User based rate limit
Hi,
Iam looking for a way to Rate Limit - Vlan interfaces,
Somting like this .. or do I need to change the service-policy to rate-limit for it to work
Interface Vlan2
Description Customer-A
service-policy input police-customerA-traffic
service-policy output police-customerA-traffic
ip address 10.10.10.1 255.255.255.252
Interface Vlan3
Description Customer-B
service-policy input police-customerB-traffic
service-policy output police-customerB-traffic
ip address 10.10.11.1 255.255.255.252
Interface Vlan4
Description Customer-C
service-policy input police-customerC-traffic
service-policy output police-customerC-traffic
ip address 10.10.12.1 255.255.255.252
Interface GigabitEthernet3/1
Description Trunk - Customer-A - Customer-C
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,4
switchport mode trunk
Interface GigabitEthernet3/1
Description Trunk - Customer-B
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3
switchport mode trunk
Is that posible ??, or do i need to make user based rate limit based on Source / destination adresses, and move the service policy to the physical interface ??
Hardware in this case Cisco 7609 running MPLS
Thanks in advance.
/Peter
Can you explain your network topology a little?. This would help me to understand your network setup and help you in this issue accordingly.
Similar Messages
-
Per user bandwidth rate limit.
How to configure per user bandwidth rate limit for wireless guest client, authentication server is ISE 1.2 & wireless controller is 5760.
The Cisco 5760 WLC supports better QoS than other c
ontrollers, allowing prioritization of mission-crit
ical
applications:
●
The Cisco 5760 WLC supports four wireless hardware
queues and priority-based queuing compared to
software-based queuing in existing controllers.
●
The Cisco 5760 WLC follows MQC based commands, allo
wing usage of exact commands for configuring
QoS on different types of network devices.
●
The Cisco 5760 WLC supports QoS policies to be appl
ied in a hierarchical fashion with more granularity
per SSID per radio, while on the current controller
s granularity is per WLAN.
●
The Cisco 5760 WLC supports approximate fair bandwi
dth to make sure of fairness at client, SSID, and
radio levels for Non-Real Time (NRT) traffic. There
fore, if one user consumes excessive bandwidth, we
can
limit the amount of bandwidth that user receives an
d thereby not deprive other users. -
WLC user rate limit on guest ssid anchor controller
Hi,
I have been looking through the forums & some cisco documents but not found a good example similar to what I am seeking to do so now I am turning to the expertise of my peers.
We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ.
Both the foreign and anchor controller are here at my location.
I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid.
As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
Thanks guys!
Oh and here is my hardware & software levels.
5508wlc - forgeign
4402wlc - anchor
Software Version
7.0.230.0Amjad,
Thank you for taking the time to respond as well as the document link.
It was pretty clear on the steps and what it would impact.
Two things that push me for a different solution (assuming their is one).
Note The values that you configure for the per-user bandwidth contracts affect only the amount of bandwidth going downstream (from the access point to the wireless client). They do not affect the bandwidth for upstream traffic (from the client to the access point).
As you can see from the above note taken out of the linked document the roll based rate limit doesnt really rate limit the T1 traffic any guest user consumes it only limits usage from the AP down to the client.
#1 I am looking for a solution that limits the users up & down streams (if possible) & also before it leaves the AP for the T1.
The idea is to limit WAN utilization.
#2 I read in the forums here others asking about the "user role" and saw some comments saying it is not considered "best practice" to use user roles.
Let me clarify that our guest ssid's are using the http webpage pass through for authentication and it is really only the tic mark to indicate they understand the terms and conditions of using our internet as a guest service. No actual user accounts are used on the guest ssid's.
***One last question about this and any other changes***
Will any change I make be on the "Foreign, Anchor" or both Controllers? -
Hello, anyone know if its possible to set a maximum bandwidth for the entire wlan or for entire Vlan in the WLC 5508 ?
ThanksThis is a big desire for us too.
