Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1024
  • Last Modified:

Cisco 891 Share Internet Configuration

Hi:
I have a new 15Mbps internet connection which I need to split in the following way:

1. Up to 5Mbps going to my upstairs neighbor
2. At least 10Mbps, and any additional unused bandwidth, for me

We have the IP range  200.100.110.2-.126; I'll be using .2-.62 and my neighbor will be using .66-.126. The ISP gateway is 200.100.110.1 (these aren't the real numbers).

I have a Cisco 891 to connect to the ISP's modem's ethernet port. My neighbor and I each already have firewalls running for our networks, so all we really need is access which is traffic shaped/policed for those two.

My question is, what's the best way to approach this? Does anyone have a similar configuration they'd be willing to share? I have read a fair amount about this, but I have never done this kind of setup before.

Thanks
0
Mr_Blob
Asked:
Mr_Blob
  • 4
  • 3
1 Solution
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
As usually the incoming bandwidth is the relevant, I'd just put a traffic policing on the neighbor's lan port ... something like: (assuming e.g. you put the neighbar on VLAN 5 with the physical port configure as "switchport access vlan 5")
policy-map shape5m
 class class-default
    police cir 5000000
     conform-action transmit
     exceed-action drop
     violate-action drop

interface vlan 5
[ .. ]
 service-policy input shape5m
 service-policy output shape5m

Open in new window

Please note that does not mean your neighbar can't cause more than the 5M data transfer on the physical link coming from the provider ... as the data has already been transfered, you're just dropping packets, but that will reduce the tcp tansmit window size, which will lead to less bandwidth usage ...
0
 
Mr_BlobAuthor Commented:
Here's what I have so far:

[...]
ip dhcp pool voippool
 network 10.10.10.0 255.255.255.0
 default-router 10.10.10.1
 domain-name mydomain.com
 dns-server 8.8.8.8 8.8.4.4
 lease 0 2
!
ip domain name mydomain.com
ip cef
no ipv6 cef
[...]
class-map match-all voip_qos
 match access-group name voip_qos
!
policy-map 5Mbps
 class class-default
  police 5000000
policy-map outside_qos
 class voip_qos
  police 13500000
!
interface FastEthernet0
 description *** VoIP Phones ***
 no ip address
!
interface FastEthernet1
 description *** My Public IPs***
 switchport access vlan 2
 no ip address
!
interface FastEthernet2
 description *** Connected to the ISP ***
 switchport access vlan 2
 no ip address
 service-policy input outside_qos
 service-policy output outside_qos
!
interface FastEthernet3
 description *** Neighbor's Public IPs ***
 switchport access vlan 2
 no ip address
 service-policy input 5Mbps
 service-policy output 5Mbps
[...]
interface Vlan1
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan2
 ip address 200.100.110.3 255.255.255.128 secondary
 ip address 200.100.110.2 255.255.255.128
 ip nat outside
 ip virtual-reassembly in
[...]
ip nat pool voippool 200.100.110.3 200.100.110.3 netmask 255.255.255.128
ip nat inside source list 23 pool voippool overload
ip route 0.0.0.0 0.0.0.0 200.100.110.1
!
ip access-list extended voip_qos
 deny   ip host 200.100.110.3 any
 deny   ip any host 200.100.110.3
 permit ip any any
!
access-list 23 permit 10.10.10.0 0.0.0.255
[...]

It looks like it should work, but the policing doesn't seem to be kicking in. If I run a test on speedtest.net from fa3, I still get the full speed.

Thanks for your input!
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
You're not telling the router what to do when it's policing the traffic ... see my earlier comment ... depending on the IOS, you may also have to use this syntax instead ...

    police 5 mbps 1024 kbyte conform-action transmit exceed-action drop
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
Mr_BlobAuthor Commented:
Thanks; I had actually already tried it with the conform-action & exceed-action, but they didn't work. I just tried your syntax above; it didn't accept the 1024 kbyte, translated 5 mbps into 5000000 in the running config, and still, I can use the whole 15Mbps through the fa3 port.
I'm sure I'm just missing something simple; I just hope it's not that the 891's hardware won't support this configuration.
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
Do "show policy-map interface", you should get an overview of what policing has been triggered and done ...
e.g:
 GigabitEthernet0/0/0.41

  Service-policy input: shape2m

    Class-map: class-default (match-any)
      59687397 packets, 11345125793 bytes
      5 minute offered rate 3000 bps, drop rate 0000 bps
      Match: any
      police:
          cir 2000000 bps, bc 62500 bytes, be 62500 bytes
        conformed 59555157 packets, 11151391584 bytes; actions:
          transmit
        exceeded 91665 packets, 132908768 bytes; actions:
          drop
        violated 40575 packets, 60825441 bytes; actions:
          drop
        conformed 3000 bps, exceed 0000 bps, violate 0000 bps

Open in new window

0
 
Mr_BlobAuthor Commented:
It's showing 0 packets and 0 bytes for input & output.
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
Sorry, just now noticed you put the policies on the physical port ... you will need to move it to the L3-interface, in this case the VLAN ... split up the physical ports into multiple VLANs, or alter the policy to police based on different IP matches, and try again (or for starters, just put it on VLAN 2 and see whether the show command displays any matching traffic)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now