Rate-limit for some MAC on aironet 1231

Similar Messages

• Service-Policy Or Bandwidth Rate Limit for IP

  Hii Netpros,
  Is this possible to configure the Service Policy(for Bandwidth) or Bandwidth Rate Limit for Single IP. For eg: If we want to configure the Service Policy(for Bandwidth) or Bandwidth Rate Limit of 2Mb for only IP " 10.10.10.3" on network  i.e the Host or device which is configured with this IP can access upto 2Mb only.
  Actual Network :-   We need this to configure this for wireless customers, Actually we have created one Vlan 2 (IP:- 10.10.10.1/29 @ our end router) , 10.10.10.2 on Basestation wiresss device (Vlan 2 allowed on this wireless device) and this wireless device is working as point to multipoint wireless. i.e 2 or more then 2 wireless customers or last mile will connect to this basestation wireless.  Wireless customer-1 is 10.10.10.3 (2Mb bandwidth)  and Wireless Customer-2  10.10.10.4 (512Kb).
  Hence we require to limit the bandwidth for this 2 wireless customers having different bandwidth. how to acheive & control bandwidth @ our end router for them. please suggest.
  Thanks

  This topic is probably better suited in another Infrastructure forum, but I suppose it depends on which features are supported by your Cisco hardware and software. This doc discusses a variety of options:
  http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html
  For example, with the older CAR (committed access rate) approach:
  interface FastEthernet5/0
       rate-limit input access-group 101 20000000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
       rate-limit input access-group 102 5120000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
  access-list 101 permit ip 10.10.10.3 0.0.0.0
  access-list 102 permit ip 10.10.10.4 0.0.0.0
  You can observe CAR in action with "show interfaces fa5/0 rate-limit" for example.

• Is there a GB limit for some 600 iMac?

  The local Apple Service Center changed the original 40 GB Hard Drive -failed- for some 80 GB Hard Drive, now some applications unexpectly crash.
  The information at MacTracker shows this model is 20, 40 or 60 GB.
  Was it correct this 80 GB HD installation, or there is a GB limit?
  Thank you

  On older Macs like yours the maximum hard drive size supported is 128 GBs.
  Applications quitting or crashing may have nothing to do with the drive. You probably have a corrupted system that needs to be replaced.
  See the following:
  http://discussions.apple.com/thread.jspa?messageID=607542
  Visit The XLab FAQs and read the FAQ on Multiple Applications Quitting.
  Why reward points?(Quoted from Discussions Terms of Use.)
  The reward system helps to increase community participation. When a community member gives you (or another member) a reward for providing helpful advice or a solution to their question, your accumulated points will increase your status level within the community.
  Members may reward you with 5 points if they deem that your reply is helpful and 10 points if you post a solution to their issue. Likewise, when you mark a reply as Helpful or Solved in your own created topic, you will be awarding the respondent with the same point values.

• Rate Limit for Envelope Senders for sender?

  I need to setup a temporary Rate Limit exception for delivery failures.  The rate limit error that I'm getting is:
  System is rate limiting Envelope Sender <> due to high volume of messages
  What entry can I put in the Address List exception list that will allow e-mails with null senders to be excluded?  $null?
  Jason

  Feature Request?

• Checking credit limit for some customers at the time of Delivery also

  Hi Experts,
  I have 1 controlling area. Now our new requirment is that for some selected customers we want to implement the credit checking at the time of making the delivery note. How can i configure that in SD.
  Appreciate some support
  SAPXPT

