[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Bandwidth limitation during day time

Posted on 2004-11-04
10
Medium Priority
?
318 Views
Last Modified: 2008-01-09
We have cisco 7206VXR with IOS Version 12.1(13)E1.We are also running WCCP on this router.We've terminated Leased Line customers on serial interface cards & other dial-up traffic is coming to this router on other serial ports.We want to restrict Bandwidth of one of our leased customer during day time (i.e 10:00 Hrs to 18:00 Hrs) to 512Kbps from 2Mbps, which is a peak period  for our dial-up traffic.
Is it possible with the router and IOS mentioned above ? can it be done with the help of PBR ? or any other way ? If yes full configuratin with commands is required.
0
Comment
Question by:ketanrajul
  • 5
  • 5
10 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12505041
Yes, there are several ways to do this. You can use Generic Traffic shaping or rate-limit with time-based acls..

Something like this:

! -- be sure you use NTP to sync the clock for accuracy
ntp server <ip address> prefer
clock timezone <TZ> -x

! -- define the time range that you want to restrict traffic
time-range <name>
  periodic days-of-the-week 10:00 to 18:00

!-- define an access-list and apply the defined time range 1 ACl for outbound, 1 ACL for inbound
ip access-list 109 permit ip <local subnet> <mask> <remote subnet> <mask> time-range <name>
!-- define the exact reverse
ip access-list 110 permit ip <remote subnet> <mask> <local subnet> <mask> time-range <name>
!
!-- assign the access-list to the appropriate interface with GTS:
interface FastEthernet 0/0
  traffic-shape group 109 <rate>

!-- ALTERNATE using rate-limit commands

interface Serial 0/x
   rate-limit output <rate> access-group 109 conform-action continue exceed-action drop
   rate-limit input <rate> access-group 110 conform-action continue exceed-action drop



References:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#timebasedtimerange
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca564.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_command_reference_chapter09186a008010a38c.html
0
 

Author Comment

by:ketanrajul
ID: 12511862
thanks for early reply irmoore

Let me clear that we are not using NTP in our setup.
I've tried with rate-limit command, but 'access-group' option is not available after rate-limit output <rate> ----.
Whether IOS mentioned supports ? Also, whether NTP is a must ? or i can go ahead for option-1 as mentioned by you ?
0
 

Author Comment

by:ketanrajul
ID: 12511866
also, in first option you've not mentioned
 
 'traffic-shape group 110 <rate>"
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 79

Expert Comment

by:lrmoore
ID: 12512625
The reason that I highly suggest using NTP is to keep the system clock accurate. If the router reboots, its system clock turns back to some date in like 1993 and the time will be off. What you don't want is your time-based acl to be applied at the wrong time.

If you have a chance to upgrade to 12.2T, the rate-limit command will accept the access-group.

Yes, you can go ahead with the first option with generic traffic shaping. I did not use the acl 110 for the reverse traffic because the traffic is evaluated as it enters the Ethernet interface. The reverse traffic should be evaluated/limited at the ingress interface (i.e. Serial 0/x). Sorry about not being clear on that...

0
 

Author Comment

by:ketanrajul
ID: 12592397
I want to apply this command to serial interface as mentioned.Hence,whether i should use acl 110 for reverse traffic ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12592707
Yes, apply the acl 110 for the reverse traffic on the serial interface
0
 

Author Comment

by:ketanrajul
ID: 12623130
We tried the time based ACL with first option,but it didn't work.
The commands used are as follows:

router(config)#time-range TEST
         (config-time-range)#periodic daily 14:00 to 14:30

router(config)#access-list 108 permit ip 203.x.y.z 0.0.0.8 any time-range TEST
router(config)#access-list 109 permit ip any 203.x.y.z 0.0.0.8  time-range TEST

router(config)#int s5/3
router(config-int)#traffic-shape group 108 512000
router(config-int)#traffic-shape group 109 512000
=====================================================
   The config has been checked as follows :
=============================
router#show time-range
time-range entry: TEST (active)
   periodic daily 14:00 to 14:30
   used in: IP ACL entry
   used in: IP ACL entry
   
router#show access-lists 108
Extended IP access list 108
    permit ip 203.x.y.z 0.0.0.8 any time-range TEST (active)
router#show access-lists 109
Extended IP access list 109
    permit ip any 203.x.y.z 0.0.0.8 time-range TEST (active) (11 matches)        <----------
0
 

Author Comment

by:ketanrajul
ID: 12652881
Irmoore where are you ? need your cooperation !!!
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 12654623
Sorry about the delayed response...

router(config)#int s5/3
router(config-int)#traffic-shape group 108 512000
router(config-int)#traffic-shape group 109 512000

Don't put them both on the same interface.
If 203.x.y.z is internal ip range, then put 108 on the Ethernet interface
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13688778
Do you need more information?
Have you resolved this problem?
Can you close this question?
Thanks!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question