You can do this multiple ways on the infrastructure:
if using 6500s, you can use user-based rate limiting
you can do this on various firewall products such as pfsense.
You can use ingress & egress queuing on the switch, but it may not work as desired.
We settled on using ip-nbar & policy routing for now to clamp down on file sharing protocols and also download urls with various extensions such as .iso, .dmg, .zip.....
The challenge we found with per user limiting was that few solutions support the client count/demand that we see.
If your environment is more spread out, you may have better luck with traffic policing and/or shaping at the switch level.
As per wlan rate limiting, it will really depend on your infrastructure hardware & IOS supported functions.
I agree about not shaping over the air, keep as much extraneous traffic off the air as possible. -
Policy-map based rate-limiting per vlan
Hi
I was thinking if someone could help me to come up with solution to a problem. Scenario as follow:
I have a trunk interface with multiple vlans on:
interface GigabitEthernet2/0/3
description TRUNK-to-*********
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 415,416,610,1191-1193,1195
switchport mode trunk
duplex full
storm-control broadcast level pps 1k
storm-control multicast level pps 3k
storm-control unicast level pps 250k
storm-control action trap
spanning-tree portfast trunk
spanning-tree bpdufilter enable
I'm trying to rate limit two of the vlans that are present on this trunk interface - vlan 415 and vlan 1192.
So I'm putting the class-map (to be later applied under the policy-map which is not significant here):
(config)#class-map match-any 120-mbps-class
(config-cmap)#match input-interface vlan 415
(config-cmap)#match input-interface vlan 1192
Now, when you show the class-map I created, I can see this:
sh class-map 120-mbps-class
Class Map match-any 120-mbps-class (id 1)
Match input-interface Vlan415
Match input-interface FastEthernet0
For some bizzare reason class-map is matching the Fa0. I have researched this, and this is most probably because you can only match 1 vlan instance under the class-map.
And here's my problem - I can't police whole interface as the other vlans should not be policed - how can I police those two vlans ?
Any thoughts ? All help appreciated as always.
Rob.Hi Daniel,
I have labed it and unfortuantely it does not work as expected. I have put 1x 3750 and 1x 2960 trunk between them, each box had an access port for laptop to create some traffic across. All vlan-based qos has been applied on 3750G.
3750G config
Interface g1/0/20
descriprion trunk
swicthport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 100,120
Interface g1/0/1
description access
switchport mode access
switchport access vlan 100
Interface vlan 100
ip address 192.168.100.254
service-policy input PARENT-POLICER
Interface vlan 120
ip address 10.10.10.1
Policy-map PARENT-POLICER
class PERMIT-ANY-CLASS
trust COS
service-policy CHILD-POLICER
class-map match-any PERMIT-ANY-CLASS
match access-group name POLICY-LIST
Extended IP access list POLICY-LIST
10 permit ip any any
Policy-map CHILD-POLICER
class INTERFACE-POLICE-CLASS
police 100000 8000 exceed-action drop
Class Map match-any INTERFACE-POLICE-CLASS
Match input-interface GigabitEthernet1/0/20
2960 config:
interface g0/20
switchport mode trunk
switchport trunk allowed vlan 100,120
interface g0/1
switchport mode access
switchport access vlan 100
interface vlan 100
ip address 192.168.100.253
interface vlan 120
ip address 10.10.10.2
So as you can see vlan 100 is the one it need to be rate limited (I have only rate limited to 100kbps just to see if it's working) and vlan 120 is only on the trunk ports to confirm if the traffic for this one is not affected.
Unfortunately when the policing is applied on 3750 vlan 100 (and policing is working fine) then I can see the packet loss while pinging between switches on vlan 120 suggesting that the policy is affecting the other vlan as well. When I take the policy out of the vlan 100 I cannot observe the packet loss on vlan 120 meaning is no longer affected.
Not sure if I have explained this clear enough so far, if not let me know.
