I am having troubles limiting internet traffic per user basis. Goal is to give every user 50M internet traffic but exclude DMZ traffic. Currently configuration is as follows.
- Hardware C6800 Supervisor Engine 2T 10GE
- Network diagram https://imgur.com/a/ut3Bf
time-range busHours periodic weekdays 8:00 to 16:00 ip access-list extended host-internet-traffic deny ip A.B.C.D 0.0.0.128 any deny ip any A.B.C.D 0.0.0.128 permit ip any any time-range busHours class-map host-internet-traffic match access-group name host-internet-traffic ! burst = (configured rate * 1.5)/8 = 9375000 policy-map internet-policer class host-internet-traffic police flow mask dest-only 50000000 9375000 conform-action transmit exceed-action drop interface vlan100 service-policy input internet-policer
After the configuration I still get all the available bandwidth?
show policy-map interface vlan 100 Service-policy input: internet-policer Class-map: host-internet-traffic (match-all) 17690 packets, 1764725 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group name host-internet-traffic Class-map: class-default (match-any) 2452 packets, 258070 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: any 2452 packets, 258070 bytes 5 minute rate 0 bps
show log gives following message
%FM_EARL8-4-ADMISSION_CONTROL_CONFLICT: FIE-ADMISSION netflow flowmask conflict found while configuring IP_QOS_INGRESS feature for interface Vlan100
Any ideas?
No comments:
Post a Comment