  Madhu,
  I have just pasted the result of CHECK_CM below.
  Please tell me one more thing.I am releasing my SD document by VKM1. Wheni check VKM2, it shows that the delivery document has also been released simultaneously.
  Settings for Credit Check                                                                               
  Delivery Type:                 LIKP-LFART = LF   Outbound Delivery                    
    SD Document Category:          LIKP-VBTYP = J    Delivery                             
    Requirement for Subseq.Functs: TVFO-GRPNO =  000                      (No Standard)                                                                               
  Key Fields for Automatic Credit Check                 (Table T691F, Transaction OVA8) 
    Credit Control Area:           LIKP-KKBER =  1000                                     
    Risk Category:                 LIKP-CTLPC =  005                                      
    Credit Group - Delivery:       TVLK-KKBER =  02                                       
    Credit Group - Goods Issue:    TVLK-KKBER =                                                                               
  Credit Status from Table VBUK                                                                               
  Overall Credit Status                    CMGST =  D      Released                     
  Static                                            CMPSA =         No Check/No Status
  Dynamic                                        CMPSB =         No Check/No Status
  Maximum Document Value            CMPSC =         No Check/No Status
  Critical Fields                                 CMPSD =         No Check/No Status
  Next Inspection Date                     CMPSE =         No Check/No Status
  Open Items                                    CMPSF =         No Check/No Status
  Oldest Open Item                          CMPSG =         No Check/No Status
  Maximum Dunning Level               CMPSH =         No Check/No Status
  Financial Document                      CMPSI =         No Check/No Status
  Export Credit Insurance                CMPSJ =         No Check/No Status
  Payment Card Authorization         CMPSK =         No Check/No Status
  USEREXIT_1                               CMPS0 =         No Check/No Status
  USEREXIT_2                               CMPS1 =         No Check/No Status
  USEREXIT_3                               CMPS2 =         No Check/No Status

• Rate-limit on a mac or IP on a 3750x

  I have a need to limit traffic on a storage migration.  The two Clariion devices will be sending their payload to a new NetApp server and we'd like to limit the transfer to 300Mb.  As the diagram depicts, there's a clariion connected to our Nexus 7K and another one connected to a 3750X series switch off of our 6500's.  What suggestions do you all  have regarding this? 

  Hi,
  These numbers represent your Normal Burst and exceed burst values.
  You will have detailed explanation here:
  http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/polcing_shping_oview_ps6922_TSD_Products_Configuration_Guide_Chapter.html#wp1000977
  Let me know if you need further explanation.
  HTH
  Laurent.

• Model of asa for response rate limit

  Hi , i'm new , just registered
  I need to know what kind of cisco asa i should buy for my company, i need to use response rate limit , for limit dns requestes on my dns server.
  If you' can helm me, i'll be very gratefull..

  Recent versions of ISC BIND can rate-limit their responses themselves; Cisco ASA software can police packet flow rates but it's not their primary function.  If the only thing you want is rate-limiting, I wouldn't bother with the ASA.   If you need actual firewall, NAT, or IPS functionality, the ASA becomes useful.
  To size an ASA, you'd need to know what kind of traffic rates you need to support, and what kind of inspections you plan to do.  Cisco has some published packet and throughput data at e.g.  
     http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-700608.html
  In my own experience, simple firewall configurations and test traffic will at least meet and often exceed Cisco's guidance.
  Personally, I'm using ASA 5525-x devices to support ~350 users on gigabit fiber uplinks averaging about 6kps, mixed sizes with good results.  With the older 5520's I was dropping packets during peak traffic surges to full line rates.
  -- Jim Leinweber, WI State Lab of Hygiene

• Can CAR on router rate-limit per address?

  Hi, everyone
  I have a question about CAR on router. The router have a G703 E1 WAn interface and an ethernet interface. My goal is to rate-limiting access-rate of every ip address under ethernet, that is, for example, every PC under the ethernet interface cannot over 1Mb/s.
  Can CAR on the router achieve this goal? If be, how to achieve it?
  Very Thanks.
  Tao

  Farrukh
  Very thanks for your reply.
  My purpose is to put a maximum access-rate limit for every PC in a LAN. So if there are 100 PCs in the LAN, with the above CAR, I have to make 100 ACL, as below:
  access-list 101 permit ip host 192.168.1.1 any
  access-list 102 permit ip host 192.168.1.2 any
  If so, there will be too many acl items. And I don't know how many acl can we applied under FastEthernet0/0. So it maybe unreasonable.
  I know Huawei's Quidway router can support this feature, as below:
  qos carl 1 source-ip-address range 192.168.0.2 to 192.168.0.200 per-address
  I want to know Cisco can support this feature, or have some methods to achieve it.
  Very Thanks
  Tao

• Per user bandwidth rate limit.

                     How to configure per user bandwidth rate limit for wireless guest client, authentication server is ISE 1.2 & wireless controller is 5760.

  The Cisco 5760 WLC supports better QoS than other c
  ontrollers, allowing prioritization of mission-crit
  ical
  applications:
  ●
  The Cisco 5760 WLC supports four wireless hardware
  queues and priority-based queuing compared to
  software-based queuing in existing controllers.
  ●
  The Cisco 5760 WLC follows MQC based commands, allo
  wing usage of exact commands for configuring
  QoS on different types of network devices.
  ●
  The Cisco 5760 WLC supports QoS policies to be appl
  ied in a hierarchical fashion with more granularity
  per SSID per radio, while on the current controller
  s granularity is per WLAN.
  ●
  The Cisco 5760 WLC supports approximate fair bandwi
  dth to make sure of fairness at client, SSID, and
  radio levels for Non-Real Time (NRT) traffic. There
  fore, if one user consumes excessive bandwidth, we
  can
  limit the amount of bandwidth that user receives an
  d thereby not deprive other users.

• Prime Infrastructure 2 - API rate limit change?

  Good day -
  The Prime API is pretty sweet, and can give you JSON data back easily with a call like this:
  https://prime/webacs/api/v1/data/Clients.json?.full=true
  It is, however, limited to 100 results. We'd like to see more than that.
  How do I change this rate limit for the API?

  I have found that this command does work, but still limits to 1000. 
  https://prime/webacs/api/v1/data/Clients.json?.maxResults=9999&.full=true
  Now I get Tomcat a HTTP Status 503 error.  There's another setting I've not found yet.
  My json results say "@count":"6980", suggesting I have that many clients in the database.

• User based rate limit

  Hi,
  Iam looking for a way to Rate Limit - Vlan interfaces,
  Somting like this .. or do I need to change the service-policy to rate-limit for it to work
  Interface Vlan2
  Description Customer-A
  service-policy input police-customerA-traffic
  service-policy output police-customerA-traffic
  ip address 10.10.10.1 255.255.255.252
  Interface Vlan3
  Description Customer-B
  service-policy input police-customerB-traffic
  service-policy output police-customerB-traffic
  ip address 10.10.11.1 255.255.255.252
  Interface Vlan4
  Description Customer-C
  service-policy input police-customerC-traffic
  service-policy output police-customerC-traffic
  ip address 10.10.12.1 255.255.255.252
  Interface GigabitEthernet3/1
  Description Trunk - Customer-A - Customer-C
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 2,4
  switchport mode trunk
  Interface GigabitEthernet3/1
  Description Trunk - Customer-B
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 3
  switchport mode trunk
  Is that posible ??, or do i need to make user based rate limit based on Source / destination adresses, and move the service policy to the physical interface ??
  Hardware in this case Cisco 7609 running MPLS
  Thanks in advance.
  /Peter

  Can you explain your network topology a little?. This would help me to understand your network setup and help you in this issue accordingly.

• Wireless rate limit

  Hi,
  My network infrastructure as simple as following:
  LAN(edge switches 3560).......>Aggregator switch(3750)........>Firewall(ASA 5510)........>Router.......>Internet
  I define 3 wireless VLANs with 3 SSIDs on the Aggregator switch(3750):
  1. one SSID for company employees.
  2. one SSID for wireless IP phones.
  3. one SSID for company guest which access only internet.
  And the wireless APs connected to the LAN(edge switches) direct with trunks.
  My question is how to apply a rate limit for SSID for company guest to access internet with B.W. of 128kbps only.
  I tried policy map to be applied on the aggregator switch(3750) on the VLAN interface, but, it is not working.
  So, any suggested help, please.

