arisythila
Technical User
Hello, I have a cisco 2621 router. I cannot seem to figure out how to work rate limiting on this router. Does anybody know of a how-to guide to do it?
Thanks
~Michael
Thanks
~Michael
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cisco 2621 rate-limiting?
- Thread starter arisythila
- Start date
- Status
Put the rate limit on the interface...for example, mine is for incoming ftp
rate-limit output access-group 110 256000 1500 2000 conform-action transmit exceed-action drop
This keeps the limit to 256K...
access-list 110 permit tcp any 10.69.69.2 eq ftp
It's called CAR...
Burt
rate-limit output access-group 110 256000 1500 2000 conform-action transmit exceed-action drop
This keeps the limit to 256K...
access-list 110 permit tcp any 10.69.69.2 eq ftp
It's called CAR...
Burt
- Thread starter
- #3
arisythila
Technical User
Well basically, this is what I'm trying to do. I'm a beginning web hosting company. I do dedicated servers, Colocation, ect ect. Currently if I need someones IP rate-limited. I call into the datacenter, I tell them I need 207.x.x.x rate limited to 2MB. They do it for me. I find sometimes it takes up to 2 weeks to get this rate limiting done. In that time frame. I get hit with a pretty nice bill. Currently, I have a 100MB pipe. I asked them if my router would do it. They told me, "yes it will", "sweet how do you do it?", "Thats my secret." Oh alright.
So basically I'm looking for a more internal way to rate limit without them, being they take awhile to get it done.
Thanks
~Michael
So basically I'm looking for a more internal way to rate limit without them, being they take awhile to get it done.
Thanks
~Michael
- Thread starter
- #5
arisythila
Technical User
Sorry may have misunderstood you. I thought you said CAR was for rate-limiting ports. not IP's.
Thanks for the reply!
~Michael
Thanks for the reply!
~Michael
- Thread starter
- #6
arisythila
Technical User
I just saw this.
CAR is supported on these platforms:
•Cisco 7000 series with RSP7000
•Cisco 7200 series
•Cisco 7500 series
Will CAR work on the 2621?
CAR is supported on these platforms:
•Cisco 7000 series with RSP7000
•Cisco 7200 series
•Cisco 7500 series
Will CAR work on the 2621?
- Thread starter
- #8
arisythila
Technical User
K. I have a newer IOS, I believe 12.2(20) Thanks Burt!
~Michael
~Michael
- Thread starter
- #9
arisythila
Technical User
Do you know of any other docs that of more of a how-to? I guess I don't really understand this doc.
~Michael
~Michael
- Thread starter
- #11
arisythila
Technical User
Your telling me, I work from my home mostly. My 19mo Son keeps me on my toes. I have a 100MB internet connection, One of my customers used 40mb of bandwidth last month, and hes only paying for 5mb I have no other way of limiting these people really. Need a good way of doing this stuff.
Thanks Burt for your help.
~Michael
Thanks Burt for your help.
~Michael
Well, rate limiting will only limit amount of bandwidth...which is what you want...right?
I feel for ya bro---19mo boy...every now and the one or the other cries at 2 or 3 in the morning..."I wanna sleep in your bed, mommy and daddy"
Is this any traffic, or a specific protocol?
If not, then do they have a static IP?
Burt
I feel for ya bro---19mo boy...every now and the one or the other cries at 2 or 3 in the morning..."I wanna sleep in your bed, mommy and daddy"
Is this any traffic, or a specific protocol?
If not, then do they have a static IP?
Burt
- Thread starter
- #13
arisythila
Technical User
They have a Static IP address. I basically need to be able to rate limit them to 5MB download and upload.
So instead of downloading/uploading @ 100mb/sec they only download/upload @ 5mb/sec
Does this make sense?
So instead of downloading/uploading @ 100mb/sec they only download/upload @ 5mb/sec
Does this make sense?
