Solved

Cisco Class & policy maps

Posted on 2008-09-29
1
2,498 Views
Last Modified: 2012-05-05
I'm trying to setup a few class and policy maps (MQC). I need to limit all outgoing traffic in default class to 2mbit, any outgoing traffic travelling on port 104 to 1.3mbit and any outgoing ftp traffic to 500kbits

After previous questions and research from EE I have the following syntax so far which doesn't actually work:

class-map PORT_104
match access-group 104
 
policy-map RATE
 class PORT_104
  rate-limit output access-group 104 1300000 243750 487500 conform-action transmit exceed-action drop
   
 class class-default
  rate-limit output 2000000 375000 75000 conform-action transmit exceed-action drop
 
 interface WAN 0/0
 service-policy output RATE




Access Lists
access-list 104 remark Medical Images travelling on port 104
access-list 104 permit tcp any any eq 104
access-list 104 permit tcp any eq 104 any
access-list 104 permit udp any any eq 104
access-list 104 permit udp any eq 104 any

access-list 109 remark rate limit sanmelody AIM
access-list 109 permit tcp any any eq ftp
access-list 109 permit tcp any eq ftp any
access-list 109 permit udp any any eq 21
access-list 109 permit udp any eq 21 any
access-list 109 permit tcp any any eq ftp-data
access-list 109 permit tcp any eq ftp-data any
access-list 109 permit udp any any eq 20
access-list 109 permit udp any eq 20 any

Problems
=======
I can't use the rate-limit command within a policy-map as it's not an option. Is this by design or do i need a IOS upgrade?

I decided to use the police command instead. however, when I try to apply it to the WAN interface in the output direction I get an message telling me that the police command cannot be used in the "output" direction.

I'm more lost now due to the fact I was given incorrect information. Can someone clear any of the above?


NOTE: Device is a Cisco 3560E




0
Comment
Question by:troyhmcse01
1 Comment
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22604424
Use the police command in your policy-map instead of the rate-limit command and if you can't apply it egress, apply it ingress on the "LAN" ports.  This will have the same effect as applying it egress on the "WAN" interface.  If you do not want to apply rate-limiting to FTP and port 104 traffic between LAN interfaces, you can add exclusions to your access-lists excluding internal destination traffic.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cisco ubr7200 problem with  interface Wideband-Cable 1 43
How to configure AT&T Netgate with Sonicwall Firewall 24 65
Stuck in INIT/DROTHER 2 23
ISP Change 14 50
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question