cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
569
Views
0
Helpful
5
Replies

QoS Config Question

aa
Level 1
Level 1

Hello,

We have a Cisco ASA 5510 connecting our internal network to the Internet using a T1 circuit.

Often, a single person downloading a file from the Internet causes bandwidth usage to spike to the full 1.4Mb and to the detriment of other users.

Can someone please suggest the particular QoS config for being able to more equitably share bandwidth among connections?

Thanks in advance.

Ahmadali

5 Replies 5

suschoud
Cisco Employee
Cisco Employee

Unfortunately, the PIX firewall has no feature set to manage bandwidth per user. On PIX

7.0 code, we have included QoS feature which is a traffic-management strategy that lets

you allocate network resources for both mission-critical and normal data, based on the

type of network traffic and the priority you assign to that traffic. In short, QoS ensures

unimpeded priority traffic and provides the capability of rate-limiting (policing) default

traffic.

Here is some information on Applying QoS Policies :

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration

_guide_chapter09186a0080450b9a.html

Thanks for your reply.

I'm having trouble with the link (second line starting with _guide also appende to url)

.. is it correct?

You mentioned policing of traffic.. is this a feature than can only be applied to default traffic or any defined traffic?

Thanks again.

abinjola
Cisco Employee
Cisco Employee

hello AA..

why dont you determine first what type of download is it...ftp,peer to peer, web, etc

1) Once we determine the type of protocol this download happens then we can apply the rate limiting for that protocol

2)Or else if there is a specific subnet or host that does this download then we can apply a traffic bandwidth for that host/subnet

Thanks for the reply.

In the typical scenario of an internal network connected to the Internet, how would the rate limiting commands be applied?

Would the 'police' command be an 'input' or 'output'?

Which interface would the service-policy be applied to? The internal one, or the external Internet side?

Thanks again.

abinjola
Cisco Employee
Cisco Employee

well lets assume you want to rate limit for everything and anything thats accessed then following are the commands needed to limit it for 5mbps (Lets assume you need 5 mbps)

class-map police_traffic

match any

policy-map qos

class police_traffic

police output 5000000 5000000

service-policy qos interface inside

=====================================

Look at the match command ...here you can refine this by using an access-list, protocol instead of "any"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: