Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1136
Views
0
Helpful
1
Replies

Rate Limit bandwidth on IOS Cisco Router 2921 by Public IP?

alsalemcorp
Level 1
Level 1

‎11-10-2014 03:21 AM - edited ‎03-05-2019 12:08 AM

My network is allocated a total of 16 Public IP addresses, and my internet interface routes these to an ASA firewall. I would like to limit the traffic entering / exiting the public interface by the IP address it is destined to:

For example: 

 2.2.2.2 < BGP Interface IP (gi0/0)
 1.1.1.1 < Inside Interface IP (gi0/1)
 1.1.1.2 < Firewall IP
 1.1.1.3 < Service 1 IP
 1.1.1.4 < Service 2 IP
 1.1.1.5 < Service 3 IP
 1.1.1.6 < Service 4 IP

and so on and so fourth.

I would like to limit Service 3 to 3Mbps and Servive 4 to 10Mbps. How would I accomplish that? There are multiple ports opened behind these services, and there are NAT statements routing VLANS back out through these IP Addresses. The ASA is doing the NATing.

Here is a sanitized version of the relevant config portions:

!
interface GigabitEthernet0/0
 description INTERNET-LINK
 ip address 2.2.2.2 255.255.255.252
 duplex full
 speed 1000
!
interface GigabitEthernet0/1
 description ROUTER-TO-FIREWALL
 ip address 1.1.1.1 255.255.255.240
 duplex full
 speed 1000
!
interface GigabitEthernet0/2
shutdown
!
router bgp #####
 bgp log-neighbor-changes
 neighbor ############## remote-as ######
 neighbor ############## password #################
 !
 address-family ipv4
  no synchronization
  redistribute connected
  redistribute static
  neighbor ############## activate
  neighbor ############## soft-reconfiguration inbound
  no auto-summary
 exit-address-family
!
ip forward-protocol nd
!!
ip route 1.1.1.1 255.255.255.240 1.1.1.2
!

Thanks!

 
Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-10-2014 04:04 AM

You could achieve that with a simple shaping:

ip access-list extended ACL-SERVICE-3
  permit ip any host 1.1.1.3
  permit ip host 1.1.1.3 any
ip access-list extended ACL-SERVICE-4
  permit ip any host 1.1.1.6
  permit ip host 1.1.1.6 any
!
class-map CM-SERVICE-3
 match access-group name ACL-SERVICE-3
class-map CM-SERVICE-4
 match access-group name ACL-SERVICE-4
!
policy-map QoS-POLICY
 class CM-SERVICE-3
  shape average 3000000
 class CM-SERVICE-4
  shape average 10m
!
interface GigabitEthernet0/0
 service-policy output QoS-POLICY
interface GigabitEthernet0/1
 service-policy output QoS-POLICY

You could also do policing, but with that, all traffic above the limit will be dropped and needs to be retransmitted.

More on policing and shaping can be found in the config-guide:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/15-mt/qos-plcshp-15-mt-book.html

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card