Rate limit in Cisco ISR 4451X

Similar Messages

• Can I rate-limit on the sub-interface in cisco asr 1013?

  Hi,
  I am looking for the command of rate-limit on a sub-interface in cisco asr 1013.
  Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1)
  IOS XE Version: 03.06.00.S
  Please let me know if it is possible in cisco asr 1013. If yes then what are the commands.
  Zobair

  The ASR no longer supports the rate-limit command, but it does support the same functionality in a QoS policy.
  Please find a sample configuration -
  ASR1004(config)#policy-map test
  ASR1004(config-pmap)#class class-default
  ASR1004(config-pmap-c)#shape average 10000
  Applying for both ingress and egress : -
  ASR1004(config)#int gig1/1/0
  ASR1004(config-if)#service-policy output test   
  or
  ASR1004(config-if)#service-policy input test

• Cisco SG300 VLAN rate-limit

  I have a Cisco SG300 small business switch and 541 APs. There are 2 VLANs in our network. One must be limited by bandwidth. Does anyone have an idea for configure vlan rate-limiting on SG300? And please describe CIR & CBS for me. Thanks.

  http://www.cisco.com/en/US/partner/products/ps10898/prod_command_reference_list.html
  Cisco Small Business 300 Series Managed Switches Command Line Interface Guide Release 1.3
  Select CIR and CBS according to your design. You can use a larger CBS when performance is not ideal.
  49.23 rate-limit (VLAN)
  Use the Layer 2 rate-limit (VLAN) Global Configuration mode command to limit the
  incoming traffic rate for a VLAN. Use the no form of this command to disable the
  rate limit.
  Syntax
  rate-limit vlan-id committed-rate committed-burst
  no rate-limit vlan
  Parameters
  • vlan-id—Specifies the VLAN ID.
  • committed-rate—Specifies the average traffic rate (CIR) in kbits per second
  (kbps). (Range: 3-57982058)
  • committed-burst—Specifies the maximum burst size (CBS) in bytes.
  (Range: 3000-19173960)
  Default Configuration
  Rate limiting is disabled.
  Committed-burst-bytes is 128K.
  Command Mode
  Global Configuration mode
  User Guidelines
  Traffic policing in a policy map takes precedence over VLAN rate limiting. If a
  packet is subject to traffic policing in a policy map and is associated with a VLAN
  that is rate limited, the packet is counted only in the traffic policing of the policy
  map.
  This command does not work in Layer 3 mode. It does not work in conjunction with
  IP Source Guard.
  Example
  The following example limits the rate on VLAN 11 to 150000 kbps or the normal
  burst size to 9600 bytes.
  switchxxxxxx(config)# rate-limit 11 150000 9600

• High cpu - Rate-limit cisco 6500

  Hello,
  my device is cisco 6509.
  Explanation of the case:
  Received to interface vlan (L3) 600M traffic (configured with Rate limit - 50 M).
  Result : 
  1. 100 % cpu
  2. the traffic was limited to 50M
  How can I prevent High Cpu in this situation ?
  Thanks.

  I would suggest opening a case, or asking in a different forum.  This form is for discussion about existing bugs for which a bugid has been identified.

• Per user bandwidth rate limit.

                     How to configure per user bandwidth rate limit for wireless guest client, authentication server is ISE 1.2 & wireless controller is 5760.

  The Cisco 5760 WLC supports better QoS than other c
  ontrollers, allowing prioritization of mission-crit
  ical
  applications:
  ●
  The Cisco 5760 WLC supports four wireless hardware
  queues and priority-based queuing compared to
  software-based queuing in existing controllers.
  ●
  The Cisco 5760 WLC follows MQC based commands, allo
  wing usage of exact commands for configuring
  QoS on different types of network devices.
  ●
  The Cisco 5760 WLC supports QoS policies to be appl
  ied in a hierarchical fashion with more granularity
  per SSID per radio, while on the current controller
  s granularity is per WLAN.
  ●
  The Cisco 5760 WLC supports approximate fair bandwi
  dth to make sure of fairness at client, SSID, and
  radio levels for Non-Real Time (NRT) traffic. There
  fore, if one user consumes excessive bandwidth, we
  can
  limit the amount of bandwidth that user receives an
  d thereby not deprive other users.

• WLC 5508 and Anchor/GuestNet rate limit traffic?

  Running WLCs 5508s 7.0.116.0 with GuestNet and Anchor setup, how can I limit the bandwidth on the GuestNet SSDI to 2 Mbps, etc?
  The DMZ WLC (Anchor) runs thru a ASA 5508 7x, can I rate limit traffic via ASA?

