Mailing List Archive

Policing individual PPPOE sessions by IP
Hi guys,
I am trying to police individual PPPOE session by IP, I can limit upload from the CPE but not download.. which makes it pointless.. using a 7204vxr..
class-map match-all OVERLIMIT match access-group 110!!policy-map SLOWHOST class OVERLIMIT police 2500000 conform-action transmit exceed-action drop!
interface Virtual-Template1 mtu 1492 ip unnumbered GigabitEthernet0/1 ip flow ingress ip flow egress ip nat inside no ip virtual-reassembly in ip tcp adjust-mss 1452 no peer default ip address ppp authentication pap chap ppp ipcp address required service-policy input SLOWHOST service-policy output SLOWHOST
access-list 110 remark IPs to be rate limitedaccess-list 110 permit ip host 61.x.x.x any

This is the session I match to that IP
SSS session identifier 327 -
Service-policy input: SLOWHOST
Class-map: OVERLIMIT (match-all) 422331 packets, 328271784 bytes 5 minute offered rate 7000 bps, drop rate 0 bps Match: access-group 110 police: cir 2500000 bps, bc 78125 bytes conformed 231523 packets, 159234630 bytes; actions: transmit exceeded 7955 packets, 11518319 bytes; actions: drop conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any
Service-policy output: SLOWHOST
Class-map: OVERLIMIT (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 110 police: cir 2500000 bps, bc 78125 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any) 53836 packets, 69242499 bytes 5 minute offered rate 47000 bps, drop rate 0 bps Match: any

I tried applying service polcies to the physical interfaces and still no luck.. Please help!
Thanks
Nathan
Re: Policing individual PPPOE sessions by IP [ In reply to ]
You're only matching the source host, which means that the OVERLIMIT
class only matches inbound (to the router) traffic:

> access-list 110 remark IPs to be rate limited
> access-list 110 permit ip host 61.x.x.x any
> access-list 110 permit ip any host 61.x.x.x
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re: Policing individual PPPOE sessions by IP [ In reply to ]
Nevermind!! I am totally retarded..
I need to add the access list for the other direction
access-list 110 permit ip host 61.29.11.161 anyaccess-list 110 permit ip any host 61.29.11.161
I spent 3 hours working on this, sent the email, then read one more article and saw the access list for other direction!
From: nathandownes@hotmail.com
To: cisco-bba@puck.nether.net
Date: Tue, 17 Jun 2014 04:54:30 +0000
Subject: [cisco-bba] Policing individual PPPOE sessions by IP




Hi guys,
I am trying to police individual PPPOE session by IP, I can limit upload from the CPE but not download.. which makes it pointless.. using a 7204vxr..
class-map match-all OVERLIMIT match access-group 110!!policy-map SLOWHOST class OVERLIMIT police 2500000 conform-action transmit exceed-action drop!
interface Virtual-Template1 mtu 1492 ip unnumbered GigabitEthernet0/1 ip flow ingress ip flow egress ip nat inside no ip virtual-reassembly in ip tcp adjust-mss 1452 no peer default ip address ppp authentication pap chap ppp ipcp address required service-policy input SLOWHOST service-policy output SLOWHOST
access-list 110 remark IPs to be rate limitedaccess-list 110 permit ip host 61.x.x.x any

This is the session I match to that IP
SSS session identifier 327 -
Service-policy input: SLOWHOST
Class-map: OVERLIMIT (match-all) 422331 packets, 328271784 bytes 5 minute offered rate 7000 bps, drop rate 0 bps Match: access-group 110 police: cir 2500000 bps, bc 78125 bytes conformed 231523 packets, 159234630 bytes; actions: transmit exceeded 7955 packets, 11518319 bytes; actions: drop conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any
Service-policy output: SLOWHOST
Class-map: OVERLIMIT (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 110 police: cir 2500000 bps, bc 78125 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any) 53836 packets, 69242499 bytes 5 minute offered rate 47000 bps, drop rate 0 bps Match: any

I tried applying service polcies to the physical interfaces and still no luck.. Please help!
Thanks
Nathan

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba