Solved

Cisco Class & policy maps

Posted on 2008-09-29
1
2,492 Views
Last Modified: 2012-05-05
I'm trying to setup a few class and policy maps (MQC). I need to limit all outgoing traffic in default class to 2mbit, any outgoing traffic travelling on port 104 to 1.3mbit and any outgoing ftp traffic to 500kbits

After previous questions and research from EE I have the following syntax so far which doesn't actually work:

class-map PORT_104
match access-group 104
 
policy-map RATE
 class PORT_104
  rate-limit output access-group 104 1300000 243750 487500 conform-action transmit exceed-action drop
   
 class class-default
  rate-limit output 2000000 375000 75000 conform-action transmit exceed-action drop
 
 interface WAN 0/0
 service-policy output RATE




Access Lists
access-list 104 remark Medical Images travelling on port 104
access-list 104 permit tcp any any eq 104
access-list 104 permit tcp any eq 104 any
access-list 104 permit udp any any eq 104
access-list 104 permit udp any eq 104 any

access-list 109 remark rate limit sanmelody AIM
access-list 109 permit tcp any any eq ftp
access-list 109 permit tcp any eq ftp any
access-list 109 permit udp any any eq 21
access-list 109 permit udp any eq 21 any
access-list 109 permit tcp any any eq ftp-data
access-list 109 permit tcp any eq ftp-data any
access-list 109 permit udp any any eq 20
access-list 109 permit udp any eq 20 any

Problems
=======
I can't use the rate-limit command within a policy-map as it's not an option. Is this by design or do i need a IOS upgrade?

I decided to use the police command instead. however, when I try to apply it to the WAN interface in the output direction I get an message telling me that the police command cannot be used in the "output" direction.

I'm more lost now due to the fact I was given incorrect information. Can someone clear any of the above?


NOTE: Device is a Cisco 3560E




0
Comment
Question by:troyhmcse01
1 Comment
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
Comment Utility
Use the police command in your policy-map instead of the rate-limit command and if you can't apply it egress, apply it ingress on the "LAN" ports.  This will have the same effect as applying it egress on the "WAN" interface.  If you do not want to apply rate-limiting to FTP and port 104 traffic between LAN interfaces, you can add exclusions to your access-lists excluding internal destination traffic.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now