Cisco Infrastructure :: 185 / Traffic-shaping On The LAN Interface?
May 5, 2011
There is a remote server that downloads info from a server here at HQ. When the dowloads start the rxload on the S0/0/0 interface jumps to 98 percent or so; rxload 250/255. I needed to limit the bandwidth utilization between the servers, so I added the below line to the LAN interface on the remote router.By adding the command, it reduced the download utilization -which is what I wanted.
access-list 185 permit ip host 10.6.27.1 any
!
int f0/0
traffic-shape group 185 10000 8000 8000 1000
Question:How would applying this to the LAN interface cause the download utilization (Coming from s0/0/0) to decrease?
View 4 Replies
ADVERTISEMENT
Mar 10, 2011
We are looking to implement traffic shaping/policing primarily for P2P traffic. As natively the ASA5550 is only capable of p2p inspection if the traffic is tunneled via port 80 is the AIP-SSM the way forward? We have 2 5550s in active/active failover config. As a side note we are also looking to implement an IDS/IPS system so could this module cover all?Is this module going to provide the desired outcome or is there another module/device out there better suited for this? I would prefer to use the ASA5550s as opposed to implementing another product if only that we can make use of the investment we already made on these devices.
View 1 Replies
View Related
Aug 4, 2011
I am trying to come up with the best way to traffic shape traffic with 3750 Me switches. the traffic will be coming from a 6504 Sup-7203b downstream and going out the wan. Core---L3---->6504--intvlan80--trunkport to--->3750Me---g/1/1/1-trunkport to---MetroE network--->int f0/0.80--branch router. The idea is to use the 3750 to traffic shape the traffic going towards the wan/branch to 500 to match the contracted rate and then to use qos on shaped rate. I tried to apply it to g1/1/1 using port based policies but it did not shape the traffic. I changed everything to IP interfaces and it worked. I need to break up the metroe into different vlans so I can bring branch offices in on different vlans.c
View 3 Replies
View Related
Mar 15, 2011
I am a traffic shaping newcomer and need some guidance as how to BEGIN to approach a problem with traffic. We have been rolling out Windows 7 at sites and the additional traffic it causes on installation is considerable as it has to request information from our central site to populate My Documents and Outlook mailboxes.This has caused some problems on sites as there traffic rates increase to the point that QoS is not sufficient to protect voice traffic and delays and one-way audio are being experienced.One question is this - is GTS a solution or is CBWFQ within GTS the solution or is something else preferable? The sites involved are data/voice with a variety of routers.Second question is this - if we have a remote site with a 3725 router as the WAN aggregator with one 4506/Sup IV and one Cat 3550-24-PWR the shaping should be best placed on the 3725, correct? Also, are there issues with shaping incoming/outgoing traffic as I seem to have read?FYI, the 3725 router has 12.4(8d) with IP VOICE/NO CRYPTO IOS version. The 4506 has 12.1(23)E4 with basic L3 feature set.
View 1 Replies
View Related
Jun 19, 2013
What's the good, inexpensive way to add traffic shaping to a small network? Let's say there are about 20 users on a T1 circuit. Existing router is an Adtran 3430 (from the telco so we can't touch it). Everything works fine except when they get really heavy with uploads/downloads when document scanning, and the telnet sessions to the mainframe app start getting dropped. Major PITA. Basically need to make telnet traffic a priority.Now, I could drop a pfSense box in there using an old workstation, but I'd like something I can stick in a rack, or is at least really small and hopefully under $200 or so.
View 7 Replies
View Related
Feb 6, 2011
I have a 3825 with a 1Gb fiber card at one of my sites. Our ISP and MPLS provider hand off a single gigabit fiber to us that contains 2 50MB EVC's.I need to apply QoS to one of the EVC's and shape them both to 50Mb to avoid upstream rate mismatch bottlenecks. Both of the EVC's generally only push 10Mb during business hours.When I run UDP stream tests (various rates from 500k-6m that are marked as AF41) to one of my other sites I am consistently getting about 2% packet loss, despite the fact the circuit isn't even close to 50% saturation. When I remove Shaping and QoS all together, the issue nearly clears itself up, except during peak hours and I get small bursts of packet loss, which is still unacceptable.When the pipe is at near zero utilization (after hours) there also is no packet loss with or with out the shaping/qos applied.
