Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
2
Replies

ASA QoS

KpaH4iTooo
Level 1
Level 1

‎03-09-2010 01:13 AM - edited ‎03-11-2019 10:18 AM

Hello, sorry for my english. I need to host 192.168.202.77 have the allocated bandwidth 50kbit in conformity with this acl:

access-list shilova extended permit tcp host 192.168.202.77 any eq www
access-list shilova extended permit tcp host 192.168.202.77 any eq https
access-list shilova extended permit tcp host 192.168.202.77 any eq ftp
What is incorrect?

priority-queue inside
priority-queue outside
webvpn
csd image disk0:/securedesktop-asa-3.2.0.136-k9.pkg
!
class-map class_ftp
match port tcp eq 221
class-map tcp_traffic
match access-list tcp_traffic
class-map shilova
match access-list shilova
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
class class_ftp
  inspect ftp
policy-map QoS
class tcp_traffic
  priority
class shilova
  police input 50000
!
service-policy global_policy global
service-policy QoS interface inside
service-policy QoS interface outside
prompt hostname context

Labels:
0 Helpful
2 Replies 2

KARUPPUCHAMY MALAIYANDI
Level 4
Level 4

‎03-09-2010 04:19 AM

Hi,

Do want to configure Bandwidth limit to the client for 50Kbps.If yes , then you can configure POLICING,which will ensure that the client can access only the allotted bandwidth.

hostname(config-pmap-c)# police {output | input} conform-rate [conform-burst] 
  [conform-action [drop | transmit]] [exceed-action [drop | transmit]]

Sample config:

ASA(config)# access-list AL-WEB-TRAFFIC permit tcp host 192.168.1.110 eq www any
ASA(config-if)# class-map CM-POLICE-WEB
ASA(config-cmap)# match access-list AL-WEB-TRAFFIC
ASA(config-cmap)# policy-map PM-POLICE-WEB
ASA(config-pmap)# class CM-POLICE-WEB
ASA(config-pmap-c)# police output 56000 10500
ASA(config-pmap-c)# service-policy PM-POLICE-WEB interface outside

For more information just have a look into the below URL

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html#wp1065257

Regards

Karuppu

0 Helpful

KpaH4iTooo
Level 1
Level 1
In response to KARUPPUCHAMY MALAIYANDI

‎03-09-2010 11:27 PM

If the link is loaded, the host leaves with a speed smaller, than 50kbit(

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card