★ ★ MSR36 failed to limit the client speed
- 0 Followed
- 0Collected ,2651Browsed
Network Topology
Network
Problem Description
The fixed IP of MSR36 G0/0 is used as the network egress, the gateway of the terminal is on the switch, and the fixed flow control is configured on the router web interface to limit the speed of the terminal whose address is the user group OA. However, the speed test found that no matter whether it is uplink or downlink, it cannot be restricted.
The corresponding command line configuration is as follows:
#
qos carl 5 source-ip-address object-group OA per-address
qos carl 6 destination-ip-address object-group OA per-address
#
object-group ip address OA
0 network range 192.168.0.0 192.168.0.254
#
interface GigabitEthernet0/0
qos car inbound carl 6 cir 50000 cbs 1250000 ebs 0 green pass red discard yellow pass
qos car outbound carl 5 cir 50000 cbs 1250000 ebs 0 green pass red discard yellow pass
#
Process Analysis
For the speed limit problem, you need to check whether the terminal traffic is going out from the interface where the speed limit is applied. You can tracert the route on the terminal to see where it goes out. If there is no problem with the outbound interface, you can configure traffic statistics to confirm whether the packets from the speed limit address have arrived the equipment. In this example, the address of the speed measurement terminal is 192.168.0.2, and the flow statistics of the interface connected to the firewall on the MSR find that no packet with the address of 192.168.0.2 is sent to the device, but the tracert trace is sent out from the MSR router. From this, it is guessed that the following devices may have enabled NAT and converted 192.168.0.2.
Solution
After checking the internal network, it was finally found that NAT was enabled on the firewall, and the address of the speed-limiting terminal was translated from the source address. After disabling the firewall NAT, the speed limit is normal.
Note: If there is no route to the terminal network segment on the MSR, a route needs to be added, otherwise disabling the firewall NAT may affect the business.