Bandwidth limitation during day time

We have cisco 7206VXR with IOS Version 12.1(13)E1.We are also running WCCP on this router.We've terminated Leased Line customers on serial interface cards & other dial-up traffic is coming to this router on other serial ports.We want to restrict Bandwidth of one of our leased customer during day time (i.e 10:00 Hrs to 18:00 Hrs) to 512Kbps from 2Mbps, which is a peak period  for our dial-up traffic.
Is it possible with the router and IOS mentioned above ? can it be done with the help of PBR ? or any other way ? If yes full configuratin with commands is required.
ketanrajulAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
Yes, there are several ways to do this. You can use Generic Traffic shaping or rate-limit with time-based acls..

Something like this:

! -- be sure you use NTP to sync the clock for accuracy
ntp server <ip address> prefer
clock timezone <TZ> -x

! -- define the time range that you want to restrict traffic
time-range <name>
  periodic days-of-the-week 10:00 to 18:00

!-- define an access-list and apply the defined time range 1 ACl for outbound, 1 ACL for inbound
ip access-list 109 permit ip <local subnet> <mask> <remote subnet> <mask> time-range <name>
!-- define the exact reverse
ip access-list 110 permit ip <remote subnet> <mask> <local subnet> <mask> time-range <name>
!
!-- assign the access-list to the appropriate interface with GTS:
interface FastEthernet 0/0
  traffic-shape group 109 <rate>

!-- ALTERNATE using rate-limit commands

interface Serial 0/x
   rate-limit output <rate> access-group 109 conform-action continue exceed-action drop
   rate-limit input <rate> access-group 110 conform-action continue exceed-action drop



References:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#timebasedtimerange
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca564.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_command_reference_chapter09186a008010a38c.html
0
ketanrajulAuthor Commented:
thanks for early reply irmoore

Let me clear that we are not using NTP in our setup.
I've tried with rate-limit command, but 'access-group' option is not available after rate-limit output <rate> ----.
Whether IOS mentioned supports ? Also, whether NTP is a must ? or i can go ahead for option-1 as mentioned by you ?
0
ketanrajulAuthor Commented:
also, in first option you've not mentioned
 
 'traffic-shape group 110 <rate>"
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

lrmooreCommented:
The reason that I highly suggest using NTP is to keep the system clock accurate. If the router reboots, its system clock turns back to some date in like 1993 and the time will be off. What you don't want is your time-based acl to be applied at the wrong time.

If you have a chance to upgrade to 12.2T, the rate-limit command will accept the access-group.

Yes, you can go ahead with the first option with generic traffic shaping. I did not use the acl 110 for the reverse traffic because the traffic is evaluated as it enters the Ethernet interface. The reverse traffic should be evaluated/limited at the ingress interface (i.e. Serial 0/x). Sorry about not being clear on that...

0
ketanrajulAuthor Commented:
I want to apply this command to serial interface as mentioned.Hence,whether i should use acl 110 for reverse traffic ?
0
lrmooreCommented:
Yes, apply the acl 110 for the reverse traffic on the serial interface
0
ketanrajulAuthor Commented:
We tried the time based ACL with first option,but it didn't work.
The commands used are as follows:

router(config)#time-range TEST
         (config-time-range)#periodic daily 14:00 to 14:30

router(config)#access-list 108 permit ip 203.x.y.z 0.0.0.8 any time-range TEST
router(config)#access-list 109 permit ip any 203.x.y.z 0.0.0.8  time-range TEST

router(config)#int s5/3
router(config-int)#traffic-shape group 108 512000
router(config-int)#traffic-shape group 109 512000
=====================================================
   The config has been checked as follows :
=============================
router#show time-range
time-range entry: TEST (active)
   periodic daily 14:00 to 14:30
   used in: IP ACL entry
   used in: IP ACL entry
   
router#show access-lists 108
Extended IP access list 108
    permit ip 203.x.y.z 0.0.0.8 any time-range TEST (active)
router#show access-lists 109
Extended IP access list 109
    permit ip any 203.x.y.z 0.0.0.8 time-range TEST (active) (11 matches)        <----------
0
ketanrajulAuthor Commented:
Irmoore where are you ? need your cooperation !!!
0
lrmooreCommented:
Sorry about the delayed response...

router(config)#int s5/3
router(config-int)#traffic-shape group 108 512000
router(config-int)#traffic-shape group 109 512000

Don't put them both on the same interface.
If 203.x.y.z is internal ip range, then put 108 on the Ethernet interface
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lrmooreCommented:
Do you need more information?
Have you resolved this problem?
Can you close this question?
Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.