KS_Robert
asked on
Traffic Shaping on a 7206VxR or 3640
Any Help is Appreciated:
I am currently using a Cisco 7206VxR and a Cisco 3640 router. I am wanting to know how to use the Traffic Shaping capabilities to limit bandwidth coming in/out of certain ip addresses and subnets behind this router. Everything uses real ip addresses, and I want to ensure that certain clients that run servers on the network stay within their allotted bandwidth. I currently monitor everything with MRTG to keep an eye on things, but that doesn't stop someone from sucking the pipe dry if they choose to, it only lets me know it happened, and doesn't actually limit or stop this activity. Now, I would guess from what I have read, that this uses access lists or something similar. Can anyone help me out or provide me with good documentation. I have already searched Cisco's website and Experts Exchange for a good answer and I have yet to find one. Thanks in advance.
-Robert
I am currently using a Cisco 7206VxR and a Cisco 3640 router. I am wanting to know how to use the Traffic Shaping capabilities to limit bandwidth coming in/out of certain ip addresses and subnets behind this router. Everything uses real ip addresses, and I want to ensure that certain clients that run servers on the network stay within their allotted bandwidth. I currently monitor everything with MRTG to keep an eye on things, but that doesn't stop someone from sucking the pipe dry if they choose to, it only lets me know it happened, and doesn't actually limit or stop this activity. Now, I would guess from what I have read, that this uses access lists or something similar. Can anyone help me out or provide me with good documentation. I have already searched Cisco's website and Experts Exchange for a good answer and I have yet to find one. Thanks in advance.
-Robert
ASKER
Okay,
I am getting the hang of it now. Answer me another follow up here and we'll be done.
What is the syntax for the following? I have a 3640 router and the internet backbone is on a serial sub interface, for instance, serial0/0.1, and the ethernet is on ethernet0/0, which is plugged into a cisco switch where the client is plugged into as well. Now, let's say their ip range is 192.168.0.32/28 or a 255.255.255.240 subnet. I want to limit them to 256k and not have any burst or anything. But also, i'd like to know how to allow for a burst if possible. And if you can, explain each part of the commands so I can hopefully do this on my own. Thanks for the quick response.
-Robert
I am getting the hang of it now. Answer me another follow up here and we'll be done.
What is the syntax for the following? I have a 3640 router and the internet backbone is on a serial sub interface, for instance, serial0/0.1, and the ethernet is on ethernet0/0, which is plugged into a cisco switch where the client is plugged into as well. Now, let's say their ip range is 192.168.0.32/28 or a 255.255.255.240 subnet. I want to limit them to 256k and not have any burst or anything. But also, i'd like to know how to allow for a burst if possible. And if you can, explain each part of the commands so I can hopefully do this on my own. Thanks for the quick response.
-Robert
On the Interface, determine the traffic shape rate. No burst, to excess burst capability at all, and identify the access-list that will determine what traffic is limited:
Ethernet 0/0
traffic-shape group 101 256000
!
! Now set up the traffic to permit traffic from anyone to the 192.168.0.32 network and all traffic from that network to anyone else. Any packets matching this will be reduced to 256k
!
access-list 101 permit ip any 192.168.0.32 255.255.255.240
access-list 101 permit ip 192.168.0.32 255.255.255.240 any
I assume that you have this already in your config:
!
ip subnet zero
!
That should do it!
Ethernet 0/0
traffic-shape group 101 256000
!
! Now set up the traffic to permit traffic from anyone to the 192.168.0.32 network and all traffic from that network to anyone else. Any packets matching this will be reduced to 256k
!
access-list 101 permit ip any 192.168.0.32 255.255.255.240
access-list 101 permit ip 192.168.0.32 255.255.255.240 any
I assume that you have this already in your config:
!
ip subnet zero
!
That should do it!
ASKER
Thanks for the help. One more quick question:
When using the access-list command and then putting a number after it to make it unique, such as 101, can you have several lines with 101 to have a very complex rule? Also, is it a good idea to start at 100 or 101 and what increments can you use? What are your tips on this?
Thanks,
Robert
When using the access-list command and then putting a number after it to make it unique, such as 101, can you have several lines with 101 to have a very complex rule? Also, is it a good idea to start at 100 or 101 and what increments can you use? What are your tips on this?
Thanks,
Robert
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks so much for clearing this up and making it easy to understand. Much Appreciated.
-Robert
-Robert
Glad to help!
ASKER
lrmoore,
I know it has been 2 months since this question was closed, but I hadn't had a chance to actually try this out yet. I am having some issues:
When I try and use access lists, I am able to issue all the correct commands:
access-list 101 permit ip any 192.168.0.32 255.255.255.240
access-list 101 permit ip 192.168.0.32 255.255.255.240 any
and it takes them without any problem, but once I end config mode and write memory, and do a show config, my lines show up like this:
access-list 101 permit ip any 0.0.0.0 255.255.255.240
access-list 101 permit ip 0.0.0.0 255.255.255.240 any
I have tried lots of different ip ranges and all of them do this, it just converts them to zeros or atleast that's what is showing up. Do you have any thoughts on this?
Thanks,
Robert
I know it has been 2 months since this question was closed, but I hadn't had a chance to actually try this out yet. I am having some issues:
When I try and use access lists, I am able to issue all the correct commands:
access-list 101 permit ip any 192.168.0.32 255.255.255.240
access-list 101 permit ip 192.168.0.32 255.255.255.240 any
and it takes them without any problem, but once I end config mode and write memory, and do a show config, my lines show up like this:
access-list 101 permit ip any 0.0.0.0 255.255.255.240
access-list 101 permit ip 0.0.0.0 255.255.255.240 any
I have tried lots of different ip ranges and all of them do this, it just converts them to zeros or atleast that's what is showing up. Do you have any thoughts on this?
Thanks,
Robert
You are using wildcard bits, not IP and Mask.
Sample:
194.145.63.192 0.0.0.7 - this means adresses from 194.145.63.192 to 194.145.63.199
format is: first IP, reverced netmasc.
0.0.0.7 is equal to netmask: 255.255.255.248.
Sample:
194.145.63.192 0.0.0.7 - this means adresses from 194.145.63.192 to 194.145.63.199
format is: first IP, reverced netmasc.
0.0.0.7 is equal to netmask: 255.255.255.248.
http://www.cisco.com/warp/public/732/Tech/car/
If you want to use Traffic Shaping:
Ethernet 0 is configured to limit specific traffic to/from the network that you want to constrain to 1 Mbps
access-list 101 permit ip any <constrained network>
access-list 101 permit ip <constrained network> any
interface Ethernet0
traffic-shape group 101 1000000 125000 125000
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart4/qcgts.htm#14630