ASA 5510 limit VLANs internet bandwidth?

Answered Question
Aug 23rd, 2010
User Badges:

We have an ASA 5510 (8.3) that has a 10Mbps Internet  connection. There is L3 3750 switch connected to ASA with created 10 VLANs. How to limit internet bandwidth for let's say 3 vlans (who will have access to the internet). Any example would be great (acl,policy maps)...

One more question: Is there any problems if we use CLI and ASDM to configure ASA simultaneously- of course saving config in each mode-till now we didn't noticed any.

Correct Answer by Scott Nishimura about 6 years 9 months ago

Hi Dejan,


You can apply policing on the ASA to specific interfaces.    Since you are trunking between a 3750 and ASA, you will have sub-interfaces defined on the ASA each with its own nameif for each vlan.  You can then specify polcing and then apply it to the specific nameif that you had defined.


This will police the traffic for each of the interfaces that you define.  With policing, you will set the limit to the amount of traffic you want flowing.  Anything above it will be dropped.


You can check out the config guide for more information on this:


http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/conns_qos.html#wp1071334


As for your second question on using ASDM and CLI simultaneously.  Everytime you make a change on the cli, you will need to refresh the ASDM as there will have been an out of band change.  If the asdm is running in the background, it will prompt you to reload as it detected a change.


regards,

scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Scott Nishimura Mon, 08/23/2010 - 16:19
User Badges:
  • Cisco Employee,

Hi Dejan,


You can apply policing on the ASA to specific interfaces.    Since you are trunking between a 3750 and ASA, you will have sub-interfaces defined on the ASA each with its own nameif for each vlan.  You can then specify polcing and then apply it to the specific nameif that you had defined.


This will police the traffic for each of the interfaces that you define.  With policing, you will set the limit to the amount of traffic you want flowing.  Anything above it will be dropped.


You can check out the config guide for more information on this:


http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/conns_qos.html#wp1071334


As for your second question on using ASDM and CLI simultaneously.  Everytime you make a change on the cli, you will need to refresh the ASDM as there will have been an out of band change.  If the asdm is running in the background, it will prompt you to reload as it detected a change.


regards,

scott

Actions

This Discussion