Cisco Tips & Tricks

May 20, 2006

QoS-Rate-Limiting Tip

Filed under: Access-lists, QOS, Router, Switching, Technology and Software — ciscotips @ 7:17 am

QOS feature that performs rate-limiting and packet classification is called CAR-Committed Access Rate.

Here is a quick tip that limits an Internet based traffic
(primarily http and FTP) to 512K, with a nice, fat burst.

First create the access lists.

access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq ftp

Then apply rate limiting rules to the appropriate interface:

interface Serial1/0
bandwidth 2048
ip address 172.16.100.2 255.255.255.252
rate-limit input access-group 100 512000 1024000 2048000 conform-action transmit exceed-action drop
rate-limit output access-group 100 512000 1024000 2048000 conform-action transmit exceed-action drop

It will limit only http and ftp trafic, for other corporate web applications running on different ports, it will still get full E1 bandwidth.

Warning:-If, in a rate-limit rule, you reference an access list that does not exist, the rule will match all traffic. Usually not good.

Advertisements

13 Comments »

  1. Hi,

    Need help. Link Bandwidth is 256 Kbps and I am trying to restrict is to use 64 Kbps I am using the configuration as told above but its just not working. Just to add we have IPSec configured on router, crypto mapped to serial. Sending you sample of my QOS config.

    ip nbar port-map ftp tcp 21 20
    class-map match-any FTP
    match access-group name 123
    match protocol ftp
    !
    !
    policy-map QOSTEST
    class FTP
    drop

    interface Serial0/0/0
    bandwidth 256
    ip address 172.X.X.X 255.255.255.252
    no ip redirects
    ip directed-broadcast
    no ip proxy-arp
    ip nbar protocol-discovery
    rate-limit input access-group 123 64000 64000 1286000 conform-action transmit exceed-action drop
    rate-limit output access-group 123 64000 64000 128000 conform-action transmit exceed-action drop
    encapsulation ppp
    no ip mroute-cache
    no cdp enable
    crypto map XXXXXX

    access-list 123 permit tcp any any eq ftp

    Comment by vitesh — June 13, 2007 @ 8:26 am

  2. In reference to above message.
    When I keep following for serial
    rate-limit input access-group 123 64000 64000 1286000 conform-action drop exceed-action drop
    rate-limit output access-group 123 64000 64000 128000 conform-action drop exceed-action drop
    It drops all FTP packets but I cannot pur rate limit as told on the web.

    Comment by vitesh — June 13, 2007 @ 8:35 am

    • “conform-action drop” will drop what is in access-group123

      Comment by Betty — September 10, 2009 @ 1:35 pm

  3. Hey dude, just curious.. it is possible to limit it by IP instead? Say I have Vlan and it runs DHCP and I want to pipe each IP’s limit to say 10kb. Is it possible? Thank you for the nice guide anyway рџ™‚

    Comment by hallajs — February 20, 2008 @ 9:09 am

  4. Viagra is taken orally and helps men suffering from erectile dysfunction achieve and maintain an erection vaigra prescriptions ! For cialis 50mg very fast delivery for you… Save your time buy levitra pills on line… Easy to get cheap cialis pills online. Find out more about cheap levitra at the famouse cialas cheap uk site

    Comment by tiffanyzud — March 24, 2009 @ 2:31 pm

  5. Cheap cialis works in much the same way as Sildenafil Citrate, but is much faster, lasting up to 36 hours vigara buy now ! For cialis prescription fast delivery Europe! No prescription required buy erectile dysfunction pill online… Fast to get tadalafil pills online… Find out more about erectile dysfunction at the great cialias discount canada site…

    Comment by earlenejid — March 27, 2009 @ 8:00 am

  6. Мило… даже очень

    Comment by neegosynoli — April 2, 2009 @ 6:31 pm

  7. Thanks mate! Massive help.

    Comment by Thomas — October 23, 2009 @ 6:14 am

  8. Can anybody answer this one. I think I know but I thought I’d see if anybody thinks I’ll run into issues:

    Can you use the rate-limit commmand on a multilink interface (3xT1’s)? I want to limit HTTP to outside (Internet) addresses but allow HTTP across a GRE over IPSEC S2S tunnel.. I should be good?

    Comment by Jeff — August 3, 2010 @ 8:07 pm

    • I have the following interfacesL

      Multilink1 (30-bit to ISP)
      Gig0/0 (Routable VPN peer)
      Gig0/1 (LAN)
      Tu1 (primary tunnel)
      Tu2 (fail-over tunnel)

      I believe I need to rate limit HTTP on the multilink and all should be well?

      Comment by Jeff — August 3, 2010 @ 8:10 pm

  9. Игры и рецензии к ним, различные читы и прохождения на сайте Долли и еще море увлекательного контента: фильмы, музыка бесплатно и без смс

    Comment by dolly2010 — January 14, 2011 @ 5:39 pm

  10. sgarealestates provide you a comprehensive range of good quality real estate projects by all the reputed builders be it residential, commercial and retail . Besides we also serve you in leasing,selling, reselling of your properties and enjoying the returns there on. We offers you best deal of property in chandigarh, property in panchkula, property in zirakpur and property in mohali on reasonable rates.
    property in chandigarh

    Comment by marwin2409 — February 26, 2011 @ 8:22 am

  11. Hey very cool site!! Man .. Beautiful .. Wonderful .. I’ll bookmark your blog
    and take the feeds additionally? I’m glad to search out
    numerous helpful info right here in the put up, we need develop more strategies on this regard,
    thank you for sharing. . . . . .

    Comment by sex tape — October 19, 2014 @ 11:25 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: