Home
Certification Preparation
Cisco
CCNP
Per user traffic policing
JoeBirds
Hey guys,
On a 2900 series router, is it possible to perform internet traffic policing PER
TCP
session (single user) on 80 or 443? In other words, I'm wanting to take a user's port 80/443 internet traffic and police it down to a certain speed.
Any ideas are greatly appreciated.
Find more posts tagged with
Comments
networker050184
Sure, you can match on protocol traffic, ACL, etc. Just have to figure out what works best for you. Look into policing with MQC and it should get you in the right direction.
JoeBirds
You can't define any internal IP addresses in an ACL that will be used to match internet traffic as it hits the public interface of the router. All addresses are still public at that point.
networker050184
Depends at what point in the network you are matching.
JoeBirds
I think an example will help me better explain:
Say that I have a LAN of users - two of which love to stream videos and download crap. Is there a way to implement a service policy to police traffic on port 80 and 443 for those two users only?
The only area I can think to put the service policy would be inward (input) on the public interface, but that leaves me with an issue. I cannot match traffic to those user's private IP addresses from what is still technically public traffic. Sure I could match all of the traffic coming from port 80 and 443 in my ACL match, but that would throttle the entire LAN.
I really do not think there is an easy way of doing it, if at all.
networker050184
Ok I gotcha. Yeah not likely something a router is ging to be good at. You might be able to find a way to match and drop, but as you say not a ver elegant solution. Unfortunately just not what the router is designed for.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
