[c-nsp] access-list speed limiting.

Rodney Dunn rodunn at cisco.com
Mon May 19 05:36:25 EDT 2008 

On Sun, May 18, 2008 at 09:47:51PM -0700, Ted Mittelstaedt wrote:
> rate limiting doesen't work on data coming into an interface.

I think you are talking about shaping not CAR or MQC with police.
They work on input.

Rodney

> 
> You have to rate limit on the data going out, on the interface
> that is facing the customer.
> 
> Ted
> 
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Church, Charles
> > Sent: Sunday, May 18, 2008 8:25 PM
> > To: Richey; cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] access-list speed limiting.
> > 
> > 
> > Richey,
> > 
> > 	I can't tell if your ethernet int you have a config for faces
> > the customers or the upstream, but it seems that the direction is the
> > issue.  Your access list matches a particular host to any.  But not the
> > opposite.  Add a second entry to the ACL matching any -> host, see if it
> > now works correctly.
> > 
> > Chuck
> > 
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Richey
> > Sent: Sunday, May 18, 2008 10:57 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] access-list speed limiting.
> > 
> > 
> > I've got a several  users on our wireless network I need to limit to
> > 3Mb.
> > I've tried several ways to limit their speed but they are still getting
> > 12Mbps to 15Mbps when I push an .iso across the link with an FTP
> > session.
> > For our average user I wouldn't care but these guys get home in the
> > evening
> > and hit it for all it's worth for hours on end.
> > 
> >  
> > 
> > I am coming out of a 3660 into a 3524 switch.  I then take it into a
> > point
> > to point wireless link where the far end radio connects to an AP.  
> > 
> >  
> > 
> > Right now I am doing the following:  
> > 
> >  
> > 
> > interface FastEthernet0/1.103
> > 
> >  description DA1-SM2 Link
> > 
> >  encapsulation dot1Q 103
> > 
> >  ip address x.x.34.193 255.255.255.248
> > 
> >  ip access-group 102 out
> > 
> >  rate-limit input access-group 150 3000000 16000 24000 conform-action
> > transmit exceed-action drop
> > 
> >  rate-limit output access-group 150 3000000 16000 24000 conform-action
> > transmit exceed-action drop
> > 
> >  
> > 
> >  access-list 150 permit ip host x.x.10.71 any
> > 
> >  
> > 
> >  
> > 
> > I've also tried the following:
> > 
> >  
> > 
> > interface FastEthernet0/1.103
> > 
> >  description DA1-SM2 Link
> > 
> >  encapsulation dot1Q 103
> > 
> >  ip address x.x.34.193 255.255.255.248
> > 
> >  ip access-group 102 out
> > 
> >  traffic-shape group 155 3000000 75000 75000 1000
> > 
> >  
> > 
> >  
> > 
> > Richey
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list