Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco Class & policy maps

Posted on 2008-09-29
1
Medium Priority
?
2,521 Views
Last Modified: 2012-05-05
I'm trying to setup a few class and policy maps (MQC). I need to limit all outgoing traffic in default class to 2mbit, any outgoing traffic travelling on port 104 to 1.3mbit and any outgoing ftp traffic to 500kbits

After previous questions and research from EE I have the following syntax so far which doesn't actually work:

class-map PORT_104
match access-group 104
 
policy-map RATE
 class PORT_104
  rate-limit output access-group 104 1300000 243750 487500 conform-action transmit exceed-action drop
   
 class class-default
  rate-limit output 2000000 375000 75000 conform-action transmit exceed-action drop
 
 interface WAN 0/0
 service-policy output RATE




Access Lists
access-list 104 remark Medical Images travelling on port 104
access-list 104 permit tcp any any eq 104
access-list 104 permit tcp any eq 104 any
access-list 104 permit udp any any eq 104
access-list 104 permit udp any eq 104 any

access-list 109 remark rate limit sanmelody AIM
access-list 109 permit tcp any any eq ftp
access-list 109 permit tcp any eq ftp any
access-list 109 permit udp any any eq 21
access-list 109 permit udp any eq 21 any
access-list 109 permit tcp any any eq ftp-data
access-list 109 permit tcp any eq ftp-data any
access-list 109 permit udp any any eq 20
access-list 109 permit udp any eq 20 any

Problems
=======
I can't use the rate-limit command within a policy-map as it's not an option. Is this by design or do i need a IOS upgrade?

I decided to use the police command instead. however, when I try to apply it to the WAN interface in the output direction I get an message telling me that the police command cannot be used in the "output" direction.

I'm more lost now due to the fact I was given incorrect information. Can someone clear any of the above?


NOTE: Device is a Cisco 3560E




0
Comment
Question by:troyhmcse01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 1000 total points
ID: 22604424
Use the police command in your policy-map instead of the rate-limit command and if you can't apply it egress, apply it ingress on the "LAN" ports.  This will have the same effect as applying it egress on the "WAN" interface.  If you do not want to apply rate-limiting to FTP and port 104 traffic between LAN interfaces, you can add exclusions to your access-lists excluding internal destination traffic.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question