Question : Problem: Traffic Shape on Cisco 3660 Router

Hi,
I am the new guy in here. Anyway, here is my problem We have several offices all over the country. We are using LL (lease Line) connections (64Kbs) between head office to side departments. Side department offices are using to much internet, smtp (email, exchange). My Exchange and Proxy server in here. So, when they want to go in internet, they are coming my head office proxy server. So, Internet and Exchange (email) are eating my bandwidth. I have to make traffic shaping. So, I tried couple shuts.
It was like this before:
!
interface Serial2/0:13
description XXXXXXXXX
bandwidth 64
ip unnumbered Loopback0
encapsulation ppp
no fair-queue
compress stac
!

I created Access list first:

access-list 105 permit tcp A.B.C.D (ip in an other department ) host E.F.G.H (ip in my head office proxy) eq 8080---(proxy port)

then i made a traffic shaping,

router(config-if)#traffic-shape rate 8000
(interface serial 2/0:13 and I am trying to put 8Kbit=1KByte)

then show run like this

interface Serial2/0:13
description XXXXXXXX
bandwidth 64
ip unnumbered Loopback0
encapsulation ppp
no fair-queue
compress stac
traffic-shape group 105 8000 8000 8000 1000
!

Now, I have no idea why it put other eight thousands and one thousand . I know these are burst-size and excess-burst-size , but i dont know how they works, thats why i just put the command like this: router(config-if)#traffic-shape rate 8000

well,
after that,
router>sh traffic-shape statistics s2/0:13
Access Queue Packets Bytes Packets Bytes Shaping
I/F List Depth Delayed Delayed Active
Se2/0:13 105 0 0 0 0 0 no

so, as you understood, traffic shaping doesnt work. Because, i did "ip accounting" and i saw some of computers internet connections again and they were taking more than 8000Kbit. Also, i tried to download data from internet, and i saw data was coming to computer more than 8KByte. It doesnt suppose to be more than 1K. Last testing was form MacAfee, i use speedometer. It said my internet connection was 32Kbit.

So, it doesnt work, doesnt work, doesnt work.

Last thing I took off "traffic shape group 105" and put "traffic shaping rate" on this interface:
router(config-if)#no traffic-shape group 105
router(config-if)#traffic-shape rate 64000 (because of I have 64Kbit Lease line connection between head office to this department)

Then Lets see, "traffic-shape statistics"
router#sh traffic-shape statistics s2/0:13
Access Queue Packets Bytes Packets Bytes Shaping
I/F List Depth Delayed Delayed Active
Se2/0:13 0 99 22607 8 3883 yes

so, it looks like works. But I doesnt because i didnt shape my connections. I just put the rate 64000bit for my connection. For testing , I use again MacAfee speedometer and ip accounting command, I saw they can still take( download) over than 5K. I think It just made bandwidth 64Kb. I dont want this. I just want to put rate on internet connection and my exchange connection.

After I did these I did also like these,
router(config)#int s2/0:13
router(config-if)#traffic-shape rate 64000
router(config-if)#traffic-shape group 105 8000
After that It says mix of shaping with and without access lists prohibited
And sh run look like:

!
interface Serial2/0:13
description XXXXXXXXX
bandwidth 64
ip unnumbered Loopback0
encapsulation ppp
no fair-queue
compress stac
traffic-shape rate 64000 8000 8000 1000
!

So, It didnt take group 105 8000.

Those configurations applied on my main router in our head office. Just for out going traffic from main router to there. I didnt do anything on the other side department router. I thing every configuration should make on main router. I dont think we should configure the other side department router. Anyway, it all about outgoing traffic in main office.

I am posting these very high importance and urgent. 500 points.

I need to solve this problem ASAP. Thank you for any comment and helping.

Best Regards.

Answer : Problem: Traffic Shape on Cisco 3660 Router

a couple of things:

You've got your src/destination's wrong (the source will be the proxy)
access-list 105 permit tcp A.B.C.D (ip in an other department ) host E.F.G.H (ip in my head office proxy) eq 8080---(proxy port)

This is because traffic shaping only works outbound on an interface, so the source of the main traffic from the hub to the spoke will be sourced from E.F.G.H ea 8080, and the remote office IP will be the destination.

Also, you might want to figure out exactly what the Mining Application uses as far as ip addresses/ports/protocols and change how you do your shaping...i.e. explicityly deny traffic related to the mining app and then just 'permit ip any any' as the last line of the shaping access-list so that you can just in effect say: if you're not the mining app, you're rate limited...

so:
access-list 105 deny tcp host A.B.C.D (ip of mining app server) eq any
access-list 105 permit ip any any (all the rest of the stuff)

interface Serial2/0:13
traffic-shape group 105 8000 8000 8000 1000

This may be sufficient, but since this only affects outbound traffic, you may want to consider building this on outbound interfaces of the spoke routers.

Random Solutions

Problem: Computer doesnt turn on

Problem: Adding a non-HP second processor

Problem: WTF's up with my iSCSI network config ???

Problem: ARCServe 11.5 shows Inaccessible File System Device

Problem: hpqgends.tmp

Problem: Web Interface Error on Install?

Problem: Is Crucial Ballistix RAM no good for OEM systems?

Problem: how do i repair my acer travelmate laptop after i tried to upgrade the BIOS and had a power failer while rebooting ? PLEASE HELP

Problem: IPhone and Server 2003 Mobile ActiveSync with SSL-- need some help

Problem: backup exec not seeing lto drives