  That's really a matter of preference.  This document describes things to keep in mind when altering these QoS profile configurations, FYI.
  http://www.cisco.com/en/US/partner/docs/wireless/controller/7.0MR1/configuration/guide/cg_controller_setting.html#wp1254532
  It really depends on how many guests, what type of traffic, etc, to make a judgement call as to where you should set these.  I'm sorry but I don't have any examples from existing configurations, but hopefully the document explains how to best alter these settings.

• WLC user rate limit on guest ssid anchor controller

  Hi,
  I have been looking through the forums & some cisco documents but not found a good example similar to what I am seeking to do so now I am turning to the expertise of my peers.
  We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ.
  Both the foreign and anchor controller are here at my location.
  I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid.
  As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
  We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
  I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
  So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
  Thanks guys!           
  Oh and here is my hardware & software levels.
  5508wlc - forgeign
  4402wlc - anchor
  Software Version
  7.0.230.0

  Amjad,
  Thank you for taking the time to respond as well as the document link.
  It was pretty clear on the steps and what it would impact.
  Two things that push me for a different solution (assuming their is one).
  Note The values that you configure for the per-user bandwidth contracts affect only the amount of bandwidth going downstream (from the access point to the wireless client). They do not affect the bandwidth for upstream traffic (from the client to the access point).
  As you can see from the above note taken out of the linked document the roll based rate limit doesnt really rate limit the T1 traffic any guest user consumes it only limits usage from the AP down to the client.
  #1 I am looking for a solution that limits the users up & down streams (if possible) & also before it leaves the AP for the T1.
  The idea is to limit WAN utilization.
  #2 I read in the forums here others asking about the "user role" and saw some comments saying it is not considered "best practice" to use user roles.
  Let me clarify that our guest ssid's are using the http webpage pass through for authentication and it is really only the tic mark to indicate they understand the terms and conditions of using our internet as a guest service. No actual user accounts are used on the guest ssid's.
  ***One last question about this and any other changes***
  Will any change I make be on the "Foreign, Anchor" or both Controllers?

• Rate-limit command 3560 does it exist?

  I have just come across a command in my router IOS which might be useful too me. I was wondering if the following command is available on a 3560 Switch. I don't see it on my 3550 but the IOS is quite old. I don't have a 3560 avaiable currently to check.
  Config t > int vlan x > rate-limit input/output
  does this exist on the 3560? I am also interest if it does in the Bits per second range and if available input/output.
  Thanks for any help

  Hello,
  what kind of feature are you looking for?
  CAR?
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a0080087f26.html#wp1037428
  For command list check the following link:
  Catalyst 3560 Switch Command Reference, Rel. 12.2(25)SEE
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/cr/index.htm
  For QOS configs:
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swqos.htm
  If you need to rate limit traffic on an interface check:
  Limiting the Bandwidth on an Egress Interface
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swqos.htm#wp1253412
  Hope this help a bit,
  if it does, please rate this post.
  Vlad

• Bandwidth Management(Rate Limit) Using QoS Policies

  Hello,
  I need some advice. We have an ASA 5525 running version 8.6(1)2 and a 10 MG pipe. I have execs that want to limit bandwidth on users for stuff like youtube, stream media, and downloads. I found the article on ‘Bandwidth Management(Rate Limit) Using QoS Policies’ so it appears our firewall can do what we want. I’m not a cisco person. My knowledge is limited when it comes to configuration – that’s why we have SmartNet :). The advice I need is what to ask for, so to speak, when I put a case in. Can bandwidth be limited on end users and/or can they limit the ‘bandwidth rate limit’ to just youtube, steaming media, and downloads? If so, what should the limit be? and I’m assume this would be for ‘incoming’ traffic only? we’re running into some bandwidth hogs – usually youtube and/or streaming media. We have a Barracuda web filter which we’ve used to block and monitor activity but I simply do not have time to babysit this all day. I should also mention we do have critical data running up and down the pipe; such as credit card processing, DB replication between in house DB and hosted website, TPCx and EDI, FTP, and such that we don’t want restricted.
  Need input please,
  Thanks,
  D

  Hello,
  That's a question that you as the network admin of that organization could answer.
  How much traffic for business purposes must travel via HTTP/HTTPS?
  How much bandwith are you willing to provide to this 2 protocols?
  Those are the kind of answers you need to answer before setting the number
  Regards
  Remember to rate all of the helpful posts, Just click the 5 stars at the left of each post
  Julio

• Service-Policy Or Bandwidth Rate Limit for IP

  Hii Netpros,
  Is this possible to configure the Service Policy(for Bandwidth) or Bandwidth Rate Limit for Single IP. For eg: If we want to configure the Service Policy(for Bandwidth) or Bandwidth Rate Limit of 2Mb for only IP " 10.10.10.3" on network  i.e the Host or device which is configured with this IP can access upto 2Mb only.
  Actual Network :-   We need this to configure this for wireless customers, Actually we have created one Vlan 2 (IP:- 10.10.10.1/29 @ our end router) , 10.10.10.2 on Basestation wiresss device (Vlan 2 allowed on this wireless device) and this wireless device is working as point to multipoint wireless. i.e 2 or more then 2 wireless customers or last mile will connect to this basestation wireless.  Wireless customer-1 is 10.10.10.3 (2Mb bandwidth)  and Wireless Customer-2  10.10.10.4 (512Kb).
  Hence we require to limit the bandwidth for this 2 wireless customers having different bandwidth. how to acheive & control bandwidth @ our end router for them. please suggest.
  Thanks

  This topic is probably better suited in another Infrastructure forum, but I suppose it depends on which features are supported by your Cisco hardware and software. This doc discusses a variety of options:
  http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html
  For example, with the older CAR (committed access rate) approach:
  interface FastEthernet5/0
       rate-limit input access-group 101 20000000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
       rate-limit input access-group 102 5120000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
  access-list 101 permit ip 10.10.10.3 0.0.0.0
  access-list 102 permit ip 10.10.10.4 0.0.0.0
  You can observe CAR in action with "show interfaces fa5/0 rate-limit" for example.

• User based rate limit

  Hi,
  Iam looking for a way to Rate Limit - Vlan interfaces,
  Somting like this .. or do I need to change the service-policy to rate-limit for it to work
  Interface Vlan2
  Description Customer-A
  service-policy input police-customerA-traffic
  service-policy output police-customerA-traffic
  ip address 10.10.10.1 255.255.255.252
  Interface Vlan3
  Description Customer-B
  service-policy input police-customerB-traffic
  service-policy output police-customerB-traffic
  ip address 10.10.11.1 255.255.255.252
  Interface Vlan4
  Description Customer-C
  service-policy input police-customerC-traffic
  service-policy output police-customerC-traffic
  ip address 10.10.12.1 255.255.255.252
  Interface GigabitEthernet3/1
  Description Trunk - Customer-A - Customer-C
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 2,4
  switchport mode trunk
  Interface GigabitEthernet3/1
  Description Trunk - Customer-B
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 3
  switchport mode trunk
  Is that posible ??, or do i need to make user based rate limit based on Source / destination adresses, and move the service policy to the physical interface ??
  Hardware in this case Cisco 7609 running MPLS
  Thanks in advance.
  /Peter

  Can you explain your network topology a little?. This would help me to understand your network setup and help you in this issue accordingly.

• Rate limit guest ssid 5500 foreign to 2504 anchor

  Hi
  We have a need to limit bandwidth on guest ssid that is tunnelled to anchor controller.  The 2504 doesn't have rate limiting options but the 5500 does.  If we enabled the rate limit on the SSID details on the foreign would it work (seeing as though the anchor can't have same settings).  I would have thought that the access points terminate on the foreign therefore the rate limit would apply there.
  Would this work or do I need another 5500 as the anchor so that rate limits can match on the SSID?

  Thanks.  It would be nice if Cisco documentation actually clarified this as all guest anchor docs seem not to mention having to have both controllers supporting QoS profiles.

• Wireless rate limit

  Hi,
  My network infrastructure as simple as following:
  LAN(edge switches 3560).......>Aggregator switch(3750)........>Firewall(ASA 5510)........>Router.......>Internet
  I define 3 wireless VLANs with 3 SSIDs on the Aggregator switch(3750):
  1. one SSID for company employees.
  2. one SSID for wireless IP phones.
  3. one SSID for company guest which access only internet.
  And the wireless APs connected to the LAN(edge switches) direct with trunks.
  My question is how to apply a rate limit for SSID for company guest to access internet with B.W. of 128kbps only.
  I tried policy map to be applied on the aggregator switch(3750) on the VLAN interface, but, it is not working.
  So, any suggested help, please.

  Hi Ahmed:
  With autonomous APs, rate limiting isn't possible.  All the autonomous APs support is QoS and that's pretty iffy.  At the core of the issue, you're dealing with radio waves and which ones arrive at the radio first, and who was prevented from talking because someone else was talking.  Dealing with these QoS and traffic shaping/policing issues are really tough with wireless because the transmission medium itself is unreliable.
  The "Configuring QoS" chapter of the autonomous AP configuration guide
    http://tools.cisco.com/squish/5aCf1
  will show you how you can map priority tagging to an SSID so that in that path from radio receiver to outbound on the fastethernet interface toward the rest of the network, you can control which SSID's packets get up into the network first, but the reverse path is a different story.  Because the wireless medium is half-duplex acknowledged, you can have a high priority packet out there on the radio interface trying to be beamed out to the client, and if the client isn't sending their ACK or what have you, it's going to sit and retry until its 63 retries are done before it gets out of the way to let the next high priority packet have a turn at getting transmitted out.
  Once the traffic gets past the edge switch, the fact that it was at one time wireless is irrelevant.  You should look at it as a general "rate limiting one VLAN's traffic over another" and check with the routing protocols or traffic shaping folks.
  Sincerely,
  Rollin Kibbe
  Network Management Systems Team

