Cisco WAN :: 2811 - Internet Bandwidth Restriction?
May 1, 2012
Router 2811 got 3 Interfaces. One Interface connected to INTERNETProvider, Second Interface connected to Sales_Dept, Third Interface connected to Business_Dept. Internet Bandwidth in Total is 8MB. I need assistance to allocate 6MB total bandwidth to Sales_Dept and 2MB total to Business_Dept Sales_dept has 48port switch 2960, Business_Dept 24 port switch 2960. Gateway for users is the 2811 Router and both are on different subnets
View 3 Replies
ADVERTISEMENT
Aug 11, 2012
my client insisting to set a dscp value of 56 (= CS7 , the highest priority) for their video packet without any bandwith restriction in the input of fast ethernet port and PPP Multilink serial output port of the 7513 router. What will be the outcome at time of video streaming and video conference ? As this dscp value CS7 is the highest priority and reserved for network only.we are using ospf routing (some of the network is connected through this multilink port via ospf routing), also this ethernet is connected to various statice routed ip network via cisco asa and cisco 4507. The keep alive ospf neighbor router will be lost or not?
View 2 Replies
View Related
Aug 29, 2012
I am looking for some tips on managing my router. I have noticed lately our bandwidth useage has gone up and maxing our DSL line.Cacti is monitoring just for traffic trending and I am in the middle of getting NetFlow going.
Our router sits on the edge with no internal way to access it (or at least so I think right now.)
My thought is to enable NetFlow and port forward it into our network and use ManageEngine to see whats going on.I dont have any ACLs running on the router... We have two connections DSL and T1, I have them into a routing policy.Our nating and firewall sit behind the 2811.
View 1 Replies
View Related
Jun 10, 2013
We have two Cisco 2811 Routers setup with a GRE tunnel that we would like to constrain the bandwidth on to replicate a satellite connectinon of 400 kbits. We tried the bandwidth command 400, but from what I understand that is only for routing metrics and not actual speed of the interface.
View 5 Replies
View Related
Aug 29, 2012
I am trying to use GNS to simulate this, but a bit difficult to achieve this. May I know can the Cisco Router handle below requirement? Example Cisco 2811
1) Bandwidth management based on IP Address or Subnet? For example; allocate 1Mbps (CIR) and 10Mbps (BIR) to 172.16.1.10
2) Can the Cisco Router control the inbound and outbound bandwidth?
3) Can you share the sample config?
View 7 Replies
View Related
Jan 6, 2011
I got connected ASA ----- ROUTER 2811) to metroethernet switch from my ISP , with a 4MB of bandwidth but the internet connections to all my LAN has been frozen and we lost connection to the internet, to restart the internet service I need to boot the ROUTER 2811 - and ISP switch to rollback the internet operation,My ISP support tell me if is possible to set up the traffic bandwidth in one or both borders devices, ( ASA 5510 or ROUTER 2811)
View 3 Replies
View Related
May 1, 2012
I have a cisco Swtich SGH 300-20 Gigabit switch i configure 2 vlan one is default and one is vlan 10
Vlan 1 ip range 172.16.0.0/23
Vlan 10 ip range 172.16.2.0/24
Client on Vlan getting Proper IP from DHCP Server all i need is to distribute internet bandwidth we have 6/3 mb and i want to give 4/2 mb to vlan 1 and 2/1 mb to Vlan 10
Int Gi16 on switch is configured as trunk port and is connected to cisco 2811 router
what are the command used to distribute bandwidth between these 2 vlans
View 3 Replies
View Related
Mar 23, 2013
I have a task of setting up bandwidth limit on the 2811 router Fastethernet interfaces.The scenario is:We have a 4MB Internet connection and would like to allocate bandwidth usage to users.
Fastethernet 0/0 needs to be set with 256KB output and 2048 input. This is going to be connected to a wireless router. Fastethernet 0/1 needs to be configured with 2048 output.I could also use SDM if that's easier than using CLI.
View 2 Replies
View Related
Aug 2, 2011
While I was at school there was a system in place where by you had to enter a user name and password to access the internet. Every student had a data limit like 3GB per month for example. I remember it had something to do with a proxy. I would like to recreate this system on my office LAN as some staff members have been downloading a lot slowing down the (very expensive) Internet connection. Limiting each users data will discourage large downloads.
View 1 Replies
View Related
Oct 20, 2010
One of my Clients just aquired a CISCO ASA firewall, and they would like to restrict internet access, that is they want to block internet for Junior employees while managemnet remains connected, Looking at the situation, The ASA serves as the gateway,I tried an Access list like below for one pc to test if it works but instead everyone just went off, may be i misfired somehwere.
Access-list 110 deny tcp any host 192.168.20.100 eq wwwAccess-list 110 deny tcp any host 192.168.20.100 eq 443Access-list 110 permit tcp any any eq wwwAccess-list 110 permit tcp any any eq 443access-group 110 in interface inside
View 11 Replies
View Related
Jul 2, 2012
There are 10, 50 and unlimited users profiles for the ASA 5505, reason for that restriction? Does that mean for example that only 10 users can go through a 10-user 5505?
View 6 Replies
View Related
Nov 23, 2011
We are using ASA 5510 Version 7.2(4) at our organisation. The requirement is we need to give an access to a user with limited access so that he can run only specific commands on configuration mode. We don't have Cisco TACACS server instead of that we are using a microsoft radius server.
View 6 Replies
View Related
Jul 17, 2012
I am running the SGE2000 as my l3 core switch with multiple inter-vlans.
have a customer requirement that needs to restrict eg. GUEST-VLAN10 to all other VLANS in the network. Only allowing access to the internet.
It seems on the switch i am able to bind ACL to per port interface. if this is possible on the SGE2000
View 4 Replies
View Related
Oct 31, 2011
I am using a network switch to share my broadband between four PCs.Among these PCs, one is for students. Is it possible that I can do the following 2 things from modem whose page can be accessed through 192.168.1.1;
1. Restrict some website like Facebook, Youtube etc
2. Limit download speed of that PC to 100KB/s
View 8 Replies
View Related
Feb 16, 2013
I am a restaurant owner and have a wireless network set-up via DLink DSL 2730U router. Now some times I get customers who demand to use the network and they use it for free which I find irritating. I have found one solution of 'Guests/Virtual Point' but I need to limit the time (say 15 minutes) for which they can use the network.
View 1 Replies
View Related
Aug 24, 2011
I've my ACS linked with AD to give administration access to few network devices and I've created an access policy to link my AD groups with those network devices and command sets.
Unfortunately I found I can use any user from my AD to login to my devices. Only LOGIN, the authorization definition is restricting the command set for those users.
How can I restrict the LOGIN to an specific AD group?
View 2 Replies
View Related
Feb 21, 2013
I have my router connected to my ISP, but for some reason I am getting really slow internet connection compared to a home Linksys router. I can only think it may be to the fact my port is set to auto speed and auto duplex.
Sometime the websites are fast, other times slow. Cannot seem to pinpoint the reason since my code is so basic.
View 8 Replies
View Related
Mar 3, 2011
We just moved to a new place and ISP here have a bit weried connection - they use cable modem that provides "local" IP (through DHCP) to the router and than you have to dial out L2TP to the ISP in order to connect to internet.This setup works fine with "home" routers, like the LinkSys, however I have no clue on how to setup it on 2811.
View 1 Replies
View Related
Aug 1, 2012
I get that to avoid fragmenting the packets we need to reduce the MTU to 1492, fine, but should the MTU restriction be applied at the virtual-template (server)/dialer (client) or on the physical ethernet interfaces?If I apply it to one or the other, which takes precedence? Should I just apply it to both the virtual/dialer interfaces and the ethernet interfaces?
View 6 Replies
View Related
Jun 11, 2011
I am trying to create a user restriction to allow one user to access only two networks (10.192.3.0 and 10.192.5.0) I have range of networks but I want to permit only two networks for limited user and full access for the admins. I know this was possible with ACS 3.3 but I am not too sure if this is also applicable with ACS 5.2.
View 1 Replies
View Related
Jul 7, 2012
i have asa 5520 configured as VPN Gateway to terminate remote access vpn , i have question , how can i restrict the access to only 1 range of public source IPs to access my corporate via RA ,is this possible?if so how to configure it?
View 1 Replies
View Related
Sep 15, 2011
I would like to ask some question on WLAN technology, which I using WiSM version 2. And i get requirement that user must be restrict with SSID, so, i found that it can do it on ACS version 4.x via NAR for SSID-based authentication feature. Then, is it possible to do restriction on ACS Version 5.x?
View 4 Replies
View Related
Aug 4, 2011
I have 4 autonomous AP 1142 with 2 ssids : SSID10,vlan10 & SSID20,vlan 20.I use ACS 4.2 in order to authenticate users (EAP-FAST). How can i restrict access base on ssid or on vlan?I want users that connect to SSID 10 to not have access to SSID 20 and the opposite.
View 7 Replies
View Related
Feb 26, 2011
when im entering ip address of other computer in my remote desktop an error msg is coming "unable to logon you because of account restriction" fire wall and virus protection is off.
View 1 Replies
View Related
Feb 23, 2012
We have 4 SSID's established for our staff, students, Guests and Providers. CISCO / ARUBA Managed APs with a centralized CISCO Controller. Can I restrict access by the first letter in the username so that usernames that begin with x will ONLY connect to the Staff SSID if in range and usernames starting with y ONLY connect to the student SSID?
View 1 Replies
View Related
Sep 26, 2011
We have configured ACS 5.1 for autenticating wireless users with active directory, which is working fine now.But we would like implement that single user should be authenticated through ACS . If any user try to access WLAN from multi system will be notified with multi login access restriction.Can we implement this policy in acs, if possible what are the exact configuration changes we have to implement.
View 1 Replies
View Related
Apr 26, 2012
I have a cisco 2811 router doing nat on my home network and it works fine.I've connected a cisco 2621 router to the 2811 both have serial T1 cards, I have enabled IP routing on both and have eigrp 1 process running. I can ping and telnet to each router and they are advertising the networks on each other. when i do a traceroute on the 2621 to an outside address or name example [URL]I get no reply.
View 4 Replies
View Related
Jan 17, 2013
[OK] Site to Site IPSec + GRE = success, no problems.
[OK] IPSec remote access = success, no problems.
[NO] SSL VPN = remote users can successfully connect to all internal systems. Cannot pass traffic to the Internet.
Hardware:
Cisco 2811, Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(22)T5, RELEASE SOFTWARE (fc3) . Software: Cisco Any Connect Secure Mobility Version 3.1.01065
Single hub router terminating IPSec+GRE site to site, IPSec remote access, and SSLVPN remote access VPN services. All services currently configured and running successfully with the exception of the SSLVPN service. Remote users can initiate and successfully establish SSL VPN sessions. While established, connectivity to all internal systems/resources are successful. Only when the remote access client tries to connect to "Outside" Internet resources does traffic not pass successfully. Troubleshooting has pointed to a NAT related issue (I believe).
When connecting from a remote access workstation, utilizing IPSec remote access client (built-in Cisco IPSec client from Mac OS), the session establishes and the client works flawlessly. Examining the Cisco 2811 router, you see the /32 host route from the remote access session get installed, and you see the corresponding NAT translation entries created when the client accesses outside (Internet) resources. Appropriate configuration to implement "hair pinning" have been included to handle the in and right back out (with NAT translation) needed for remote clients to access the Internet.
Configured the 2811 for SSL VPN, and remote access clients can successfully connect and access all internal network resources. Examining the Cisco 2811, the /32 host route for the remote access client is installed, pointing to SSLVPN-VIF0 interface with a next hop of 0.0.0.0 When checking the NAT translation table, there are NO entries for the remote access client address created which leads me to believe the hair pinning/NAT function is not being invoked for SSLVPN clients.