  Hi Ahmed:
  With autonomous APs, rate limiting isn't possible.  All the autonomous APs support is QoS and that's pretty iffy.  At the core of the issue, you're dealing with radio waves and which ones arrive at the radio first, and who was prevented from talking because someone else was talking.  Dealing with these QoS and traffic shaping/policing issues are really tough with wireless because the transmission medium itself is unreliable.
  The "Configuring QoS" chapter of the autonomous AP configuration guide
    http://tools.cisco.com/squish/5aCf1
  will show you how you can map priority tagging to an SSID so that in that path from radio receiver to outbound on the fastethernet interface toward the rest of the network, you can control which SSID's packets get up into the network first, but the reverse path is a different story.  Because the wireless medium is half-duplex acknowledged, you can have a high priority packet out there on the radio interface trying to be beamed out to the client, and if the client isn't sending their ACK or what have you, it's going to sit and retry until its 63 retries are done before it gets out of the way to let the next high priority packet have a turn at getting transmitted out.
  Once the traffic gets past the edge switch, the fact that it was at one time wireless is irrelevant.  You should look at it as a general "rate limiting one VLAN's traffic over another" and check with the routing protocols or traffic shaping folks.
  Sincerely,
  Rollin Kibbe
  Network Management Systems Team

• MARS - inbound packet error rate high for unrouted VLAN

  After upgrade to 4.2.2, we are getting lots of inbound packet error rate high for some unrouted vlan in Cisco 6509. I did some sniff and find that MARS try to get ifInErrors of those unrouted vlan. But the unrouted vlan only support ifOutUcastPkts and ifInUcastPkts.
  I just wondering is there some bug in the MARS or there are some kind of database corruption.

  Any reason you wouldn't just create a drop rule or modify the inspection rule that is firing?
  btw, have a look here to make sure it isn't the same issue:
  http://groups.google.com/group/cs-mars-ug/browse_thread/thread/9431fe079f7245ef/f4516dea991132da?lnk=gst&q=ingress&rnum=1#

• ICMP unreacheble, rate-limit

  Hi !
  I'm currently working on projet of network hardening.
  Based on Cisco security best pratice, I see it's recommand to rate limit genaration of ICMP unreachable message to prevent DoS attack. (according to document : http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf page 74)
  On Catalyst 6509 run IOS 12.2(17r)SX5 I see to possible way to rate-limit ICMP messages if mls QoS is running.
  1- mls rate-limit unicast ip ICMP unreachable acl-drop 100 10 (enable by default, according to document : http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf page 74)
  mls rate-limit unicast ip ICMP unreachable no-route 100 10
  2- ip ICMP rate-limit unreachable <millisecond> (500 ms is default parameters, which permit 2 paquets per seconds, also enable by default if I'm base on : http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml, ACL for IOS section)
  Which one of those command have precedence over the other one ?
  Which one is better over the other one ?
  With the mls rate-limit option, we have the possibility to check default parameter with : "show mls rate-limit" command is exist equivalent for : "ip ICMP rate-limit unreachable"
  We have also Catalyst 3550 switches, on which we have to rate-limit genaration of ICMP unreachable message for same reason as 6509. I understand the :"ip ICMP rate-limit unreachable" command is my only option "under "mls " the only option I have is QoS or aclmerge. Under thoses parameter I have no way to rate-limit ICMP message generation....
  I have check in running-configuration I did not find any reference to ICMP rate-limit command, I hope this is active like explain in document http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml, ACL for IOS section, (Version 12.2(44)SE3) but I would like to be able to confirm if any show command exist to confirm this.
  thanks a lot !

