Question : Problem: Traffic Shape on Cisco 3660 Router

Hi,
I am the new guy in here. Anyway, here is my problem We have several offices all over the country. We are using LL (lease Line) connections (64Kbs) between head office to side departments. Side department offices are using to much internet, smtp (email, exchange). My Exchange and Proxy server in here. So, when they want to go in internet, they are coming my head office proxy server. So, Internet and Exchange (email) are eating my bandwidth. I have to make traffic shaping. So, I tried couple shuts.
It was like this before:
!
interface Serial2/0:13
 description XXXXXXXXX
 bandwidth 64
 ip unnumbered Loopback0
 encapsulation ppp
 no fair-queue
 compress stac
!

I created Access list first:

access-list 105 permit tcp  A.B.C.D (ip in an other department ) host E.F.G.H (ip in my head office proxy)  eq 8080---(proxy port)

then i made a traffic shaping,

router(config-if)#traffic-shape rate 8000
(interface serial 2/0:13 and I am trying to put 8Kbit=1KByte)

then show run like this  

interface Serial2/0:13
 description XXXXXXXX
 bandwidth 64
 ip unnumbered Loopback0
 encapsulation ppp
 no fair-queue
 compress stac
 traffic-shape group 105 8000 8000 8000 1000
!

Now, I have no idea why it put  other eight thousands and one thousand . I know these are burst-size and excess-burst-size , but i don’t know how they works, that’s why i just put the command like this:  router(config-if)#traffic-shape rate 8000

well,
after that,
router>sh traffic-shape statistics s2/0:13
                  Access         Queue   Packets   Bytes     Packets              Bytes        Shaping
I/F               List              Depth                              Delayed            Delayed      Active
Se2/0:13     105                0             0         0         0                        0         no

so, as you understood, traffic shaping doesn’t work. Because, i did "ip accounting" and i saw some of computers internet connections again and they were taking more than 8000Kbit. Also, i tried to download data from internet, and i saw data was coming to computer more than 8KByte. It doesn’t suppose to be more than 1K. Last testing was form MacAfee, i use speedometer. It said my internet connection was 32Kbit.

So, it doesn’t work, doesn’t work, doesn’t work.

Last thing I took off "traffic shape group 105" and put "traffic shaping rate" on this interface:
router(config-if)#no traffic-shape group 105
router(config-if)#traffic-shape rate 64000 (because of I have 64Kbit Lease line connection between head office to this department)

Then Lets see, "traffic-shape statistics"
router#sh traffic-shape statistics s2/0:13
                  Access              Queue          Packets                Bytes        Packets      Bytes     Shaping
I/F               List                  Depth                                                      Delayed     Delayed   Active
Se2/0:13                              0                   99                     22607        8              3883      yes

so, it looks like works. But I doesn’t because i didn’t shape my connections. I just put the rate 64000bit for my connection. For testing , I use again MacAfee speedometer and “ip accounting” command, I saw they can still take( download)  over than 5K. I think It just made bandwidth 64Kb. I don’t want this. I just want to put rate on internet connection and my exchange connection.

After I did these I did also like these,
router(config)#int s2/0:13
router(config-if)#traffic-shape rate 64000
router(config-if)#traffic-shape group 105 8000
After that It says “mix of shaping with and without access lists prohibited”
And sh run look like:

!
interface Serial2/0:13
 description XXXXXXXXX
 bandwidth 64
 ip unnumbered Loopback0
 encapsulation ppp
 no fair-queue
 compress stac
 traffic-shape rate 64000 8000 8000 1000
!

So, It didn’t take group 105 8000.

Those configurations applied on my main router in our head office. Just for out going traffic from main router to there. I didn’t do anything on the other side department router. I thing every configuration should make on main router. I don’t think we should configure the other side department  router. Anyway, it all about outgoing traffic in main office.

I am posting these very high importance and urgent. 500 points.

I need to solve this problem ASAP. Thank you for any comment and helping.

Best Regards.  




Answer : Problem: Traffic Shape on Cisco 3660 Router

a couple of things:

You've got your src/destination's wrong (the source will be the proxy)
access-list 105 permit tcp  A.B.C.D (ip in an other department ) host E.F.G.H (ip in my head office proxy)  eq 8080---(proxy port)

This is because traffic shaping only works outbound on an interface, so the source of the main traffic from the hub to the spoke will be *sourced* from E.F.G.H ea 8080, and the remote office IP will be the destination.

Also, you might want to figure out exactly what the Mining Application uses as far as ip addresses/ports/protocols and change how you do your shaping...i.e. explicityly deny traffic related to the mining app and then just 'permit ip any any' as the last line of the shaping access-list so that you can just in effect say: if you're not the mining app, you're rate limited...

so:
access-list 105 deny tcp  host A.B.C.D (ip of mining app server) eq  any
access-list 105 permit ip any any (all the rest of the stuff)

interface Serial2/0:13
 traffic-shape group 105 8000 8000 8000 1000

This may be sufficient, but since this only affects outbound traffic, you may want to consider building this on outbound interfaces of the spoke routers.




Random Solutions  
 
programming4us programming4us