Limit the use of bandwidth towards one IP address
Hi to all! I have a question and I hope someone will be able to help me or to confirm my understanding of problem.
I have a situation like this: HQ Office and remote office... I want to limit the users from remote office that go to one IP address in HQ Office to use only half bandwidth of the link(for inbound and outbound traffic). No other limitations just towards that one address.
Can I do somthing like this?
Let's say that address with limitation is 30.30.30.30/32
Speed off link between offices is 400kbit.
interface S0/0
rate-limit input access-group 101 200000 37500 37500 conform-action transmit exceed-action drop
rate-limit output access-group 101 200000 37500 37500 conform-action transmit exceed-action drop
access-list 101 permit ip any 30.30.30.30 0.0.0.0
access-list 101 permit ip 30.30.30.30 0.0.0.0 any
Thank you!!
I have a situation like this: HQ Office and remote office... I want to limit the users from remote office that go to one IP address in HQ Office to use only half bandwidth of the link(for inbound and outbound traffic). No other limitations just towards that one address.
Can I do somthing like this?
Let's say that address with limitation is 30.30.30.30/32
Speed off link between offices is 400kbit.
interface S0/0
rate-limit input access-group 101 200000 37500 37500 conform-action transmit exceed-action drop
rate-limit output access-group 101 200000 37500 37500 conform-action transmit exceed-action drop
access-list 101 permit ip any 30.30.30.30 0.0.0.0
access-list 101 permit ip 30.30.30.30 0.0.0.0 any
Thank you!!
Comments
-
janez_drk Member Posts: 27 ■□□□□□□□□□After some reading and google resarching I thing that the example above is correct.
I found out that you can't apply rate-limit to tunnel interface and that is what I need. So now i apply rate-limit command to my LAN interface in remote office. I'm still testing this but I would say that there is some king of traffic limitation.
Can someone tell me is this way the good way?
I'm thinking in applaying the rate-comand on LAN interface in HQ office (as close to IP address as I can get). This also sounds like a good solution..
What do you think?