Do you have any suggestions ?
Thanks! -
WLCS 3.5 on WebLogic 6.0 - Getting users based on a property
Hello all,
I am developing a web application atop WebLogic Commerce Server 3.5 and
WebLogic 6.0. One of the features of the application shows users based on a
property in the profile. For example, the profile has a property called
"State", and the list would show all users from California.
My questions are:
1. Is there a way to get a list of usernames based on a property in a
property set?
2. Has anyone solved a similar problem? If so, how?
Currently I can only see two options for solving this problem:
1. Through the UserManager I can use:
com.beasys.commerce.axiom.contact.UserManager
getUserNamesForGroup(java.lang.String groupName, java.lang.String
searchExpression, int limit)
This would give me a list of users in the group. I would then have to
iterate through each profile and check the property. This approach seems
like it would be expensive and consume a lot of system resources.
2. Alternatively, I could develop a data access object to query the database
and return a result set of usernames. This approach seems like a better
solution; however, if there is a way to accomplish what I need through the
WLCS API I would prefer to use the API (I don't want to re-invent the
wheel).
Any assistance you can offer is much appreciated.
Thanks,
ErikEric,
There is no way of doing this through the API that I am aware of. We are
actually considering adding this feature for 8.0.
Sincerely,
Daniel Selman
"Erik Pilz" <[email protected]> wrote in message
news:[email protected]..
Hello all,
I am developing a web application atop WebLogic Commerce Server 3.5 and
WebLogic 6.0. One of the features of the application shows users based ona
property in the profile. For example, the profile has a property called
"State", and the list would show all users from California.
My questions are:
1. Is there a way to get a list of usernames based on a property in a
property set?
2. Has anyone solved a similar problem? If so, how?
Currently I can only see two options for solving this problem:
1. Through the UserManager I can use:
com.beasys.commerce.axiom.contact.UserManager
getUserNamesForGroup(java.lang.String groupName, java.lang.String
searchExpression, int limit)
This would give me a list of users in the group. I would then have to
iterate through each profile and check the property. This approach seems
like it would be expensive and consume a lot of system resources.
2. Alternatively, I could develop a data access object to query thedatabase
and return a result set of usernames. This approach seems like a better
solution; however, if there is a way to accomplish what I need through the
WLCS API I would prefer to use the API (I don't want to re-invent the
wheel).
Any assistance you can offer is much appreciated.
Thanks,
Erik -
User based block the pricing field in the sale order
HI FRIEND
We have requirement user based block the pricing field in the sale order
pls suggest me the configuration steps
with regards
dineshhi friend
when create a sale orde,r price and exchange rate is triigger from the master record.
head department want not require to End user to change the price in the sale order .
so head department only have authorisation to change price.
selected user is not allow the change the price.
so i need the configuration
with regards
dinesh -
Bandwidth Management(Rate Limit) Using QoS Policies
Hello,
I need some advice. We have an ASA 5525 running version 8.6(1)2 and a 10 MG pipe. I have execs that want to limit bandwidth on users for stuff like youtube, stream media, and downloads. I found the article on ‘Bandwidth Management(Rate Limit) Using QoS Policies’ so it appears our firewall can do what we want. I’m not a cisco person. My knowledge is limited when it comes to configuration – that’s why we have SmartNet :). The advice I need is what to ask for, so to speak, when I put a case in. Can bandwidth be limited on end users and/or can they limit the ‘bandwidth rate limit’ to just youtube, steaming media, and downloads? If so, what should the limit be? and I’m assume this would be for ‘incoming’ traffic only? we’re running into some bandwidth hogs – usually youtube and/or streaming media. We have a Barracuda web filter which we’ve used to block and monitor activity but I simply do not have time to babysit this all day. I should also mention we do have critical data running up and down the pipe; such as credit card processing, DB replication between in house DB and hosted website, TPCx and EDI, FTP, and such that we don’t want restricted.
