Link to home
Start Free TrialLog in
Avatar of ketanrajul
ketanrajul

asked on

Bandwidth limitation during day time

We have cisco 7206VXR with IOS Version 12.1(13)E1.We are also running WCCP on this router.We've terminated Leased Line customers on serial interface cards & other dial-up traffic is coming to this router on other serial ports.We want to restrict Bandwidth of one of our leased customer during day time (i.e 10:00 Hrs to 18:00 Hrs) to 512Kbps from 2Mbps, which is a peak period  for our dial-up traffic.
Is it possible with the router and IOS mentioned above ? can it be done with the help of PBR ? or any other way ? If yes full configuratin with commands is required.
Avatar of Les Moore
Les Moore
Flag of United States of America image

Yes, there are several ways to do this. You can use Generic Traffic shaping or rate-limit with time-based acls..

Something like this:

! -- be sure you use NTP to sync the clock for accuracy
ntp server <ip address> prefer
clock timezone <TZ> -x

! -- define the time range that you want to restrict traffic
time-range <name>
  periodic days-of-the-week 10:00 to 18:00

!-- define an access-list and apply the defined time range 1 ACl for outbound, 1 ACL for inbound
ip access-list 109 permit ip <local subnet> <mask> <remote subnet> <mask> time-range <name>
!-- define the exact reverse
ip access-list 110 permit ip <remote subnet> <mask> <local subnet> <mask> time-range <name>
!
!-- assign the access-list to the appropriate interface with GTS:
interface FastEthernet 0/0
  traffic-shape group 109 <rate>

!-- ALTERNATE using rate-limit commands

interface Serial 0/x
   rate-limit output <rate> access-group 109 conform-action continue exceed-action drop
   rate-limit input <rate> access-group 110 conform-action continue exceed-action drop



References:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#timebasedtimerange
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca564.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_command_reference_chapter09186a008010a38c.html
Avatar of ketanrajul
ketanrajul

ASKER

thanks for early reply irmoore

Let me clear that we are not using NTP in our setup.
I've tried with rate-limit command, but 'access-group' option is not available after rate-limit output <rate> ----.
Whether IOS mentioned supports ? Also, whether NTP is a must ? or i can go ahead for option-1 as mentioned by you ?
also, in first option you've not mentioned
 
 'traffic-shape group 110 <rate>"
The reason that I highly suggest using NTP is to keep the system clock accurate. If the router reboots, its system clock turns back to some date in like 1993 and the time will be off. What you don't want is your time-based acl to be applied at the wrong time.

If you have a chance to upgrade to 12.2T, the rate-limit command will accept the access-group.

Yes, you can go ahead with the first option with generic traffic shaping. I did not use the acl 110 for the reverse traffic because the traffic is evaluated as it enters the Ethernet interface. The reverse traffic should be evaluated/limited at the ingress interface (i.e. Serial 0/x). Sorry about not being clear on that...

I want to apply this command to serial interface as mentioned.Hence,whether i should use acl 110 for reverse traffic ?
Yes, apply the acl 110 for the reverse traffic on the serial interface
We tried the time based ACL with first option,but it didn't work.
The commands used are as follows:

router(config)#time-range TEST
         (config-time-range)#periodic daily 14:00 to 14:30

router(config)#access-list 108 permit ip 203.x.y.z 0.0.0.8 any time-range TEST
router(config)#access-list 109 permit ip any 203.x.y.z 0.0.0.8  time-range TEST

router(config)#int s5/3
router(config-int)#traffic-shape group 108 512000
router(config-int)#traffic-shape group 109 512000
=====================================================
   The config has been checked as follows :
=============================
router#show time-range
time-range entry: TEST (active)
   periodic daily 14:00 to 14:30
   used in: IP ACL entry
   used in: IP ACL entry
   
router#show access-lists 108
Extended IP access list 108
    permit ip 203.x.y.z 0.0.0.8 any time-range TEST (active)
router#show access-lists 109
Extended IP access list 109
    permit ip any 203.x.y.z 0.0.0.8 time-range TEST (active) (11 matches)        <----------
Irmoore where are you ? need your cooperation !!!
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Do you need more information?
Have you resolved this problem?
Can you close this question?
Thanks!