03-09-2010 01:13 AM - edited 03-11-2019 10:18 AM
Hello, sorry for my english. I need to host 192.168.202.77 have the allocated bandwidth 50kbit in conformity with this acl:
access-list shilova extended permit tcp host 192.168.202.77 any eq www
access-list shilova extended permit tcp host 192.168.202.77 any eq https
access-list shilova extended permit tcp host 192.168.202.77 any eq ftp
What is incorrect?
priority-queue inside
priority-queue outside
webvpn
csd image disk0:/securedesktop-asa-3.2.0.136-k9.pkg
!
class-map class_ftp
match port tcp eq 221
class-map tcp_traffic
match access-list tcp_traffic
class-map shilova
match access-list shilova
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
class class_ftp
inspect ftp
policy-map QoS
class tcp_traffic
priority
class shilova
police input 50000
!
service-policy global_policy global
service-policy QoS interface inside
service-policy QoS interface outside
prompt hostname context
03-09-2010 04:19 AM
Hi,
Do want to configure Bandwidth limit to the client for 50Kbps.If yes , then you can configure POLICING,which will ensure that the client can access only the allotted bandwidth.
hostname(config-pmap-c)# police {output | input} conform-rate [conform-burst]
[conform-action [drop | transmit]] [exceed-action [drop | transmit]]
Sample config:
ASA(config)# access-list AL-WEB-TRAFFIC permit tcp host 192.168.1.110 eq www any
ASA(config-if)# class-map CM-POLICE-WEB
ASA(config-cmap)# match access-list AL-WEB-TRAFFIC
ASA(config-cmap)# policy-map PM-POLICE-WEB
ASA(config-pmap)# class CM-POLICE-WEB
ASA(config-pmap-c)# police output 56000 10500
ASA(config-pmap-c)# service-policy PM-POLICE-WEB interface outside
For more information just have a look into the below URL
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_qos.html#wp1065257
Regards
Karuppu
03-09-2010 11:27 PM
If the link is loaded, the host leaves with a speed smaller, than 50kbit(
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide