Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2530
  • Last Modified:

Cisco Class & policy maps

I'm trying to setup a few class and policy maps (MQC). I need to limit all outgoing traffic in default class to 2mbit, any outgoing traffic travelling on port 104 to 1.3mbit and any outgoing ftp traffic to 500kbits

After previous questions and research from EE I have the following syntax so far which doesn't actually work:

class-map PORT_104
match access-group 104
 
policy-map RATE
 class PORT_104
  rate-limit output access-group 104 1300000 243750 487500 conform-action transmit exceed-action drop
   
 class class-default
  rate-limit output 2000000 375000 75000 conform-action transmit exceed-action drop
 
 interface WAN 0/0
 service-policy output RATE




Access Lists
access-list 104 remark Medical Images travelling on port 104
access-list 104 permit tcp any any eq 104
access-list 104 permit tcp any eq 104 any
access-list 104 permit udp any any eq 104
access-list 104 permit udp any eq 104 any

access-list 109 remark rate limit sanmelody AIM
access-list 109 permit tcp any any eq ftp
access-list 109 permit tcp any eq ftp any
access-list 109 permit udp any any eq 21
access-list 109 permit udp any eq 21 any
access-list 109 permit tcp any any eq ftp-data
access-list 109 permit tcp any eq ftp-data any
access-list 109 permit udp any any eq 20
access-list 109 permit udp any eq 20 any

Problems
=======
I can't use the rate-limit command within a policy-map as it's not an option. Is this by design or do i need a IOS upgrade?

I decided to use the police command instead. however, when I try to apply it to the WAN interface in the output direction I get an message telling me that the police command cannot be used in the "output" direction.

I'm more lost now due to the fact I was given incorrect information. Can someone clear any of the above?


NOTE: Device is a Cisco 3560E




0
troyhmcse01
Asked:
troyhmcse01
1 Solution
 
JFrederick29Commented:
Use the police command in your policy-map instead of the rate-limit command and if you can't apply it egress, apply it ingress on the "LAN" ports.  This will have the same effect as applying it egress on the "WAN" interface.  If you do not want to apply rate-limiting to FTP and port 104 traffic between LAN interfaces, you can add exclusions to your access-lists excluding internal destination traffic.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now