Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 limit VLANs internet bandwidth?

We have an ASA 5510 (8.3) that has a 10Mbps Internet  connection. There is L3 3750 switch connected to ASA with created 10 VLANs. How to limit internet bandwidth for let's say 3 vlans (who will have access to the internet). Any example would be great (acl,policy maps)...

One more question: Is there any problems if we use CLI and ASDM to configure ASA simultaneously- of course saving config in each mode-till now we didn't noticed any.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA 5510 limit VLANs internet bandwidth?

Hi Dejan,

You can apply policing on the ASA to specific interfaces.    Since you are trunking between a 3750 and ASA, you will have sub-interfaces defined on the ASA each with its own nameif for each vlan.  You can then specify polcing and then apply it to the specific nameif that you had defined.

This will police the traffic for each of the interfaces that you define.  With policing, you will set the limit to the amount of traffic you want flowing.  Anything above it will be dropped.

You can check out the config guide for more information on this:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/conns_qos.html#wp1071334

As for your second question on using ASDM and CLI simultaneously.  Everytime you make a change on the cli, you will need to refresh the ASDM as there will have been an out of band change.  If the asdm is running in the background, it will prompt you to reload as it detected a change.

regards,

scott

1 REPLY
Cisco Employee

Re: ASA 5510 limit VLANs internet bandwidth?

Hi Dejan,

You can apply policing on the ASA to specific interfaces.    Since you are trunking between a 3750 and ASA, you will have sub-interfaces defined on the ASA each with its own nameif for each vlan.  You can then specify polcing and then apply it to the specific nameif that you had defined.

This will police the traffic for each of the interfaces that you define.  With policing, you will set the limit to the amount of traffic you want flowing.  Anything above it will be dropped.

You can check out the config guide for more information on this:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/conns_qos.html#wp1071334

As for your second question on using ASDM and CLI simultaneously.  Everytime you make a change on the cli, you will need to refresh the ASDM as there will have been an out of band change.  If the asdm is running in the background, it will prompt you to reload as it detected a change.

regards,

scott

2688
Views
5
Helpful
1
Replies