Solved

Limiting bandwidth on static IP with Cisco 1720?

Posted on 2003-11-26
4
1,095 Views
Last Modified: 2008-02-26
I have a Cisco 1720 that is using NAT for the internal network, but have four static mapped IP's. My question, is it possible to limit the bandwidth to ONE of those static IP's (ports 80 & 8080) without limiting the bandwidth to the rest of the static IP's or the NAT? I have been trying to understand rate-limiting and policing, but I am under the impression that it will be global and not selective to a certain IP. Any help would be greatly appreciated. Also, is the access-list 101 in this config doing anything at all? If it helps, it is a 512k T1 and I would like to limit the http on that one address to 256k max.

Would this problem be better solved with a Linux box on the internal side of the router?

Thanks!


Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco1720
!
enable password
!
!
!
!
!
memory-size iomem 20
ip subnet-zero
ip name-server x.x.x.x
ip name-server x.x.x.x
!
!
!
process-max-time 200
!
interface Serial0
 description point-to-point
 ip address 206.x.x.x 255.255.255.252
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 fair-queue 64 256 0
 service-module t1 timeslots 1-8
 service-module t1 fdl ansi
!
interface FastEthernet0
 description connected to EthernetLAN
 ip address 192.168.1.254 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
ip nat pool somenat 206.x.x.x 206.x.x.x netmask 255.255.255.240
ip nat inside source list 1 pool somenat overload
ip nat inside source static 192.168.1.186 206.x.x.x <--This is the one I would like to limit
ip nat inside source static 192.168.1.187 206.x.x.x
ip nat inside source static 192.168.1.188 206.x.x.x
ip nat inside source static 192.168.1.189 206.x.x.x
ip classless
ip forward-protocol udp 135
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 101 deny   53 any any
access-list 101 deny   55 any any
access-list 101 deny   77 any any
access-list 101 deny   pim any any
access-list 101 deny   135 any any
access-list 101 deny   21 any any
!
line con 0
 exec-timeout 0 0
 password
 login
 transport input none
line aux 0
line vty 0 1
 password
 login
line vty 2 4
 login
!
no scheduler allocate
end
0
Comment
Question by:Noplay
  • 2
  • 2
4 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 9826808
You can use Generic Traffic Shaping to limit bandwidth using an acl:

# define the traffic - in both directions - that can access that IP address
access-list 109 permit ip 192.168.1.186 any
access-list 109 permit ip any 206.x.x.x

Interface Fast 0/0
 traffic-shape group 109 256000

Reference
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/qos_r/qos_s3g.htm#1019905
0
 

Author Comment

by:Noplay
ID: 9828377
Thanks for the info and the very quick response time, but I'm not sure that it is working correctly (could just be me though).
I don't see any decrease in bandwidth to that server (incoming or outgoing), I mainly need the incoming bandwidth reduced.

I entered the traffic-shape group 109 256000 with no problem, but the access-list did not take the way it was typed. I ended up typing like this which may not be correct.

access-list 109 permit ip 192.168.1.186 255.255.255.0 any
access-list 109 permit ip any 206.x.x.x 255.255.255.240

When I "show run", it produces this:

access-list 109 permit ip 0.0.0.186 255.255.255.0 any
access-list 109 permit ip any 0.0.0.4 255.255.255.240

Is this correct?

Thanks again for the time!
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 9828548
oops...

access-list should look like this. Use 'host' keyword

access-list 109 permit ip host 192.168.1.186 any
access-list 109 permit ip any host 206.x.x.x
0
 

Author Comment

by:Noplay
ID: 9828747
That's the ticket!
I did have to move the traffic-shape group 109 256000 to the Seial0/0 (so it is on both interfaces now) but it is working!

THANK YOU!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now