Need input please,
Thanks,
DHello,
That's a question that you as the network admin of that organization could answer.
How much traffic for business purposes must travel via HTTP/HTTPS?
How much bandwith are you willing to provide to this 2 protocols?
Those are the kind of answers you need to answer before setting the number
Regards
Remember to rate all of the helpful posts, Just click the 5 stars at the left of each post
Julio -
I have a Cisco SG300 small business switch and 541 APs. There are 2 VLANs in our network. One must be limited by bandwidth. Does anyone have an idea for configure vlan rate-limiting on SG300? And please describe CIR & CBS for me. Thanks.
http://www.cisco.com/en/US/partner/products/ps10898/prod_command_reference_list.html
Cisco Small Business 300 Series Managed Switches Command Line Interface Guide Release 1.3
Select CIR and CBS according to your design. You can use a larger CBS when performance is not ideal.
49.23 rate-limit (VLAN)
Use the Layer 2 rate-limit (VLAN) Global Configuration mode command to limit the
incoming traffic rate for a VLAN. Use the no form of this command to disable the
rate limit.
Syntax
rate-limit vlan-id committed-rate committed-burst
no rate-limit vlan
Parameters
• vlan-id—Specifies the VLAN ID.
• committed-rate—Specifies the average traffic rate (CIR) in kbits per second
(kbps). (Range: 3-57982058)
• committed-burst—Specifies the maximum burst size (CBS) in bytes.
(Range: 3000-19173960)
Default Configuration
Rate limiting is disabled.
Committed-burst-bytes is 128K.
Command Mode
Global Configuration mode
User Guidelines
Traffic policing in a policy map takes precedence over VLAN rate limiting. If a
packet is subject to traffic policing in a policy map and is associated with a VLAN
that is rate limited, the packet is counted only in the traffic policing of the policy
map.
This command does not work in Layer 3 mode. It does not work in conjunction with
IP Source Guard.
Example
The following example limits the rate on VLAN 11 to 150000 kbps or the normal
burst size to 9600 bytes.
switchxxxxxx(config)# rate-limit 11 150000 9600 -
FD32 restrict users based on a schedule of authority
All,
I have a requirement within FD32 to restrict users based on a schedule of authority. For example, only allowing credit limits to be changed in a user's authorized dollar range. I was able to restrict the Credit Limit field (change/display) by using field groups, but I have an extension of the requirement for a schedule of authority. Can someone please help?You could use F_KNA1_BED, I guess - but that would mean excessive maintenance of both: BEGRU and customers, if I understood your scenario correctly and you really, really want to break that down to single customers.
It would be even more excessive to utilize F_KNA1_GRP. Can be done, though.
Both solutions are completely un-elegant and I am not happy proposing them. But I am curious as a cat: what exactly is the business process expecting you to restrict access to customer data down to a single customer?
Edited by: Mylène Dorias on Mar 24, 2010 8:39 AM -
Hi all,
Upstream traffic rate limit is not supported by WLC . It will be done by AP.
We have setup of Auto anchor for both corporate and guest(but authentication mechanism is diffrent) . They wont access any internal resouce .Only interner traffic is permitted.
So can we limit the internet traffic for guest users .? If we limiting the upstream traffic at the AP level what would be the concerns we may face?
Kindly help on this.
Thanks,
Regards,
VijayHello Vijay,
As per your query i can suggest you the following solution-
Please refer table 1 of the given link-
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3900.shtml
Hope this will help you. -
Configuring rate-limit in switch 6500
Good morning gentlemen
Consider a 6509E (supervisor 720 3B) switch with many interface VLANs configured, one of each related to each customer. Each interface VLAN had configured a rate-limit input and output configured representing the maximum bandwidth permitted for the customer.
I could configured that way using the old IOS s72033-ipservicesk9_wan-mz.122-18.SXF7.
Last weekend I had to upgrade that IOS to s72033-ipservicesk9_wan-mz.122-33.SXJ7. All rate-limits in VLAN interfaces disappeared, probably not supported in this new version.
Now, what's you recommendation to perform the same in this IOS version?...I only found the policy-map/service-policy way.
Follow my questions:
1 - "mls qos" is globally disabled. Should I configure globally or by interface VLAN?... Expected any impact?
I believe that only need "police" for QOS. No need for any other kind of QOS.
2 - Should I enable "mls qos vlan-based" for each physical layer 2 port connected to that switch related to each interface vlan with police?
Expected only one physical port (or port-channel) for each customer (and each VLAN) connected to a switch.
Thank you and regards
ChristianInteresting that I have just upgraded the IOS to the last version 12 release.
I think that for the reason that we are facing high CPU usage for "IP Input" process, something related to mls/cef is not tunned.
Anyone has any idea regarding the configuration presented?
Regards
Christian -
6500 hardware rate-limit drops
Hi,
I'm a bit new on 6509s - could anyone tell me how to show if any packets are dropped on a 6509 due to hardware rate-limiting such as
mls rate-limit layer2 pdu 1000 100
I've tried show mls rate-limit and sh mls rate-limit usage.
Hardware is sup720, software is 12.2(33)SXJ9
Thank you.I've been doing some more digging and probably answered my own question in that I found a document which states:
"There are no counters associated with the special-cases hardware-based rate-limiters, and these mechanisms cannot be monitored." -
Prevalence between service policy and rate limit
Hi,
I have a question, on the wan interface on my router I have configured two QoS configuration: one is based on rate-limit pointing to a an specified traffic but also I have a configuration with a service policy that include the same traffic with a restriction of bandwidth . I do not know what policy has prevalence if the service policy or the rate limit.
Regards.Hi Rajan ,
Thanks for teh reply.
I'm but confused with your answer....
We have SRM 5 implemented at our place and I see that service carts created in the system using the link "ORDER" when converted to PO's in Sourcing create Purchase orders with HIERARCHY structure i.e. 1 header and 1 item(with the actual service line) but when they are replicated to ECC,we have done an enheancement to create LIMIT PO's for service orders.
Hence I wanted to know when do we need to create SERVICE HIRERACHY based PO's in SRM and when we need to create LIMIT PO's directly in SRM?
Also I understand that in SRM,for limit PO's,when the PO item is deleted in PROCESS PO trasnctions,the items are not returned back to sourcing.We dont want this to happen for all types of PO's(both material and Service).We want that when a PO item is deleted,the item should return back to sourcing.
But other then above functionality,what are the advantages of creating SERVICE based HIERARHCY PO's v/s LIMIT PO's in SRM?
Please advise.
Any inputs from Experts on this forum will be appreciated.
Thanks in advance. -
3750X rate-limit (QoS)
Hello,
I'm trying to configure a rate-limit in a 3750X but I'm not seeing any result...
These are my configurations:
RF#show run
Building configuration...
Current configuration : 23410 bytes
! Last configuration change at 08:53:35 UTC Sun Mar 14 1993
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RF
boot-start-marker
boot-end-marker
no aaa new-model
switch 1 provision ws-c3750x-48p
system mtu routing 1500
ip routing
ip domain-name erf.carco.com.mx
rep admin vlan 100
mls qos
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 2
vlan 4
vlan 6
vlan 8
vlan 10
vlan 20
vlan 21
vlan 22
vlan 23
vlan 25
vlan 26
vlan 30
vlan 50
vlan 53
vlan 70
vlan 81
vlan 91
vlan 92
vlan 93
vlan 95
vlan 96
vlan 99
vlan 100
vlan 102
vlan 110
vlan 122
vlan 129
vlan 200
vlan 213
vlan 227
vlan 333
vlan 357
vlan 417
vlan 444
vlan 500
vlan 502
vlan 555
vlan 700
vlan 712
vlan 910
vlan 911
vlan 951
vlan 1105
vlan 1508
vlan 1830
vlan 1870
vlan 1890
vlan 1891
vlan 1892
class-map match-any test
match access-group 100
policy-map test
class test
police 150000000 512000 exceed-action drop
interface Loopback0
ip address 10.20.40.106 255.255.255.0
interface Port-channel22
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
rep segment 10
interface Port-channel24
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
rep segment 10
interface FastEthernet0
no ip address
no ip route-cache
shutdown
interface GigabitEthernet1/0/1
interface GigabitEthernet1/0/2
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
no logging event link-status
shutdown
speed 1000
duplex full
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,8,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
speed 1000
duplex full
interface GigabitEthernet1/0/5
interface GigabitEthernet1/0/6
interface GigabitEthernet1/0/7
interface GigabitEthernet1/0/8
interface GigabitEthernet1/0/9
interface GigabitEthernet1/0/10
switchport access vlan 91
switchport mode access
logging event link-status
interface GigabitEthernet1/0/11
interface GigabitEthernet1/0/12
interface GigabitEthernet1/0/13
interface GigabitEthernet1/0/14
interface GigabitEthernet1/0/15
switchport access vlan 91
switchport mode access
logging event link-status
interface GigabitEthernet1/0/16
interface GigabitEthernet1/0/17
interface GigabitEthernet1/0/18
interface GigabitEthernet1/0/19
interface GigabitEthernet1/0/20
switchport access vlan 91
switchport mode access
logging event link-status
interface GigabitEthernet1/0/21
interface GigabitEthernet1/0/22
interface GigabitEthernet1/0/23
interface GigabitEthernet1/0/24
interface GigabitEthernet1/0/25
switchport access vlan 910
switchport mode access
interface GigabitEthernet1/0/26
interface GigabitEthernet1/0/27
interface GigabitEthernet1/0/28
interface GigabitEthernet1/0/29
interface GigabitEthernet1/0/30
interface GigabitEthernet1/0/31
interface GigabitEthernet1/0/32
interface GigabitEthernet1/0/33
interface GigabitEthernet1/0/34
interface GigabitEthernet1/0/35
interface GigabitEthernet1/0/36
interface GigabitEthernet1/0/37
no switchport
bandwidth 150000
ip address 10.20.103.13 255.255.255.252
rate-limit output access-group 100 24000000 3000000 3000000 conform-action transmit exceed-action drop
logging event link-status
interface GigabitEthernet1/0/38
interface GigabitEthernet1/0/39
interface GigabitEthernet1/0/40
interface GigabitEthernet1/0/41
interface GigabitEthernet1/0/42
interface GigabitEthernet1/0/43
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
channel-group 24 mode on
interface GigabitEthernet1/0/44
interface GigabitEthernet1/0/45
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/0/47
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
channel-group 22 mode on
interface GigabitEthernet1/0/48
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 2,7,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
logging event link-status
shutdown
interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,8,10,20,50,53,60,70,91-93,95,96,99,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/1/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,8,10,20,50,53,60,70,91-93,95,96,99,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/1/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 2,6,8,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
logging event link-status
shutdown
interface GigabitEthernet1/1/4
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 2,6,8,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
logging event link-status
shutdown
interface TenGigabitEthernet1/1/1
interface TenGigabitEthernet1/1/2
interface Vlan1
no ip address
shutdown
interface Vlan6
description ***LANERF**