• Upstream traffic rate limit

  Hi all,
  Upstream traffic rate limit is not supported by WLC . It will be done by AP.
  We have setup of Auto anchor for both corporate and guest(but authentication mechanism is diffrent) . They wont access any internal resouce .Only interner traffic is permitted.
  So can we limit the internet traffic for guest users .? If we limiting the upstream traffic at the AP level what would be the concerns we may face?
  Kindly help on this.
  Thanks,
  Regards,
  Vijay

  Hello Vijay,
  As per your query i can suggest you the following solution-
  Please refer table 1 of the given link-
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3900.shtml
  Hope this will help you.

• Rate-limit Burst explanation

  Hi All - I need your help to understand the Burst value in the Rate-Limit
  Example: rate-limit input access-group 101 20000000 24000 32000
  I understand the above configuration limit the traffic to 20Mbps. How to calculate the Burst-Normal (as per example above 24000 Bytes) and Burst-Max(as per above example 32000 Bytes). What is the logic for arriving the Burst-Normal & Burst-Max?
  Thanks in advance
  SAIRAM

  Hi Sairam,
  below are definitions of few terms which are involved here
  CIR : committed information rate, in bits per second, defines the rate defined in the traffic contract.
  Tc : Time interval,measured in miliseconds, over which the committed burst (Bc) can be sent.
  Bc : Committed burst size,measured in bits. This is the amount of traffic that can be sent over the interval Tc.
  Be : Excess burst size, in bits. This is number of bits beyond Bc that can sent after a period of inactivity.
  Formula to calculate Bc is 
  Bc = CIR*Tc
  Now to understand Bc and Tc, say suppose you have applied 20mbps rate-limit on a 100mbps fastethernet link. Now link can send data (bits) with clock-rate only which is 100mbps so to achieve 20mbps rate on that link router needs to send traffic for 1/5th of a sec and remain idle for 4/5th of a second. 1/5th of sec is 200 msec. If router will send traffic for 200msec and not sending traffic for next 800msec, it can achieve rate of 20mbps but a packet arrived at 199th sec will need to wait for 800msec and this will add unnecessary latency to the packet. To avoid this, router sends few bits for short duration and then does not send for some duration. For the period it sends traffic is called Tc value. and the number of bytes it can send during that interval is called Bc  value. So CIR = Bc/Tc (bits per interval).
  Now we dont have option to configure Tc but we can configure CIR and Bc, and Tc will automatically be calculated. If we do not configure Bc then router takes default Tc of 125ms and calculates the Bc. 
  What value to choose for Bc
  If we configure Bc too large then Tc will go high for same CIR and this may cause delay or jitter for delay sensitive traffic. For delay sensitive traffic cisco recommends to have Tc 10ms or less.
  If i calculate Tc in the given example, it is coming as 9.6ms which is close to 10ms that is why Bc is set as 24000.
  Tc = Bc/CIR
     = 24000(bytes)/20000000(bits/sec)
     = 192000(bits)/20000(bits/ms)
     = 192/20
     = 9.6 msec
  Now Be is to give extra bandwidth for small interval(Tc) to cater some bursty traffic. Assume there is a bucket which gets filled with Bc amount of token in every Tc interval and router can send traffic if there is sufficient  amount of token available in the bucket, equal to the packet size. After forwarding packet router reduces same amount of token from the bucket. Size of bucket is also equal to Bc which means if there is no traffic for Tc interval, bucket can not hold more token. Be is to increase the size of bucket to (Bc + Be). Now in every Tc interval bucket will be filled with Bc token and if there is a period of inactivity then in next interval bucket can be filled with extra Bc amount of token till it reaches to (Bc + Be) and if there is any bursty traffic (more than Bc) same can be adjusted. So for a very small period router may send traffic with more rate (higher than CIR, since sending Bc+Be in Tc interval) but over a period does not cross CIR.
  You can also use below "Ask the expert" event for QoS to further queries related to QoS.
  https://supportforums.cisco.com/discussion/12259571/ask-expert-quality-service-qos-cisco-ios-routers
  Please dont forget to rate post if it has been helpful.
  Regards,
  Akash