12-22-2008 12:25 PM - edited 03-04-2019 12:47 AM
Hi ALL,
there are 3 different companies share one 2811 router and there is 5.0 Mbps in WAN connection. We'd like to provision bandwidth between these three companies. I know with the QoS, we can define bandwith based on ACL. is there any document that describe this solution?
thanks
Alex
Solved! Go to Solution.
12-22-2008 12:58 PM
yep.. you can have an independent input service policy.
match the ACL based on destination address and apply it in the input direction
e.g.
access-list 111 permit ip any host publicip1
class-map traffictocompany1
match ip address 111
policy-map inboundqos
class traffictocompany1
police cir
interface serial x/y
service-policy input inboundqos
The input and output policies are independent of each other so you can do both simultaneously
12-22-2008 12:36 PM
Pulling this off a post I recently posted :-)
1st make 3 ACL to match your source ip's
access-list 101 permit ip x.x.x.x y.y.y.y any
where (x.x.x.x is the subnet for company1)
access-list 102 permit ip a.a.a.a b.b.b.b any
a.a.a.a is subnet for company2
access-list 103 permit ip m.m.m.m n.n.n.n any
m.m.m.m is subnet for company3
2nd make a class map to match the ACL
class-map company1class
match access-group 101
class-map company2class
match access-group 102
class-map company3class
match access-group 103
3rd make a policy-map to match the class above with the QoS you want to give it
policy-map percompany
class company1class
bandwidth 512
class company2class
bandwidth 1024
class company3class
bandwidth 2048
4th attach the policy-map to the outgoing interface pointing to the SP (WAN)
interface serial x/y
service-policy output percompany
Instead of matching the source IP address, you can also use match input interface ;-) all of them are hanging off different interfaces
Note: I dint divide bandwidth equally. You can do that if that is the intent
12-22-2008 12:48 PM
Thanks for your reply,
How about incoming traffic from internet to the router? can we do the same method. the router has three different public IP addresses.
thanks
12-22-2008 12:58 PM
yep.. you can have an independent input service policy.
match the ACL based on destination address and apply it in the input direction
e.g.
access-list 111 permit ip any host publicip1
class-map traffictocompany1
match ip address 111
policy-map inboundqos
class traffictocompany1
police cir
interface serial x/y
service-policy input inboundqos
The input and output policies are independent of each other so you can do both simultaneously
12-22-2008 04:33 PM
Athough Arvind's second post shows what you can do inbound, the results will not be the same as outbound. The first major difference is, outbound you have different class queues which should obtain a minimum amount of specified bandwidth when there's congestion. Inbound, the classes will cap the amount of bandwidth used. The biggest different between these two approaches is an outbound class, unless also shaped or policed, can use additional excess available bandwidth; inbound the class will never be allowed to use more than its policed cap even if the bandwidth is available.
The second major difference, for inbound, although your policiers will restrict the amount of bandwidth forwarded by your router, they may not have any effect upon inbound traffic utilization (e.g. most non-TCP traffic) or if they do (e.g. TCP traffic), the traffic might burst on the link before it gets to the policer.
The best method to regulate inbound is on the other side of the link's outbound. Next best, at least with TCP traffic, is regulation of the outbound ACKs and/or manipulation of receiver advertised receive window values. Neither of these methods, I believe, supported by Cisco devices.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide