cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1044
Views
0
Helpful
12
Replies

Setup Bandwidth Limit on V-Lans

ray_stone
Level 1
Level 1

Hi, I am wondering of how to setup the bandwidth limit on following V-LANS. We have 2 MBPS 1:1 lease line and the downloading speed comes max upto 180 to 200 KB.

1) NOC (192.168.12.0/24)

2) DEV (192.168.13.0/24)

3) QA (192.168.14.0/24)

4) Tech(192.168.15.0/24)

Now, Internet is on and when users downloading anything from any V-lans then it consumes higher bandwidth which could have resulted Network gets chowk and it affects buisness production activities. Now I want to setup a limited bandwidth for entire V-lan like assign only upto 30kb downloading for QA V-Lan and same for other except NOC V-LAN. Can anyone suggest is it possible as I know it can be done by QOS but I am not so much perfect in QOS commands so I would request to experts please expain briefly with commands, if possible.

Thanks

1)

12 Replies 12

Pravin Phadte
Level 5
Level 5

I would suggest to do a QOS or Rate-limit would be the easy way to get this done.

If this is a router or switch. If ASA you will have to do QOS.

BrinksArgentina
Level 1
Level 1

With this config, QA VLAN will get only 30KB, but the usage of WAN link may be bigger, because you can only limit traffic when egress from ASA.

access-list traffic_QA extended permit ip any 192.168.14.0 255.255.255.255

class-map traffic_QA

match access-list traffic_QA

policy-map limit_QA_out

class traffic_QA

police output 30000 60000

service-policy limit_QA_out interface VL_QA


Guido.

Please rate all the helpful comments.

Hi, Thank you for your responses.

"but the usage of WAN link may be bigger, because you can only limit traffic when egress from ASA"

I didn't understand the meaning of above sentence. Can you pls expain it briefly.

Thanks

QoS for inbound traffic

Ok, I review all and make some testing and finally found how this must be done.

Yes, you CAN throttle down inbound traffic.

The only consideration is that you must specify the outside address, so you must create a different pool for each VLAN.

global (outside) 1 200.1.1.2

global (outside) 2 200.1.1.3

nat (NOC) 1 192.168.12.0 255.255.255.0

nat (QA) 2 192.168.14.0 255.255.255.0

access-list traffic_wwwNOC extended permit ip any host 200.1.1.2

access-list traffic_wwwQA extended permit ip any host 200.1.1.2

class-map class_wwwNOC

match access-list traffic_wwwNOC

class-map class_wwwQA

match access-list traffic_wwwQA

policy-map limit_outside

class class_wwwNOC

police input 1500000 60000

class class_wwwQA

police input 300000 30000

service-policy limit_outside interface outside

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/qos.html


Guido.

Please rate all the helpful comments.

Hi, If I am using below commands in my configuration:

global (outside) 1 interface outside

global (outside) 2 interface outside

What commands needs to be changed???

Pls explain.

You need a public address for each VLAN with a different policy shaping.

For instance, if your outside ip address is 200.1.1.2 255.255.255.248, you can use:

global (outside) 1 interface outside

global (outside) 2 200.1.1.3

access-list traffic_wwwNOC extended permit ip any host 200.1.1.2

access-list traffic_wwwQA extended permit ip any host 200.1.1.3

You can use for the global pool, an address curently used for PAT. For example if you have something like that:

static (inside,outside) tcp 200.1.1.3 80 192.168.12.20 80 netmask 255.255.255.255

... this is not a problem.

Witch is the netmask of your public address?

Please note that I made a mistake in the acl of the previus post. Each acl must point to the correspondig public address of the global pool.


Guido.

Please rate all the helpful comments.

Hi,

We have 2mbps link and 4 vlans are placed on ASA FW.

1) NOC 192.168.12.0

2) QA 192.168.15.0

3) Tech 192.168.21.0

4) DEV 192.168.14.0

Now I want to set the download speed 30 kb for entire V-LAN. I want to allow 150 KB bandwith for QA V-lan for STS DC Tunnel. I want to allow 150 KB Bandwidth for Techsol V-LAN for 192.168.59.109 host which is placed Sterling STS Tunnel.

Pls. explain the commands. Thnaks

Pls. advice!

How many public IP addresses do you have?

You need a /28 at least. One public IP for each global nat pool.

Guido

Yes, we have 16 public IP

??

Do you have tested the previously posted commands?

(replace 200.1.1.x with you public address)

global (outside) 1 200.1.1.2

global (outside) 2 200.1.1.3

nat (NOC) 1 192.168.12.0 255.255.255.0

nat (QA) 2 192.168.14.0 255.255.255.0

access-list traffic_wwwNOC extended permit ip any host 200.1.1.2

access-list traffic_wwwQA extended permit ip any host 200.1.1.3

!identify traffic:

class-map class_wwwNOC

match access-list traffic_wwwNOC

class-map class_wwwQA

match access-list traffic_wwwQA

!apply different shaping to each class of traffic:

policy-map limit_outside

class class_wwwNOC

police input 1500000 60000

class class_wwwQA

police input 300000 30000

!enable service-policy on the interface:

service-policy limit_outside interface outside

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: