.1.1.0/24
Access-list 100 permit ip 10.1.1.0 0.0.0.255 any
Class-map client1
Match access-group 100
Policy-map p1
Class client1
Police 128000
The apply the policy inbound on the router LAN interface
You can add another acl and class map like the above per subnet
Int x/x
Service policy p1 in
Hope this help
If helpful rate
Sent from Cisco Technical Support iPhone App
11-27-2011 10:15 PM
See answers below
1- no as the vlan interface works differently because it might be assigned to multiple physical interfaces
2-you might try to use shown policy map interface x/x to display the bandwidth allocation per class and the drop if any
Or you can enable net flow in the interface and use a net flow application to collect real time statistical data to see the usage per ip source, dscp marking ...etc
3- this something you have to configure as per your requirements if you can do any of the options you mentioned using same policing calm and with burst and you can mark down the exceeded traffic rather than drop it if want to
4- use same police command with burst key work
Nating will be performed to the traffic going via the outside interface so it has no issue with matching the source ip from the inbound interface
Hope this help
Plz rate the helpful posts
11-28-2011 12:05 AM
What I meant by vlan interface is layer 3 vlan interface
In your case you will need layer 2 vlan only in the switch
And configure the router interface with above qos policy concept and all will good
HTH
11-28-2011 09:35 PM
If you are going to divid the fe interface of the routers to sub interfaces per vlan then just apply the qos policy on the main physical interface with the appropriate class maps per source subnet
And I meant by vlan interface on the switch not the router one you referring to
HTH
11-28-2011 10:30 PM
See below links
Use inbound inur case for the policy application
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a0080114326.shtml
http://ardenpackeer.com/qos-voip/qos-applying-cbwfq-to-a-sub-interface/
http://www.configrouter.com/topic/qos-configuration-on-fe-subinterface
You can chose to use per sub interface policy
Or one on the main interface but you need to have all the class maps of all subnets under this policy in this case
Hope this help
11-27-2011 09:21 AM
Lets assume the subnet of client 1 is 10.1.1.0/24
Access-list 100 permit ip 10.1.1.0 0.0.0.255 any
Class-map client1
Match access-group 100
Policy-map p1
Class client1
Police 128000
The apply the policy inbound on the router LAN interface
You can add another acl and class map like the above per subnet
Int x/x
Service policy p1 in
Hope this help
If helpful rate
Sent from Cisco Technical Support iPhone App
11-27-2011 09:54 AM
Thanks for the quick reply ... couple of questions..
1. the interface you mentioned .. can be a vlan interface...?
2. can i monitor this .. and can i show this to client..in action so that he gets a confidence that he got the perfect what he asked.
3. traffic if goes above 128 will be dropped or queued ... means what will happen in this case...?
4. how can i configure CIR and bursting .. and packet drop (what do you say .. recommended or not - packet dropping)
Thansk for the help and time
one more things NAT will also come into play to convert the private to public .. no worries...?
11-27-2011 10:15 PM
See answers below
1- no as the vlan interface works differently because it might be assigned to multiple physical interfaces
2-you might try to use shown policy map interface x/x to display the bandwidth allocation per class and the drop if any
Or you can enable net flow in the interface and use a net flow application to collect real time statistical data to see the usage per ip source, dscp marking ...etc
3- this something you have to configure as per your requirements if you can do any of the options you mentioned using same policing calm and with burst and you can mark down the exceeded traffic rather than drop it if want to
4- use same police command with burst key work
Nating will be performed to the traffic going via the outside interface so it has no issue with matching the source ip from the inbound interface
Hope this help
Plz rate the helpful posts
11-27-2011 10:34 PM
thanks for the rpely .. but you saying it will not work with VLAN.. first of al am not able to understand why .. secondly .. then are you saying for each client we have to give him dedicated port from his lan to come to my router which is having WAN connection .. > i dont thnk this is practical ... ?
Please advice.. i told you wany m doing VLAN just to have multiple clients terminatiing their LAN on same interface... do you have some better idea for this
11-28-2011 12:05 AM
What I meant by vlan interface is layer 3 vlan interface
In your case you will need layer 2 vlan only in the switch
And configure the router interface with above qos policy concept and all will good
HTH
11-28-2011 12:19 AM
thanks for the time and reply again ...
when u say i dont need layer 3 interface.. what do you mean by this .. sorry it this is basic .. but i will have a switch .. Cisco 3750 on which all my client's lan will come and connect .. and from there a wire will connect the router's fe interface which logically will be then divided into LANs based on each client. and then qos policy will come into play and will be applied on each vlan interface
Please correct me if i am wrong .. Thansk for the help
11-28-2011 09:35 PM
If you are going to divid the fe interface of the routers to sub interfaces per vlan then just apply the qos policy on the main physical interface with the appropriate class maps per source subnet
And I meant by vlan interface on the switch not the router one you referring to
HTH
11-28-2011 09:54 PM
Thanks for the time and reply SIR...
do you have some sample configuration ... for my scenario ... dont have much idea how to do this .. or some article ..
i will have VLAN on the switch also which will differentiate and then on router also becoz of WAN line terminating on router.
so just to sum up .. i can have different policies per vlan interface... just worried about one thing .. if i am terminating multiple clients on same router then they will be able to see each other .. becoz of inter VLan routing. sorrent me if i am wrong. Any suggestion on this side.
Please provide some article or some sample configuration if you have ..thanks for the help
Happiness Always
11-28-2011 10:30 PM
See below links
Use inbound inur case for the policy application
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a0080114326.shtml
http://ardenpackeer.com/qos-voip/qos-applying-cbwfq-to-a-sub-interface/
http://www.configrouter.com/topic/qos-configuration-on-fe-subinterface
You can chose to use per sub interface policy
Or one on the main interface but you need to have all the class maps of all subnets under this policy in this case
Hope this help
11-28-2011 10:38 PM
Thanks for the help.. happiness Always
11-28-2011 10:40 PM
For the other question of isolating clients traffic and not to have then routed to each other the best way to achieve it is by using vrf lite which is a bit advanced topic in routing where you can have multiple routing instances in one physical routing and they are isolated and you need to address this with your nat cofig
Examples
http://irwanp.wordpress.com/2009/02/10/multiple-vrf-on-one-customer-site/
http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/
http://fengnet.com/book/MPLS%20VPN%20Security/ch09lev1sec2.html
Vrf with nat
http://packetlife.net/forums/thread/680/
Hope this help
11-28-2011 10:48 PM
was thinking to use ACL to block traffic on sub interfaces not good ...?
11-28-2011 10:57 PM
Yes it is another option as well
11-29-2011 02:06 AM
i just followed this in my case..
Access-list 100 permit ip 10.1.1.0 0.0.0.255 any
Class-map client1
Match access-group 100
Policy-map p1
Class client1
Police 128000
The apply the policy inbound on the router LAN interface
You can add another acl and class map like the above per subnet
Int x/x
Service policy p1 in
but this is only working one side on uploading .. downloading is coming as it is ... secondly .. the value which u gave 128000 is this 128kbps .. how can i make sure this ..
Please advice..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide