I was playing around with QoS shaping and policing. The router that I have is using PAT. I know that translation happens before QoS and special "things" need to be done to get it to work correctly.
I was shaping/policing after marking the packet inbound on the inside interface, and then I would match that packet outbound and shape it based on the dscp marking. I sent a file to an FTP server, and it did exactly what I expected by shaping or dropping the traffic. Problem is that I could download with no problems.
Okay, so my question is that in order for me to shape downloads, my policy map would need to reference my public address list like "permit any <public address>" for me to be able to police that traffic back in.
Is there a way to also base it off of port that way I could limit ftp traffic, but allow all http downloads?
Download is considered inbound traffic and you are unable to shape inbound, you are only able to police inbound.
If you want to police inbound, your matching criteria must be the source of the packet. The value can be a source IP address|port or a QoS marking if the remote device is marking their packets at egress.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.