Originally, the IPSec remote access VPN local pool was 10.0.100.0 /24. To keep from having to adjust the existing NAT translation, PBR Route-MAP for the hair pinning function - I took the 10.0.100./24 and broke it into a pair of /25 networks. Bottom half for the IPSec remote access VPN pool (10.0.100.0 /25); upper half for the SSL VPN pool (10.0.100.128 /25). By utilizing SSL VPN, is the traffic somehow bypassing the DIALER1 interface where both the crypto map (and more importantly: IP NAT OUTSIDE, and PBR configuration for the hair pinning function)? I cant explain why NAT translation entries are not being created for SSLVPN client sessions.
Cisco 2811 Configuration has been included. IPSec & SSL VPN Remote Access Sessions Captures (performed from same remote client) have been included.
View 2 Replies
View Related
Nov 5, 2012
I think we faced with traffic restriction on ASR1013.
NAME: "module 0", DESCR: "Cisco ASR1000 SPA Interface Processor 40"
> ASR1000-SIP40 >
> NAME: "module R0", DESCR: "Cisco ASR1000 Route Processor 2"
> ASR1000-RP2 >
> NAME: "module F0", DESCR: "Cisco ASR1000 Embedded Services Processor,
> 40Gbps"
> ASR1000-ESP40
On SIP we have 3 Tengigabit interfaces. But ASR do traffic restriction approximately to 12Gb.SIP40 in 0 slot.What could be root cause of the issue?
View 0 Replies
View Related
Mar 31, 2013
I have 2 questions to confirm and/or get direction on how to modify.
1) is there a way to get around the (seemingly arbitrary) class C (slash 24+) subnet restriction for the primary/main IP address for the internal LAN?
(I realize I can setup multiple internal subnets but that also seems to introduce restrictions for port ‘forwarding’ and ‘one-to-one NAT’ use because those features seem to be restricted to the primary/main IP subnet)
2) it seems like all traffic is passed to the host on the internal side of a ‘One-to-One NAT’ regardeless of the firewall rules in place, is that what is be expected?
View 6 Replies
View Related
Aug 22, 2012
I'm pretty new to this, and I've been trying to read up on what I should do. Here's my situation: we have a new 15mps internet connection coming into our building. We also have a new 891 router. We would like to devote 1.5mbs at the highest priority to one LAN which is just used for VOIP phones. We would like to allow one of the other tenants to use up (but no more than) to 5mps for their LAN, and we'd like to be able to use up to 13.5mps for ourselves if it's available, or at least 8.5mps (15-1.5-5=8.5).
From searching in here and reading the various articles on policing and shaping, I'm thinking that we'd want to set up Class-based weighted fair queuing on a per-interface basis, and have one interface connected to our VOIP switch, one connected to the other tenants switch, and one connected to our firewall. Does this sound like the right way to go? And would anyone have an example of a configuration which achieves this?
View 15 Replies
View Related
Jul 6, 2012
My Wireless-N Home Router WRT120N with version 1.0.07 seems to have a problem blocking Sites through scheduling with Access Restriction "Allow" ...I notice that... when I enable access restriction, with policy and some range of computers connecting to my router , and set it to "allow" from "monday - friday" from "8am-6pm" .. with a purpose of blocking some social networking sites, example facebook, It works perfectly fine. But when the "scheduled" time comes ( before 8am and after 6pm ).. I cannot access the internet.. router is working, it detects my modem.. but no internet connection. It always happen before and after the "scheduled time" before the configured access restriction takes over. I have to disable the Access Restriction to continue our internet access.
View 4 Replies
View Related
Mar 19, 2012
target 192.168.0.21following are rules of access restriction on WRT54G1.rule A- 07:00am~10:00am,internet access allowed, keyword blocked such as Facebook,mail.2.rule B- 10:05am~10:00am,internet access allowed, no keyword blocked.but 192.168.0.21 fails to access internet after rule A expired.
View 1 Replies
View Related