View 1 Replies
View Related
Feb 25, 2012
I want to take 100Mb incoming from a service provider and police it off into several VRFs for customers.One of these VRFs will be 30M.I further need to traffic shape this (30Mb) out to 40 x 0.75Mbps (burstable to 30M) customers.
I am using an ASR1001.
View 2 Replies
View Related
Nov 19, 2011
I have a client who has Cisco 3800 series routers in their data centre with which they have QoS/CoS policies implemented. They wish to further manage traffic by limiting outbound traffic to their branch sites in line with the network access bandwidth each site has available. Is this possible whilst leaving the QoS policies in place? If so how?
View 1 Replies
View Related
Jun 10, 2012
I have following scenario - router 2911 connected to 2950 switches with about 80 vlans. How can I limit speed on each of the 79 vlans (to equal % acros all of them) and give vlan 80 lets say 30% of total bandtwith. Since I am new to QOS, can you point me to the right website or give me example.
View 4 Replies
View Related
Oct 19, 2011
Is there any difference with traffic shaping capability on the 5510 as opposed to the 5505? is there anything the 5510 can do that the 5505 cant? with regards to TShaping?
View 4 Replies
View Related
Jun 1, 2011
I am trying to get ride of an old traffic management appliance and would like to replace it by a simple Cisco 3845.
The configuration is really simple:
Customers -- Router 3845 -- Internet
I want to be able to provide bundles to customer such 64kps garanteed/ 2mbps MIR (retail) and 2mbps garanteed no MIR (business).
I need also to specify to the router the total internet bandwitdh available (example: 20mbps symetrical).
This configuration will work ? Should I worry about any performance issue if I start to have a lot of customers ?
ip access-list extended Cust1
permit ip any sub_Cust1
permit ip subCust1 any
View 2 Replies
View Related
Feb 26, 2013
I am suggesting an ASR1001 as a head end router for a small hub spoke WAN consisting of 4 branch sites connecting to the head via LES. 3 are 100mb, one is 30 mb. I will be connecting the LES circuits to a swithc and then trunking to the router. I would like to apply outbound shaping to these 4 subinterfaces on the router, and just want to check this is supported?
View 1 Replies
View Related
Sep 8, 2011
I would like to know if there is a way to apply in the Cisco asa 5510 traffic shaping not for a interface but a single IP address.For example i would like to limit the bandwith for the IP address of my FTP server.
View 4 Replies
View Related
Apr 5, 2011
I hava Cisco ASA 5520 with AIP-SSM module. I would like to have the below features with ASA installed in Transparent mode.
1. Traffic shapping per user
2. Traffic shapping per IP subnet
3. Traffic shapping per Application
Is it possible with ASA installed in Transparent mode?
View 9 Replies
View Related
Jul 14, 2011
We are a new medical school located in PA. Just have just completed a new building and are now working on getting our network finished. Here is the situation we have a 50MB Internet Connection that comes into our network that then hits the ISPs Cisco 3750 which sends it to two of our Cisco 3750s for redundancy. From the 3750 goes into our Cisco 6509 with a FWSM module, then out from there to our distribution switches which are all Cisco 2960s.
What we would like to do is to control how much WAN connectivity each of our VRFs get. Right now we have a Faculty, Student, and Research VRF formed, and are trying to figure out the best spot where we can say Faculty gets 30MB of Bandwidth, Students gets 10, and Research gets 10. If possible would like burst capabilities.
View 3 Replies
View Related
Feb 18, 2012
I am trying to do policy on the interfaces of my switch WS-4507R, below the configuration I used to shap the traffic to 1 Mbps. However, when I tested it the traffic excceded the 1 Mbps.
class-map match-all 1MB
match access-group name 1MB
!
policy-map 1MB
class 1MB
[code]...
how I can restrict my bandwidth on the interface on 1 Mbps.
