i have to restrict that router and switches shall join only given multicasts. Means if i change multicast in TVG430 from 239.0.96.1 to 233.0.96.1 than it shall be blocked.My TX rate i set to 20 Mbits on TVG430, i want to rate-limit it to 15 Mbits on switch on Ingress int gi 0/23 or egress gi 0/24 included are three show runs output.ip multicast rate-limit out group-list GROUP source-list SOURCE.
View 2 RepliesI am trying to limit traffic inbound to 10Mbps on a gig interface 0/48 set to 100/full. So I downloaded some big files over this link and I'm able to see 30- 40Mbps or more. You can see from the show int - rate-limit command that parameters are never showing exceented so nothing has been dropped. [code]
View 3 Replies View Relatedenable multicasting over the WAN. I have a 6500 SW connected to router and from router I have 3 MPLS links connected given by different service provider running with EBGP. I have around 30 branches running EBGP with Service Provider, and want to multicast VC to branch location from DC.
How to do that, what are all the things I need to enable in my 6500 Switch as server is connected to this switch.
I have a 3560 switch where I have 4 ports connected, one is to our WAN provider - 10Mbps and the other three are connected to different customers who I want to get an equal share of the 10Mbps bandwidth.I'm fairly clued up about configuring modular QoS but I'm being thrown by the fact that you can't apply a service-policy outbound on the ethernet ports.
View 3 Replies View RelatedI am using Cisco 3560 as distrubution switch and want to limit port 445 traffic on 1 MB and applied rate limit statment on Gi0/1 port but switch unable to limit said traffic.rate-limit output access-group 120 1024000 128000 128000 conform-action transmit exceed-action drop.
View 25 Replies View RelatedI have a 3825 with a 16 port etherswitch card installed that I'm trying to setup rate-limits on. Interface G0/0 is the connection to the outside world and int g0/1 has a couple of 2950 switches attached to it.
The etherswitch card, f1/0, f1,1 etc has corresponding vlans, 902, 903 etc each with an IP 10.110.1.x, 10.110.2.x and all part of access-group 111. The switches connect on sub-interfaces g0/1.101, g0/1.102 etc and have IP's 10.55.1.x, 10.55.2.x and part of access-group 101.
What i'm trying to achieve is that every port / IP that is on access-group 111 shares 3Mb of bandwidth in/out and access-group 101 shares a separate 3Mb of bandwidth in/out.
I've created two access-lists as follows;
access-list 101 permit ip 10.55.0.0 0.0.255.255 any
access-list 111 permit ip 10.110.0.0 0.0.255.255 any
And on int g0/0 I've created the following rate-limits;
rate-limit input access-group 101 3072000 64000 64000 conform-action transmit exceed-action drop
rate-limit input access-group 111 3072000 64000 64000 conform-action transmit exceed-action drop
rate-limit output access-group 101 3072000 64000 64000 conform-action transmit exceed-action drop
rate-limit output access-group 111 3072000 64000 64000 conform-action transmit exceed-action drop
Now instead of both access-groups having 3Mb each they all seem to be sharing 3Mb! I've tried class-maps and policy-maps but to no avail..
I have a router 3845 connected to a LAN and other routers and providing internet through a link on an ethernet interface
Gi0/0
LAN connection
GI0/1
WAN connection
fa0/0
Internet connection
I am looking for information on how to properly configure rate limits on a Cisco 2821 so that I can set different Service levels by IP address. For example I want to limit a block of IPs to 1 Mbps Down and 512 kbps Up. I am doing point to point networks from our router (ISR 2821) to another router that is assigned a static IP. The other router connects to our router through a Fast Ethernet port on a NM 16 port switch card. The routing end point for the network is on a VLAN interface. Currently we are using bonded T1's but are about to turn up a Metro-E circuit.
View 1 Replies View RelatedI have used the following basic configuration to do rate limiting on a vlan interface on a 6509:
access-list 100 permit ip any any
class-map match-all ratelimit
match access-group 100
policy-map ratelimit-10Mb
class ratelimit
police 10000000 428750 conform-action transmit exceed-action drop
[code]....
How do I combine the two correctly to give me a vlan port rate limited at 10Mb up and down, but still setting aside (dynamically) 2Mb for voice?
We have a guest wireless setup but I need to rate limit the users so no one hogs all the bandwidth. The WLC is connected into a 3750 which is doing all the routing between the vlans. I know I cannot shape the traffic on the 3750.
View 2 Replies View RelatedI have a 2960 that I need to limit the uplink port to 50Mbps for 3 vlans and 350Mbps for another vlan. Would the following config achieve that or is this even possible for the 2960?
class-map match-any VLAN50-51-52
match vlan 50-52
class-map match-any VLAN53
[Code].....
I'm trying to limit the bandwidth on certain ports to 3Mbps and others 1Mbps for a project, however when I do a bandwidth test from a website the speed on the router doesn't seem to change it's as if the changes over telnet aren't actually affecting the swtich's qos settings. I have verified that the policy is attached to the interface and the settings are correct as well.
Router
Telnet address: 10.xxx.xx.xx
Password:
[Code].....
We have a number of 6509s which generally have dhcp relay agents configured on the SVIs. The dhcp servers are centralised. Recently we've had one or two faults with misconfigured or faulty devices (blade server chassis and also printers) generating high volumes of dhcp discover packets and causing high cpu on the relevant 6500. I would like to rate limit these discover packets, which are layer 2 broadcasts. Storm control can't discriminate between different types of broadcasts and on a gig link would need to be set down at about 1% to have much effect on the problem. I've looked at CoPP and also mls hardware rate-limiting but as I understand it, these two features don't control broadcast traffic. I also looked at dhcp snooping but if an interface receives a high level of dhcp discover broadcasts, e.g. over 100pps, I don't want it to go error-disabled (as this would knock down the whole edge switch), just to drop the excess packets.
View 2 Replies View Relatedhow to perform UBRL User Based Rate Limiting on ASR1000 like we can do it on Catalyst6500?
View 3 Replies View RelatedWe have cisoc 2821 at one of branch and created five sub inetrfaces for different vlans.Output of Show interface shows very frequent increase in the input error count.I have changed the physical cable and switch port on the other side.But still error rate is increasing.When the traffic is less error rate is low but with high traffic it is increasing drastically.My router process is very less(4%) only.What could be possible reason. [code]
View 8 Replies View RelatedI use a mail filtering service that delivers mail to me via SMTP on standard port 25 on one of my 5 static external IP's. I wish to restrict this to their IP's only (they have two) and I am unsure on how to do so? As it stands now, anything on the net can talk to my mailserver and my logs are filling quickly with failed attempts as a result. Here's my setup and what I am trying to accomplish:
mail filtering service -> my public ip:25 -> internal mailserver at 10.0.10.2:25, deny everything inbound except traffic from the mail filtering service, I am thinking an ACL would fit the bill here, but unsure of how to implement. Router is an 1811 with version 15.1(4)M3 IOS. WAN is on fa0, lan is on fa1.
I need to support a bunch of security cameras mounted on poles in our parking lot and an IP intercom system mounted on some gates. Because of environmental factors the switches at the poles need to be hardened and the spec from the vendor installing the gear is for GarretCom Industrial unmanaged switches which would make sense.
However when Information Security got wind of this scheme they (probably correctly) are requiring me to secure the ports that these unmanaged switches connect to. I have 2 choices: port security w/ MAC filtering or 802.1x. Because all the devices at the poles and gates support 802.1x and because I may need to go out there to troubleshoot stuff (and will invariably forget to add the MAC of whatever device I am using) I would prefer 802.1X multi-auth mode.
Problem:
When I ran a quick test on a test 3560 running some 15.0.1 code I could get a laptop to connect via 802.1x EAP-TLS successfully if it was directly connected but when I connected the same laptop via a dumb Netgear switch I confiscated from a luser it would not connect. The 3560 error said that the laptop never responded.
Question:
Before I spend a whole lot of time on this, is this something that should work? I don't see any practical use for the feature if it won't however the documentation I am using specifically mentions downstream hubs but I am not sure if they mean real hubs (which I don't think are even made anymore) or if they mean unmanaged switches.
I plan to try a couple of different unmanaged switches tomorrow and digg a little but I would like to know if I am wasting my time on something that will never work or if there is a little gotcha somewhere.
How to rate limit a 3560 inbound and outbound using different QoS methods. I've read about vlan class maps/policy maps, using the rate limit command on the physical interface, using the srr-queue bandwidth command(it's a gig switch so not sure that would work) and marking all packets and then applying QoS. I'm just learning QoS so trying to figure all of this out and find the best way to do things.
Also, I was told to do this because it's not advisable to have a connection to your ISP that is not 10mb or 100mb on a switch, since they are not divisible by 10 and it can cause issues?
I am configuring a 3560 to provide internet access for our customers and I need to make sure they don't use more bandwidth than they have contracted for.I see that the 3560 supports the rate-limit command, but was told that I should use traffic shaping and policing along with access lists to manage the bandwidth.Is there a reason that I should avoid using the rate-limit command - it looks much simpler.
View 10 Replies View RelatedI am trying to limit the incoming and outgoing traffic on a l2 port to 8mbps for a ip subnet within the nexus 7000. The port is connected to my ISP router which has a bandwidth of 20mbps.Policing won't work on a l2 Port and shaping cannot be applied on a port level. url...I have been reading thru the qos guide for nexus release v6 and have problems understanding the different queues.
View 3 Replies View RelatedI am looking for step-by-step configuration on how to enable rate-limit and traffic shaping on Cisco 6513 vlan interfaces. I am not able to find this particular document on CCO.
