QoS Config Question

Unanswered Question
Mar 12th, 2007
User Badges:


We have a Cisco ASA 5510 connecting our internal network to the Internet using a T1 circuit.

Often, a single person downloading a file from the Internet causes bandwidth usage to spike to the full 1.4Mb and to the detriment of other users.

Can someone please suggest the particular QoS config for being able to more equitably share bandwidth among connections?

Thanks in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
suschoud Mon, 03/12/2007 - 10:18
User Badges:
  • Gold, 750 points or more

Unfortunately, the PIX firewall has no feature set to manage bandwidth per user. On PIX

7.0 code, we have included QoS feature which is a traffic-management strategy that lets

you allocate network resources for both mission-critical and normal data, based on the

type of network traffic and the priority you assign to that traffic. In short, QoS ensures

unimpeded priority traffic and provides the capability of rate-limiting (policing) default


Here is some information on Applying QoS Policies :



aa@nvrlnd.com Mon, 03/12/2007 - 10:25
User Badges:

Thanks for your reply.

I'm having trouble with the link (second line starting with _guide also appende to url)

.. is it correct?

You mentioned policing of traffic.. is this a feature than can only be applied to default traffic or any defined traffic?

Thanks again.

abinjola Mon, 03/12/2007 - 10:27
User Badges:
  • Cisco Employee,

hello AA..

why dont you determine first what type of download is it...ftp,peer to peer, web, etc

1) Once we determine the type of protocol this download happens then we can apply the rate limiting for that protocol

2)Or else if there is a specific subnet or host that does this download then we can apply a traffic bandwidth for that host/subnet

aa@nvrlnd.com Mon, 03/12/2007 - 12:33
User Badges:

Thanks for the reply.

In the typical scenario of an internal network connected to the Internet, how would the rate limiting commands be applied?

Would the 'police' command be an 'input' or 'output'?

Which interface would the service-policy be applied to? The internal one, or the external Internet side?

Thanks again.

abinjola Mon, 03/12/2007 - 12:53
User Badges:
  • Cisco Employee,

well lets assume you want to rate limit for everything and anything thats accessed then following are the commands needed to limit it for 5mbps (Lets assume you need 5 mbps)

class-map police_traffic

match any

policy-map qos

class police_traffic

police output 5000000 5000000

service-policy qos interface inside


Look at the match command ...here you can refine this by using an access-list, protocol instead of "any"


This Discussion