View 2 Replies
View Related
Mar 21, 2012
I am looking for step-by-step configuration on how to enable rate-limit and traffic shaping on Cisco 6513 vlan interfaces. I am not able to find this particular document on CCO.
View 3 Replies
View Related
Feb 8, 2011
I have lots of PPPoE users that get Virtual Access interfaces created upon login based on a virtual template. I need to traffic shape them. I know how to get it to work on an individual basis, because the policing within a service policy works fine. As soon as i change it to shaping it leaves things wide open.I really dont care how it gets done, I just need to be able to specify a speed to be traffic shaped and apply that to a virtual template. I need to limit speeds on the download and upload, i understand that the upload i will use the policing, but the download i need it to smooth out the flow and be traffic shaped, not policed.
Here is my Policies and classes:
***
policy-map CHILD class class-default bandwidth 1650policy-map PARENT class class-default shape average 1650000 service-policy CHILD****
Here is my Virtual Template:
****
interface Virtual-Template8 description pppoe-auth-FTTH ip unnumbered FastEthernet0/0 ip access-group subs-in-FTTH in ip mtu 1493 timeout absolute 6120 0 peer default ip address pool FTTH-POOL ppp authentication pap pppoe-auth ppp authorization pppoe-auth ppp timeout idle 84600 service-policy output PARENT
[code]....
The results i am getting is unrestrcited throughput, i am seeing about 40mb of throughput when the target is to limit to 1.65MB. As you can see from the output the PARENT class is seeing 279116 packets, but the shaper only saw 59. In all the examples i see on the internet these two numbers should be the same. Why is the shaper not acting on all the traffic crossing that class/policy?
Hardware/IOS:
Cisco IOS Software, 7200 Software (C7200-IK9SU2-M), Version 12.4(12), RELEASE SOFTWARE (fc1)
View 11 Replies
View Related
Feb 13, 2011
ASA 5520 can handle 2 ISP? not to load balance or not standby/active but to use the 2 ISP at the same time and separately. for example, ISP_A who has 10m will be dedicated to the customer A/VLAN A, then ISP_B who has 4m will be for the rest of the customer's traffic. Can the ASA 5520 do traffic shaping or policy map just like in a normal router?
View 5 Replies
View Related
Oct 29, 2011
I make qos on VPN Tunnel, but i make command service-policy output name, it show the error below Traffic Shaping feature is not supported in user defined class of parent level policy.My cisco router 1921, IOS : c1900-universalk9-mz.SPA.150-1.M5.bin
View 1 Replies
View Related
Mar 26, 2013
We have some ASR WAN routers which have a dedicated 400M interface to a remote site.
Servers on our Local network source the data through some firewalls via 10G interfaces, which connects to 4500X WAN switches then to the Routers on 1G links.
The sources are rate limiting the traffic but the routers are periodically dropping packets which I think is mostly due to burstiness in the traffic between as it traverses through from 10G links to 1G then to 400M.
How to setup traffic shaping on the 4500X outbound port to our WAN routers.I'd like to see if we could buffer and smoothe out the traffic as it exits the 4500X WAN switch 1G port to the WAN Routers.
View 1 Replies
View Related
Jan 27, 2013
I have catalyst 3750 I want to controle traffics on every port I have tried Frame-Relay Traffice shaping and Quality of service but there is no support for these commands in the switch.do we have any way to limit traffic on every port in catalyst 3750 and 2960 switches ?
View 4 Replies
View Related
Oct 9, 2011
I have Pix 501 firewall and I'm just configuring the device for "Email Server" to allowing POP/SMTP.
Inside Interface Address: 132.147.162.14/255.255.0.0
Outside Interface Address: ISP provided IP address
My question is can my traffic goes from inside interface to outside interface? (because the inside interface address not from 10.0/172./192.168 private address)Also I'm allowing internet from this email server (132.147.162.14) so what my access list to be configured? and what my subnet mask shoud be there?
Pix(config)#access-list outbound permit tcp 132.147.162.14 255.255.0.0 any eq 80
Pix(config)#access-list outbound permit udp 132.147.162.14 255.255.0.0 any eq 53
Pix(config)#access-group outbound in interface inside
View 7 Replies
View Related
Oct 29, 2007
I have an 871 setup at home with a fairly basic configuration (NAT, Firewall, EasyVPN, Wireless). What I've noticed is that for traffic going from the WAN interface (FastEthernet4), it seems to be hitting the ACL in place for NAT. My config: [Code] .......
