restrict PC traffic speed on the lan

restrict PC traffic speed on the lan

NewsGroups | Search | Tools
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
restrict PC traffic speed on the lan tg 08-10-2008
Posted by tg on August 10, 2008, 1:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


Cisco 2651XM router
I'm looking for a sample config or help which would enable me to restrict the
traffic
speed of a particular PC on the lan connected to my router.
My lan comprises several PC's on 172.16.1.xx, which connects to f0/0, and
internet access
for the whole lan is via a wic-adsl card in the router. I did a bit of reading
on google
about this but found it confusing. I understand I have to set up an access list
but as a
beginner I'm not sure where to start. I use SDM too but that only seems to cater
for
traffic going out of the router (unless I'm mistaken). What I'd ideally like to
do is be
able to pick one machine on the lan (eg PC 172.16.1.15) and restrict the speed
of all
traffic to and from it to say 50Kb/sec. Is that possible? Thanks for any
pointers.




Pure Networks
Posted by tg on August 10, 2008, 5:37 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


I should have been clearer:
I mean to restrict the traffic speed of 172.16.1.15 to the internet...





Posted by alexd on August 11, 2008, 3:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


On Sun, 10 Aug 2008 18:11:54 +0100, tg wrote:

> I use SDM too but that only seems to cater for traffic going out of the
> router (unless I'm mistaken).

Yes, that's right. By the time the traffic has come down the wire and
arrived at your router, it's already used your bandwidth up. There are
certain ways you can convince an endpoint that it can't have the
bandwidth it's asking for, but I'm not sure if these are implemented by
Cisco routers. Someone will be along soon to enlighten us :-)

--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
20:41:32 up 30 days, 23:18, 2 users, load average: 0.01, 0.02, 0.02
Convergence, n: The act of using separate DSL circuits for voice and data

Posted by Scott Perry on August 12, 2008, 12:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


Traffic leaving the router can be limited with a QoS policy. It may be
difficult to restrict the traffic unless you limit traffic leaving interface
FastEternet0/0 towards the host 172.16.1.15. Limiting outbound traffic is
possible but may not yield much of a result when this host is downloding
from the Internet. In that case, traffic should be limited from the
Internet when it is leaving the router to go to 172.16.1.15. This does not
have any limitation on the intra-network traffic between this host and other
host computers on the inside of the network.
This propsed solution contains what would be entered into configuration mode
in the command line interface. I cannot help you use the SDM and will
encourage you to learn how to manage your router from the command line.

ip access-list extended host15
remark Traffic sent to 172.16.1.15
permit ip any host 172.16.1.15
!
class-map match-all class15
description Access-list of traffic to 172.16.1.15
match access-group name host15
!
policy-map bandwidthlimit
class class15
shape peak 50000
!
interface FastEthernet0/0
service-policy output bandwidthlimit

-----
Scott Perry
Indianapolis, IN
-----


> Cisco 2651XM router
> I'm looking for a sample config or help which would enable me to restrict
> the traffic speed of a particular PC on the lan connected to my router.
> My lan comprises several PC's on 172.16.1.xx, which connects to f0/0, and
> internet access
> for the whole lan is via a wic-adsl card in the router. I did a bit of
> reading on google
> about this but found it confusing. I understand I have to set up an access
> list but as a
> beginner I'm not sure where to start. I use SDM too but that only seems to
> cater for
> traffic going out of the router (unless I'm mistaken). What I'd ideally
> like to do is be
> able to pick one machine on the lan (eg PC 172.16.1.15) and restrict the
> speed of all
> traffic to and from it to say 50Kb/sec. Is that possible? Thanks for any
> pointers.



Posted by tg on August 13, 2008, 1:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options




<snip>
> ip access-list extended host15
> remark Traffic sent to 172.16.1.15
> permit ip any host 172.16.1.15
> !
> class-map match-all class15
> description Access-list of traffic to 172.16.1.15
> match access-group name host15
> !
> policy-map bandwidthlimit
> class class15
> shape peak 50000
> !
> interface FastEthernet0/0
> service-policy output bandwidthlimit
>
> -----
> Scott Perry
> Indianapolis, IN
> -----

Scott thanks for your response and sorry for my delay in following up. The
config you gave
did throttle the 172.16.1.15 machine's internet speed without affecting any
other pc on
the lan. Your commands worked great so thanks very much for your help.





Similar ThreadsPosted
Cisco PIX EasyVPN site2site - Restrict traffic December 6, 2006, 6:33 am
Restrict By MAC address July 12, 2005, 6:29 pm
PIX - restrict services September 21, 2006, 2:24 am
To restrict the access via MAC addresses. January 5, 2005, 11:41 am
restrict from designated MAC address January 11, 2006, 11:58 pm
Restrict access to Cisco device November 7, 2006, 2:42 pm
Restrict "sho mon" to enabled level access... June 1, 2007, 8:18 pm
Is there a way to restrict IOS ssh server to only accept certain ciphers? April 17, 2008, 3:17 pm
Newbie alert!. How can I restrict bandwidth between to SQL servers June 8, 2005, 5:20 pm
restrict port connections on switch for known hosts only June 16, 2006, 8:30 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map