08-11-2009 08:38 AM - edited 03-11-2019 09:04 AM
Is it possible to rate limit, or police, the bandwidth for some users while not for other users? Can this be done based on the type of traffic? Source/destination?
TIA
08-11-2009 10:38 AM
there is something called Traffic shaping that might help you with what you are trying to do. here is a link http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/qos.html#wp1074879
In the class map you will define the source IP that way you will be able to say which IP will be part of the policy.
08-11-2009 12:47 PM
you need to use acl to define the traffic.
example :
Limiting the bandwidth to 1 mbps
----------------------------------
class-map QOS_IT
match access-list OUTSIDE_mpc_in_V1
class-map QOS_IT_IN
match access-list inside_mpc_in_V1
policy-map my_policy
class QOS_IT_IN
police output 1000000
policy-map my_policy_1
class QOS_IT
police input 1000000
service-policy my_policy interface inside
service-policy my_policy_1 interface outside
##########
Qos Over Vpn
----------------
access-list 101 extended permit tcp any any eq telnet
class-map tcp_traffic
match access-list 101
!
policy-map tcp_policy
class tcp_traffic
priority
!
service-policy tcp_policy interface outside
service-policy tcp_policy interface inside
!
priority-queue inside
priority-queue outside
when you create the priority queue on the inside and on the outside
interfaces, the packet will be put into the priority queue from the inside
interface, and transfered along to the outside interface queue with the same
priority (after encryption).
########
08-11-2009 02:28 PM
Thanks. But, in this situation, VPN users are not an issue. We just want to police certain users, not others as they surf the internet.
08-11-2009 03:06 PM
i just gave an example for other ppl in forum who MIGHT need vpn traffic to be policed.
just use the acl to define the traffic and u should be good.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: