[c-nsp] access-list speed limiting.

Ted Mittelstaedt tedm at toybox.placo.com
Mon May 19 00:47:51 EDT 2008 

rate limiting doesen't work on data coming into an interface.

You have to rate limit on the data going out, on the interface
that is facing the customer.

Ted

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Church, Charles
> Sent: Sunday, May 18, 2008 8:25 PM
> To: Richey; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] access-list speed limiting.
> 
> 
> Richey,
> 
> 	I can't tell if your ethernet int you have a config for faces
> the customers or the upstream, but it seems that the direction is the
> issue.  Your access list matches a particular host to any.  But not the
> opposite.  Add a second entry to the ACL matching any -> host, see if it
> now works correctly.
> 
> Chuck
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Richey
> Sent: Sunday, May 18, 2008 10:57 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] access-list speed limiting.
> 
> 
> I've got a several  users on our wireless network I need to limit to
> 3Mb.
> I've tried several ways to limit their speed but they are still getting
> 12Mbps to 15Mbps when I push an .iso across the link with an FTP
> session.
> For our average user I wouldn't care but these guys get home in the
> evening
> and hit it for all it's worth for hours on end.
> 
>  
> 
> I am coming out of a 3660 into a 3524 switch.  I then take it into a
> point
> to point wireless link where the far end radio connects to an AP.  
> 
>  
> 
> Right now I am doing the following:  
> 
>  
> 
> interface FastEthernet0/1.103
> 
>  description DA1-SM2 Link
> 
>  encapsulation dot1Q 103
> 
>  ip address x.x.34.193 255.255.255.248
> 
>  ip access-group 102 out
> 
>  rate-limit input access-group 150 3000000 16000 24000 conform-action
> transmit exceed-action drop
> 
>  rate-limit output access-group 150 3000000 16000 24000 conform-action
> transmit exceed-action drop
> 
>  
> 
>  access-list 150 permit ip host x.x.10.71 any
> 
>  
> 
>  
> 
> I've also tried the following:
> 
>  
> 
> interface FastEthernet0/1.103
> 
>  description DA1-SM2 Link
> 
>  encapsulation dot1Q 103
> 
>  ip address x.x.34.193 255.255.255.248
> 
>  ip access-group 102 out
> 
>  traffic-shape group 155 3000000 75000 75000 1000
> 
>  
> 
>  
> 
> Richey
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list