Where 76.22.98.39 is the dynamic IP address from the cable provider. If the traffic isn't passing through the router, why is it trying to NAT it?
IOS Version is 12.4(6)T9
View 18 Replies
View Related
Mar 24, 2013
I have started to notice an increase in traffic from all my LAN workstations to the multicast address of 224.0.1.20, all with the same destination port (79). IANA shows this address as reserved for "experimental testing". Are there any typical applications or protocols that use this multicast address? My first thought was malware running on the hosts but it's a little tricky to prove.
View 5 Replies
View Related
Nov 2, 2011
I have three routers 811 (independent), and the interface cellular 0 resets in all three.
View 3 Replies
View Related
Aug 5, 2012
We recently upgraded our bandwidth and I have to change the ip address on our ASA 5510. I just want to make sure that I am doing it right. All I will need to do is open up the ASDM and under confiugration go to interfaces and make the needed changes to the outside interface. Then under routing I will make the gateway IP change on the outside interface.
View 4 Replies
View Related
Jan 22, 2013
We bought Cisco Prime Infrastructure 1.2 appliance. The application seems to be pre-installed. I have gone through setup process. But I cannot connect/open web interface [URL].
View 10 Replies
View Related
Mar 7, 2012
We have a Cisco 3825 router which does not work well with a DSL modem(ISP provided). I have configured the Gi0/0 port of the router to plug into this DSL modem but it does not ping to the ISP gateway. If we do a shut/no shut on the interface then it work fine for about 30 secs. Sometimes even for 1 hr. Then the packets drop and we cannot pass any traffic through this interface.Now, if the ISP connection is terminated on a computer it works fine. It works fine without dropping any packet. I have tried various options like using a straight/cross cable. I have tried to configure the interface negotiation for 100/full, 100/half, auto/auto and almost all the options. I have also tried to interconnect the devices using a L2 device like a HUB. Nothing works.
View 7 Replies
View Related
Aug 31, 2006
I want to configure a MAC address on my asa 5520 interface.I ask you if exist a private MAC address range?
View 5 Replies
View Related
Jan 20, 2013
We have a data center with servers set up for different projects, some servers from partner companies and several small LANs. The traffic between all those needs to be controlled and firewalled. The servers and LANs are divided into different subnets and VLANs. Physically, their traffic is aggregated on a couple of 4506 and then sent to a FreeBSD server, where the logical gateways are set up and traffic is filtered between them.The BSD server is dying and having it there is incorrect in the first place, so we are planning to replace it with two ASA (5520) in failover.The question that arises is how to correctly implement firewalling between VLANs. Originally we thought to set up the firewalls in transparent mode and logically terminate VLANs on a stack of 3750 switches behind them, but would that filter the traffic between the VLANs? Then we thought to perhaps terminate the VLANs on the ASAs, use routing mode, and do filtering there, as well. Or should we implement multiple contexts? We have about 20 VLANs and all of them differ in rules of what should go there. None of this can be concidered an "inside" - trusted - zone, nor "outside". Internet and external links are connected and filtered in a different place.
View 1 Replies
View Related
Jul 10, 2011
We have the next Settings in our SW. We crate an ACL and aplied to a SVI for Incomming Traffic, I understand that is not necesasry to allow the returning traffic in ACL, but we can't access to rdp for example when we add the ACL, if we remove it, the acces is ok, buet when we add again the access is deny, even we have a log entry, and the ACL i just for Incomming traffic. There is no another ACL.
See attached file
[code]...
View 1 Replies
View Related
Sep 12, 2011
How I can prioritize Web Ex, Skype and some two websites on Cisco equipment. My set up is such that my 512kbps link goes to a Cisco 1941 router>Cisco ASA 5505>Cisco Catalyst Switch 2960>Computer.I want to be able to prioritize this on my network and test that it actually works.
View 1 Replies
View Related
