Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Configure Traffic shape on 2600 1
- Thread starter Sreelu
- Start date
-
1
- #2
You can try the Generic Traffic Shaping commands:
!
access-list 101 permit ip <the public IP range or hosts> any
!
interface Ethernet0/0
traffic-shape group 101 <CIR in bps> <burst size in bytes> <excess burst size>
!
CIR = the limited rate you want to define
burst size = I usually set it to (CIR/8)*1.5
excess burst size = I usually set it to (burst size)*2
!
access-list 101 permit ip <the public IP range or hosts> any
!
interface Ethernet0/0
traffic-shape group 101 <CIR in bps> <burst size in bytes> <excess burst size>
!
CIR = the limited rate you want to define
burst size = I usually set it to (CIR/8)*1.5
excess burst size = I usually set it to (burst size)*2
- Thread starter
- #3
- Thread starter
- #5
I think this will help in all ways.
Please Find the Conf For Detailed Info:
________________________________________
!
!
interface Ethernet0/0
ip address y.y.y.153 255.255.255.240 secondary
ip address x.x.x.1 255.255.255.240
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip route-cache same-interface
no ip mroute-cache
half-duplex
traffic-shape group 102 64000 8000 8000 1000
no cdp enable
!
interface Serial0/0
ip address z.z.z.z 255.255.255.252
ip access-group 111 in
ip access-group 112 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat outside
encapsulation ppp
no ip mroute-cache
keepalive 15
serial restart-delay 0
no fair-queue
no cdp enable
!
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-dgm
access-list 101 deny udp any any eq netbios-ss
access-list 101 deny udp any any eq 135
access-list 101 deny udp any any eq 445
access-list 101 deny udp any any eq 593
access-list 101 deny tcp any any eq 1034
access-list 101 deny tcp any any eq 1080
access-list 101 deny tcp any any eq 3127
access-list 101 deny tcp any any eq 3128
access-list 101 deny tcp any any eq 3198
access-list 101 deny udp any any eq 4444
access-list 101 deny udp any any eq 8998
access-list 101 deny tcp any any eq 445
access-list 101 deny tcp any any eq ident
access-list 101 deny tcp any any eq 3067
access-list 101 deny tcp any any eq 256
access-list 101 deny tcp any any eq 8191
access-list 101 deny tcp any any eq 5111
access-list 101 deny tcp any any eq 2000
access-list 101 deny tcp any any eq 8192
access-list 101 deny tcp any any eq 6667
access-list 101 deny tcp any any eq 20012
access-list 101 deny udp any any eq 20012
access-list 101 deny tcp any any eq 10080
access-list 101 permit ip any any
access-list 102 permit ip host x.x.x.3 any
access-list 111 deny ip host 0.0.0.0 any
access-list 111 deny ip host 255.255.255.255 any
access-list 111 deny ip 127.0.0.0 0.255.255.255 any
access-list 111 deny ip 10.0.0.0 0.255.255.255 any
access-list 111 deny ip 172.16.0.0 0.15.255.255 any
access-list 111 deny ip 192.168.0.0 0.0.255.255 any
access-list 111 permit ip host x.x.x.137 any
access-list 111 deny ip x.x.x.0 0.0.0.255 any
access-list 111 deny ip y.y.y.0 0.0.0.255 any
access-list 111 permit ip any any
access-list 112 permit ip x.x.x.0 0.0.0.255 any
access-list 112 permit ip y.y.y.0 0.0.0.255 any
access-list 112 deny ip any any
!
!
______________________________________
x.x.x.X and y.y.y.Y are the pools in the Router. z.z.z.z is the serial IP.
in the Above Config I am trying to limit the Bandwidth of the IP x.x.x.3 for which i wrote 102 access list and the respective traffic shape command on e0/0.
Please advice if i have to make any changes.
Thanks
Sree
Please Find the Conf For Detailed Info:
________________________________________
!
!
interface Ethernet0/0
ip address y.y.y.153 255.255.255.240 secondary
ip address x.x.x.1 255.255.255.240
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip route-cache same-interface
no ip mroute-cache
half-duplex
traffic-shape group 102 64000 8000 8000 1000
no cdp enable
!
interface Serial0/0
ip address z.z.z.z 255.255.255.252
ip access-group 111 in
ip access-group 112 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat outside
encapsulation ppp
no ip mroute-cache
keepalive 15
serial restart-delay 0
no fair-queue
no cdp enable
!
