Solved

Cisco Class & policy maps

Posted on 2008-09-29
1
2,505 Views
Last Modified: 2012-05-05
I'm trying to setup a few class and policy maps (MQC). I need to limit all outgoing traffic in default class to 2mbit, any outgoing traffic travelling on port 104 to 1.3mbit and any outgoing ftp traffic to 500kbits

After previous questions and research from EE I have the following syntax so far which doesn't actually work:

class-map PORT_104
match access-group 104
 
policy-map RATE
 class PORT_104
  rate-limit output access-group 104 1300000 243750 487500 conform-action transmit exceed-action drop
   
 class class-default
  rate-limit output 2000000 375000 75000 conform-action transmit exceed-action drop
 
 interface WAN 0/0
 service-policy output RATE




Access Lists
access-list 104 remark Medical Images travelling on port 104
access-list 104 permit tcp any any eq 104
access-list 104 permit tcp any eq 104 any
access-list 104 permit udp any any eq 104
access-list 104 permit udp any eq 104 any

access-list 109 remark rate limit sanmelody AIM
access-list 109 permit tcp any any eq ftp
access-list 109 permit tcp any eq ftp any
access-list 109 permit udp any any eq 21
access-list 109 permit udp any eq 21 any
access-list 109 permit tcp any any eq ftp-data
access-list 109 permit tcp any eq ftp-data any
access-list 109 permit udp any any eq 20
access-list 109 permit udp any eq 20 any

Problems
=======
I can't use the rate-limit command within a policy-map as it's not an option. Is this by design or do i need a IOS upgrade?

I decided to use the police command instead. however, when I try to apply it to the WAN interface in the output direction I get an message telling me that the police command cannot be used in the "output" direction.

I'm more lost now due to the fact I was given incorrect information. Can someone clear any of the above?


NOTE: Device is a Cisco 3560E




0
Comment
Question by:troyhmcse01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22604424
Use the police command in your policy-map instead of the rate-limit command and if you can't apply it egress, apply it ingress on the "LAN" ports.  This will have the same effect as applying it egress on the "WAN" interface.  If you do not want to apply rate-limiting to FTP and port 104 traffic between LAN interfaces, you can add exclusions to your access-lists excluding internal destination traffic.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP Server 14 110
looking for a program or router to monitor internet connection 4 125
Help logging in to my router 12 74
Turning Verizon Fios Router into a Bridge? 28 128
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question