  Hello Marcus,
  On the ASA as you are already aware we only have the choice of modifying the ICMP unreachable rate,
  With the IOS the rate-limit for ICMP unreachable replies  will be rate limited to one every 500ms
  use:
  show ip icmp rate-limit
  Besides that I have not seen any other information that you could customize.
  Regards

• Make can't recursively call Make when run from Runtime.exec (for some user)

  This one is a little complicated. The afflicted platform is Mac OS X. It works fine on Linux, it seems, and even then, it does work for some Mac OS X users...
  First, the setup. I have a Java program that has to call GNU Make. Then, GNU Make will recursively call Make in some subdirectories. This results in the following Java code:
  String make = "make"; //on windows, I have this swapped with "mingw32-make"
  String workDir = ...; //this is programmatically detected to be the same folder that the parent Makefile is in
  Runtime.getRuntime().exec(make,null,workDir);This calls make on a Makefile which has the following line early on to be executed (this is only a snippet from the makefile):
  cd subdirectory && $(MAKE)When I fetch the output from the make command, I usually get what I expect: It cd's to the directory and it recursively calls make and everything goes smoothly.
  However, for one particular user, using Mac OS X, he has reported the following output:
  cd subdirectory && make
  /bin/sh: make: command not found
  make: *** [PROJNAME] Error 127Which is like, kinda hurts my head... make can't find make, apparently.
  I've gotten some suggestions that it might be due to the "cd" command acting wonky. I've gotten other suggestions that it may be some strange setup with the env variables (My Mac developer is implementing a fix/workaround for 'environ', which is apparently posix standard, but Mac (Mr. Posix Compliance...) doesn't implement it. When he finishes that, I'll know whether it worked or not, but I get the feeling it won't fix this problem, since it's intended for another area of code entirely...
  Also worth mentioning, when the user calls "make" from the terminal in said directory, it recurses fine, getting past that particular line. (Later on down the road he hits errors with environ, which is what my aforementioned Mac dev is working on). Although calling "make" by hand is not an ideal solution here.
  Anyways, I'm looking for someone who's fairly knowledgeable with Runtime.exec() to suggest some way to work around this, or at least to find out that perhaps one of the User's settings are wonked up and they can just fix it and have this working... that'd be great too.
  -IsmAvatar

  YoungWinston
  YoungWinston wrote:
  IsmAvatar wrote:
  However, for one particular user, using Mac OS X, he has reported the following output:One particular user, or all users on Mac OS?In this case, I have two mac users. One is reporting that all works fine. The other is reporting this problem.
  cd subdirectory && make
  /bin/sh: make: command not found
  make: *** [PROJNAME] Error 127Which is like, kinda hurts my head... make can't find make, apparently.If that is being reported on the command line, then I'd say that make wasn't being found at all.If make isn't being found, then who's interpreting the Makefile?
  It's also just possible that the make script on Mac isn't correctly exporting its PATH variable, though it seems unlikely, since this would surely have been reported as a bug long ago.
  I've gotten some suggestions that it might be due to the "cd" command acting wonky...Also seems unlikely. 'cd' has been around since shortly after the K-T extinction event.
  WinstonBy "acting wonky", I mean being given a bad work directory or some such, such that it's not changing to the intended directory.
  Andrew Thompson
  Andrew Thompson wrote:
  (shudder) Read and implement all the recommendations of "When Runtime.exec() won't" (http://www.javaworld.com/jw-12-2000/jw-1229-traps.html).
  Already read it. I already know the dreadful wonders of Runtime.exec. But in this case, it's been working fine for us up until one Mac user reported that make can't find make.
  Also, why are you still coding for Java 1.4? If you are not, use a ProcessBuilder, which takes a small part of the pain out of dealing with processes.Usually I do use a ProcessBuilder. I noticed that it usually delegates to Runtime.exec() anyways, and seeing as I didn't need any of the additional functionality, I decided to just use Runtime.exec() in this particular case.
  jschell
  jschell wrote:
  So print thos env vars, in your app and when the user does it.I'll look into that. It's a good start.
  -IsmAvatar