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-dgm
access-list 101 deny udp any any eq netbios-ss
access-list 101 deny udp any any eq 135
access-list 101 deny udp any any eq 445
access-list 101 deny udp any any eq 593
access-list 101 deny tcp any any eq 1034
access-list 101 deny tcp any any eq 1080
access-list 101 deny tcp any any eq 3127
access-list 101 deny tcp any any eq 3128
access-list 101 deny tcp any any eq 3198
access-list 101 deny udp any any eq 4444
access-list 101 deny udp any any eq 8998
access-list 101 deny tcp any any eq 445
access-list 101 deny tcp any any eq ident
access-list 101 deny tcp any any eq 3067
access-list 101 deny tcp any any eq 256
access-list 101 deny tcp any any eq 8191
access-list 101 deny tcp any any eq 5111
access-list 101 deny tcp any any eq 2000
access-list 101 deny tcp any any eq 8192
access-list 101 deny tcp any any eq 6667
access-list 101 deny tcp any any eq 20012
access-list 101 deny udp any any eq 20012
access-list 101 deny tcp any any eq 10080
access-list 101 permit ip any any
access-list 102 permit ip host x.x.x.3 any
access-list 111 deny ip host 0.0.0.0 any
access-list 111 deny ip host 255.255.255.255 any
access-list 111 deny ip 127.0.0.0 0.255.255.255 any
access-list 111 deny ip 10.0.0.0 0.255.255.255 any
access-list 111 deny ip 172.16.0.0 0.15.255.255 any
access-list 111 deny ip 192.168.0.0 0.0.255.255 any
access-list 111 permit ip host x.x.x.137 any
access-list 111 deny ip x.x.x.0 0.0.0.255 any
access-list 111 deny ip y.y.y.0 0.0.0.255 any
access-list 111 permit ip any any
access-list 112 permit ip x.x.x.0 0.0.0.255 any
access-list 112 permit ip y.y.y.0 0.0.0.255 any
access-list 112 deny ip any any
!
!
______________________________________
x.x.x.X and y.y.y.Y are the pools in the Router. z.z.z.z is the serial IP.
in the Above Config I am trying to limit the Bandwidth of the IP x.x.x.3 for which i wrote 102 access list and the respective traffic shape command on e0/0.
Please advice if i have to make any changes.
Thanks
Sree
If that's the case, then you're just trying to limit the "upstream" traffic from the host x.x.x.3 to anything outside the Internet. Do you also want to limit the "downstream" traffic from anything outside the Internet into the host x.x.x.3?
I would suggest that for "upstream" traffic, you use GTS on the s0/0 interface since "GTS shapes traffic by reducing outbound traffic flow to avoid congestion by constraining traffic to a particular bit rate using the token bucket mechanism."
For "downstream" traffic, you use inbound rate-limiting on the s0/0 interface.
so now the commands should look like this:
!define upstream traffic in ACL198
access-list 198 permit ip host x.x.x.3 any
!
!define downstream traffic in ACL199
access-list 199 permit ip any host x.x.x.3
!
interface s0/0
traffic-shape group 198 64000 8000 8000
rate-limit input access-group 199 64000 8000 8000 conform-action transmit exceed-action drop
!
Actually there're newer commands for both rate-limit and GTS which is modular and class-based. But I think you can try this first.
I would suggest that for "upstream" traffic, you use GTS on the s0/0 interface since "GTS shapes traffic by reducing outbound traffic flow to avoid congestion by constraining traffic to a particular bit rate using the token bucket mechanism."
For "downstream" traffic, you use inbound rate-limiting on the s0/0 interface.
so now the commands should look like this:
!define upstream traffic in ACL198
access-list 198 permit ip host x.x.x.3 any
!
!define downstream traffic in ACL199
access-list 199 permit ip any host x.x.x.3
!
interface s0/0
traffic-shape group 198 64000 8000 8000
rate-limit input access-group 199 64000 8000 8000 conform-action transmit exceed-action drop
!
Actually there're newer commands for both rate-limit and GTS which is modular and class-based. But I think you can try this first.
- Thread starter
- #7
- Thread starter
- #8
- Thread starter
- #10
just add more entries in the access-list 198 and 199
say you want to include x.x.x.4 and x.x.x.5 also, then..
!define upstream traffic in ACL198
access-list 198 permit ip host x.x.x.3 any
access-list 198 permit ip host x.x.x.4 any
access-list 198 permit ip host x.x.x.5 any
!
!define downstream traffic in ACL199
access-list 199 permit ip any host x.x.x.3
access-list 199 permit ip any host x.x.x.4
access-list 199 permit ip any host x.x.x.5
!
say you want to include x.x.x.4 and x.x.x.5 also, then..
!define upstream traffic in ACL198
access-list 198 permit ip host x.x.x.3 any
access-list 198 permit ip host x.x.x.4 any
access-list 198 permit ip host x.x.x.5 any
!
!define downstream traffic in ACL199
access-list 199 permit ip any host x.x.x.3
access-list 199 permit ip any host x.x.x.4
access-list 199 permit ip any host x.x.x.5
!
- Thread starter
- #12
- Status
Similar threads
- Locked
- Question