View 3 Replies View RelatedI have an issue where our ASA 5520 is impacting upload (from LAN to internet) speed. We have a 100Mbps SDSL internet link and only see around 45-50 Mbps on the upload when going via the firewall, download is around 90+ Mbps so that is acceptable. I have tested a laptop connected directly to the internet router and that give near on the 100Mbps up and down speeds, but if I put that laptop on the LAN or directly onto the firewall interface I only see 90Mbps down and 45Mbps up. I have check that the interface speeds/duplex on the firewall, switch and laptop are correct and also checked there are no errors on the ports. I also turned off the IPS and that made no difference. In addition I have checked the CPU during download/upload (max): CPU utilization for 5 seconds = 9%; 1 minute: 3%; 5 minutes: 1%
In theory the 5520 should be able to cope with this throughput:
Cisco ASA 5500 Series Model/License: 5520
Maximum firewall throughput (Mbps): 450 Mbps
Maximum firewall connections: 280,000
[Code].....
I am experiencing a problem on a Catalyst 4510 (cat4500-ipbasek9-mz.122-53.SG.bin) with 802.1x configured. Client PCs are connected via a mini desktop switch to a Cat 4510 switched port in multi-auth mode. The configuration of the port follows:
!interface GigabitEthernet2/34 switchport mode access ip arp inspection limit rate 30 authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server dot1x pae authenticator dot1x timeout tx-period 5 dot1x max-reauth-req 6 spanning-tree portfast ip verify source vlan dhcp-snoopingend
It happens from time to time that the Cat 4510 port stops passing traffic. Reconnecting the mini switch recovers the communication. Client PCs connected to the mini switch seem to be authorized at the moment when the problem occures. The RADIUS Termination-Action attribute is set to RADIUS-Request. The problem is not present if "authentication periodic" is disabled.
Region : Hongkong
Model : TL-WDR4900
Hardware Version : V1
Firmware Version : 3.14.0 Build 130206 Rel.34701n
ISP : PCCW Netvigator
I have bought tp-link wdr-4900 for several days and encounter the following problems
1) nfs is not work, whenever I set up the nfs server (using hanewin nfs server), the media player fails to read the media file. (Problem does not appear for the previous ASUS n56u)
2) When there is large traffic rate (e.g. BitTorrent), the whole machine is very unstable, LAN and Wireless dies (SSID disappears, and LAN appears "ERR Connection" and "DNS not respond"), give me a feeling that the router cannot handle high traffic rate and the whole machine slows down and fails.
I am wondering if there is a way to limit traffic through the router. The problem is that one person downloads something, they hog up all the bandwidth, and end up creating lag on other people that may be gaming. So I am wondering if there is a way to limit traffic to 500kb/s per connection..(wired or wireless).. I have a DIR-815 D-link router, and have looked through the settings but I don't see anything off hand that might be related but I could have missed something.
View 15 Replies View RelatedMy HO is connected to BOs over MPLS Links.The links are terminated on routers but i dont have access on those routers as it is maintained by the ISP.Behind of the HO router there is s 3560 switch. Can i configure this switch to prioritize some traffic over the WAN link to the BOs.
View 4 Replies View RelatedI have configured a vlan interface on a 3750 switch. there is aprox 4Mb active traffic flowing through the interface, but when I do a "show interface vlan (vlanid)" the output show zero bits in and zero bits out. Its a typical L3 config with one IP on the vllan interface acting as the gateway for the VLAN devices. Is this a normal behaviur ? and if so is there any way to get the traffic in/out stats. The end PC/devices are connected to this switch via an L2 TRUNK and I dont have access to the L2 switch on which the actual devices connect. so cant get the real time stats of those interfaces.
View 2 Replies View RelatedI Do want know what could be best Device to prioritize Skype Traffic i mean should i implement it on Cisco 3560 or squid or Mikrotik according to my current scenario to get best result.Also do Let know how to Prioritize Skype Traffic in Cisco 3560 Switch
View 2 Replies View RelatedIs it possible with a 3560 to block all traffic to a certain vlan except for one or two IP addresses? Create an ACL or something? We have a vlan for voice calls (SIP) and we are getting a lot of scnas that are making the phones ring and such, and I think we can stop this if we only allow traffic onto the vlan from the IP's the SIP traffic is SUPPOSED to be coming from.
View 1 Replies View RelatedI would like to properly configure my L3 to support iSCSi traffic. My L3 acts as an internal router between 4 different sub nets.
I have a iSCSi SAN on my network. A Windows server has Microsoft iSCSi initiators connecting to the SAN.
At one of my field offices I want to redirect internet traffic down a separate DSL connection instead of having it ride the T1 back to the main office then going out. At this office I have a 2600 router, 3560 switch, with a Fortigate firewall in between DSL connection and LAN, Fa0/0 on router and firewall are both plugged in to switch. I have seen posts that mention PBR or static routes which is the reccomended method for dealing with this?
View 6 Replies View RelatedWe have 3560 switch with following IOS. version 12.2(55)SE3 and image name is C3560-IPSERVICESK9-M. On one of the interface we need to know what are traffic is flowing.
Do we have "ip nbar or ip route-cache" support on this switch IOS? Is there any other way to find out which protocol traffic is flowing through that interface.
How do I limit broadcast/mulitcast traffic on a switchport to e.g. 5000 pps ? I don't want the port to shut down, just block or drop broadcast traffic that exceeds 5000 pps.
View 19 Replies View Related