Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Rate Limit bandwidth on IOS Cisco Router 2921 by Public IP?

My network is allocated a total of 16 Public IP addresses, and my internet interface routes these to an ASA firewall. I would like to limit the traffic entering / exiting the public interface by the IP address it is destined to:

For example: 

 2.2.2.2 < BGP Interface IP (gi0/0)
 1.1.1.1 < Inside Interface IP (gi0/1)
 1.1.1.2 < Firewall IP
 1.1.1.3 < Service 1 IP
 1.1.1.4 < Service 2 IP
 1.1.1.5 < Service 3 IP
 1.1.1.6 < Service 4 IP

and so on and so fourth.

I would like to limit Service 3 to 3Mbps and Servive 4 to 10Mbps. How would I accomplish that? There are multiple ports opened behind these services, and there are NAT statements routing VLANS back out through these IP Addresses. The ASA is doing the NATing.

Here is a sanitized version of the relevant config portions:

!
interface GigabitEthernet0/0
 description INTERNET-LINK
 ip address 2.2.2.2 255.255.255.252
 duplex full
 speed 1000
!
interface GigabitEthernet0/1
 description ROUTER-TO-FIREWALL
 ip address 1.1.1.1 255.255.255.240
 duplex full
 speed 1000
!
interface GigabitEthernet0/2
shutdown
!
router bgp #####
 bgp log-neighbor-changes
 neighbor ############## remote-as ######
 neighbor ############## password #################
 !
 address-family ipv4
  no synchronization
  redistribute connected
  redistribute static
  neighbor ############## activate
  neighbor ############## soft-reconfiguration inbound
  no auto-summary
 exit-address-family
!
ip forward-protocol nd
!!
ip route 1.1.1.1 255.255.255.240 1.1.1.2
!

Thanks!

 
Everyone's tags (1)
1 REPLY
VIP Purple

You could achieve that with a

You could achieve that with a simple shaping:

ip access-list extended ACL-SERVICE-3
  permit ip any host 1.1.1.3
  permit ip host 1.1.1.3 any
ip access-list extended ACL-SERVICE-4
  permit ip any host 1.1.1.6
  permit ip host 1.1.1.6 any
!
class-map CM-SERVICE-3
 match access-group name ACL-SERVICE-3
class-map CM-SERVICE-4
 match access-group name ACL-SERVICE-4
!
policy-map QoS-POLICY
 class CM-SERVICE-3
  shape average 3000000
 class CM-SERVICE-4
  shape average 10m
!
interface GigabitEthernet0/0
 service-policy output QoS-POLICY
interface GigabitEthernet0/1
 service-policy output QoS-POLICY

You could also do policing, but with that, all traffic above the limit will be dropped and needs to be retransmitted.

More on policing and shaping can be found in the config-guide:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/15-mt/qos-plcshp-15-mt-book.html

 


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
614
Views
0
Helpful
1
Replies