Yes. Let's say that fa0/0 is the outgoing interface...
router>en
router#conf t
router(config)#access-list 101 permit ip host x.x.x.x any
router(config)#int fa0/0
router(config-if)#rate-limit input access-group 101 5000000 5000 5000 conform-action transmit exceed-action drop
router(config-if)#rate-limit output access-group 101 5000000 5000 5000 conform-action transmit exceed-action drop
router(config-if)#end
router#
That should do it. I don't have a lot of experience with rate-limiting, but it did work when I had an FTP server, and a lot of people accessing it. I limited them all to 56KBps...ha ha ha. I only have a 3MB line. Finally, the psu crapped out, and I haven't done anything with it since.
You can test it out with a laptop going to your house...hopefully it works for you. Good luck.
Burt
router>en
router#conf t
router(config)#access-list 101 permit ip host x.x.x.x any
router(config)#int fa0/0
router(config-if)#rate-limit input access-group 101 5000000 5000 5000 conform-action transmit exceed-action drop
router(config-if)#rate-limit output access-group 101 5000000 5000 5000 conform-action transmit exceed-action drop
router(config-if)#end
router#
That should do it. I don't have a lot of experience with rate-limiting, but it did work when I had an FTP server, and a lot of people accessing it. I limited them all to 56KBps...ha ha ha. I only have a 3MB line. Finally, the psu crapped out, and I haven't done anything with it since.
You can test it out with a laptop going to your house...hopefully it works for you. Good luck.
Burt
- Thread starter
- #16
arisythila
Technical User
my outgoing IP address is a 192.168. address.
interface FastEthernet0/0
ip address 192.168.16.6 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 207.14.32.225 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
!
I would use my FastEthernet0/1 then right?
~Michael
interface FastEthernet0/0
ip address 192.168.16.6 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 207.14.32.225 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
!
I would use my FastEthernet0/1 then right?
~Michael
- Thread starter
- #18
arisythila
Technical User
Why does one need NAT?
my 207.14.32.225-207.14.32.254 are all my external IP's.
207.14.32.225 is actually my router on the inside.
the 192.168.16.6 is my outside (connected to the internet)
It's weird how they do the routing.
I tried what you listed above, Doesn't seem to be working.
Thanks Burt.
my 207.14.32.225-207.14.32.254 are all my external IP's.
207.14.32.225 is actually my router on the inside.
the 192.168.16.6 is my outside (connected to the internet)
It's weird how they do the routing.
I tried what you listed above, Doesn't seem to be working.
Thanks Burt.
- Thread starter
- #20
arisythila
Technical User
birdhost-gw#show ver
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(22), RELEASE SOFTWARE (fc2)
Technical Support: Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Wed 24-Jan-07 16:48 by ccai
Image text-base: 0x80008098, data-base: 0x81A11604
ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(22), RELEASE SOFTWARE (fc2)
birdhost-gw uptime is 7 weeks, 4 days, 21 hours, 17 minutes
System returned to ROM by power-on
System restarted at 09:24:13 PST Sun Nov 25 2007
System image file is "flash:c2600-ik9o3s3-mz.123-22.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco 2621 (MPC860) processor (revision 0x200) with 61440K/4096K bytes of memory.
Processor board ID JAD05100HQM (2378116446)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IK9O3S3-M), Version 12.3(22), RELEASE SOFTWARE (fc2)
Technical Support: Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Wed 24-Jan-07 16:48 by ccai
Image text-base: 0x80008098, data-base: 0x81A11604
ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(22), RELEASE SOFTWARE (fc2)
birdhost-gw uptime is 7 weeks, 4 days, 21 hours, 17 minutes
System returned to ROM by power-on
System restarted at 09:24:13 PST Sun Nov 25 2007
System image file is "flash:c2600-ik9o3s3-mz.123-22.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco 2621 (MPC860) processor (revision 0x200) with 61440K/4096K bytes of memory.
Processor board ID JAD05100HQM (2378116446)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
- Status