ip address 10.20.6.106 255.255.255.0
no ip redirects
interface Vlan23
description < TRANSITO MUR >
no ip address
no ip redirects
interface Vlan100
description < VLAN MAN >
ip address 10.20.100.106 255.255.255.0
no ip redirects
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 032368342B2F0F
ip ospf dead-interval minimal hello-multiplier 4
router ospf 1
router-id 10.20.40.106
auto-cost reference-bandwidth 100000
area 0.0.0.0 authentication message-digest
area 1.80.1.1 authentication message-digest
redistribute connected subnets
redistribute static subnets
passive-interface default
no passive-interface Vlan23
no passive-interface Vlan100
no passive-interface GigabitEthernet1/0/37
network 10.20.6.0 0.0.0.0 area 0.0.0.0
network 10.20.40.106 0.0.0.0 area 0.0.0.0
network 10.20.91.6 0.0.0.0 area 0.0.0.0
network 10.20.100.106 0.0.0.0 area 0.0.0.0
default-information originate
ip http server
ip http secure-server
access-list 100 permit ip 10.50.80.0 0.0.0.255 10.80.80.0 0.0.0.255
access-list 100 permit ip 10.80.80.0 0.0.0.255 10.50.80.0 0.0.0.255
snmp-server community ASComRO RO
line con 0
line vty 0 4
login
line vty 5 15
login
event manager applet track_qos_down authorization bypass
event syslog pattern "TRACKING-5-STATE: 15 ip sla 15 reachability Up->Down"
action 1 cli command "enable"
action 2 cli command "configure terminal"
action 3 cli command "interface giga1/0/37"
action 4 cli command "rate-limit output access-group 100 400000000 50000000 50000000 conform-action transmit exceed-action drop"
action 5 cli command "end"
event manager applet track_qos_up authorization bypass
event syslog pattern "TRACKING-5-STATE: 15 ip sla 15 reachability Down->Up"
action 1 cli command "enable"
action 2 cli command "configure terminal"
action 3 cli command "interface giga1/0/37"
action 4 cli command "no rate-limit output access-group 100 400000000 50000000 50000000 conform-action transmit exceed-action drop"
action 5 cli command "end"
end
ERF#
ERF#show mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
ERF#show mls qos inter gigabitEthernet 1/0/37
GigabitEthernet1/0/37
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
When I apply the command I'm seeing a gauge using a 3rd party but I'm not seeing that the traffic will be truncated @ 50Mbps.
Any thoughts???Hi
Bandwidth commands allocates the particular amount of bandwidth you mention or configure over there.
Basically you have the liberty to configure upto 75% of the available interface bandwidth to different classes.
most widelys used with CBWFQ technique..
so while configuring up the same better to watch out for the exact bandwidth value keyed in on the interface to have your alloocation work properly.
policing basically used for limiting the traffic or to control the bursts by dropping them or marking them with different ip precedence or DSCP values.
its very much similar to the rate-limit command applied on the interface level which again uses token bucket system either single or dual based on the configuration parameters.
for more info on above mentioned clis do check these links..
http://www.cisco.com/en/US/tech/tk543/tk545/tsd_technology_support_protocol_home.html
http://www.cisco.com/en/US/tech/tk543/tk544/tsd_technology_support_protocol_home.html
regds
Maybe you are looking for
-
I can't figure out how to import my native instruments into the library
I'm trying to use Komplete 8 as a plug-in and I can't figure out how to put it in to library.
-
Standard text in SO defined as bold doesn't come out bold in smartform
Hi Gurus, I have created a standard text in SO10 transaction and I have given to it the characteristic highlighted (bold) the test effectively appears as bold while in SO10. However when I call this standard text in a smartform (which is treated to
-
How do I view previous strings of questions and answers on FF support?
I read this response but it really doesn't answer the question. "If you are logged on then you see a My Contributions item in the Filter bar at the top that goes to: https://support.mozilla.org/questions?filter=my-contributions" I don't see the "filt
-
Chapters lost when converting movies for ipod
I have some video with chapters that when I convert them to ipod version the chapters are gone. Any reason for this?
-
Dear all , Today i am first time implementing daily backup for oracle 10g on rehl5.5. I completed RMAN Configuration. Now I made script for daily backup in which i include RMAN commands and this commands run successfully in RMAN according to my requi