06-10-2010 03:08 AM - edited 03-11-2019 10:57 AM
Hi All,
I have a question regarding Throttling Bandwidth on an ASA 5510.
Lets say for simplicities sake I Have two physical interfaces connected.
OUTSIDE - Connects to my ISP.
Inside - with 2 subinterfaces connected.
192.168.1.1/24 VLAN 5
10.10.1.1/24 VLAN 10
Now what I want to do is restrict the bandwidth to and from the 192.168.1.1/24 network to 2mb/s
and
limit the bandwidth to and from the 10.10.1.1/24 network to 1mb/s.
NOTE: The two internal networks cannot talk to each other.
Now I understand I can do something like this say for the 192.168.1.0/24 network.
access-list 2mbs_throttle extended permit ip host 1.1.1.1 any
access-list 2mbs_throttle extended permit ip any host 1.1.1.1
access-list 2mbs_throttle extended permit ip host 1.1.1.2 any
access-list 2mbs_throttle extended permit ip any host 1.1.1.2
where 1.1.1.1 is the 192.168.1.0's PAT'd address AND 1.1.1.2 is an internal servers NAT'ed (via a STATIC) public address.
class-map cm_2mb_throttle
match access-list 2mbs_throttle
policy-map restrict-bandwidth-policy
class cm_2mb_throttle
police output 2000000 2000
police input 2000000 2000
service-policy restrict-bandwidth-policy interface outside
Does this look correct?
Is this restricting the total size of the servers NAT'ed behind 1.1.1.1 and 1.1.1.2 to 2mb/s with a small burst?
Also is there a better way of doing this? Could I somehow apply this policy to the VLANs?
Any help is very much appreciated.
Cheers.
Solved! Go to Solution.
06-11-2010 06:03 AM
No no, if the links are full duplex you have 2Mbps in each dirrection at the same time, so it is 2Mbps bidirectional.
That is what I meant.
I hope it makes sense.
PK
06-10-2010 04:01 AM
06-10-2010 04:07 AM
Thanks I've seen that document.
I was asking if someone could help with my specific questions.
06-10-2010 11:31 AM
Geia sou Marco,
Does this look correct?
Yes.
Is this restricting the total size of the servers NAT'ed behind 1.1.1.1 and 1.1.1.2 to 2mb/s with a small burst?
Note that you are giving 2Mbps up and down to the servers.
Also is there a better way of doing this? Could I somehow apply this policy to the VLANs?
Probably not. You can be more explicit on how much you want servers to upload and download but that is it.
I am not sure what you mean by "apply to the VLANs. You can apply it to traffic matches in the class-map. So you can do it for traffic matching vlan subnets.
I hope it helps.
PK
06-10-2010 03:55 PM
Hi PK,
Many thanks for yout informative reply.
I have just one further question based on your response
"Note that you are giving 2Mbps up and down to the servers."
Does this mean if I had a 10meg pipe that theoretically that subnet could use up to 4mbs? ie. 2mbs up + 2mb down?
Can you suggest a way that I could limit the total to 2mbs?
I don't want the subnet to be able to exceed 2mbs in total, but don't wont to restrict them to 1mbs up and 1mbs down
cheers.
06-11-2010 06:03 AM
No no, if the links are full duplex you have 2Mbps in each dirrection at the same time, so it is 2Mbps bidirectional.
That is what I meant.
I hope it makes sense.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide