Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5520 Bandwidth limiting


I want to limit the amount of bandwidth per user (down/up) with my asa 5520. Now i am using the following code and i wonder if it's the most efficient way of doing this:

Policy-map IPS_outside
class bandwidth-outside-class
  police input 2000000 600000 conform-action transmit exceed-action drop
  police output 2000000 600000 conform-action transmit exceed-action drop

Currently i am wondering the follow:

-What rates should i put in (i want 250 kB up/down for my users).

-Right now i put these in and i get 350 kB up/down, am i correct in saying that the first value is the normal bandwidth and the second defines how much you can go above it?

-It also feels like this configuration limits my entire connection to this (not sure though, need some more testing). Though i doubt this observation is correct.

-Frankly what i want is that on the moment multiple users are downloading it starts to limit the highrollers so everyone gets a decent connection.

So if someone wants to explain this to me (please a bit detailed, read some stuff about it but i can't seem to grasp it) i would be very grateful.

Cisco Employee

Re: ASA 5520 Bandwidth limiting

I don't think that would be (easily?) doable, since ASA polices per flow not per packet.

You can set maximum bandwidth to be used by a particular flow, set of flows but within that flow or set of flows ...

Your best option is to shape traffic and/or policy particular bandwidth hoggers.

Shaping (example at the end of section)

For values being explained:

and shape:

ASA is not a router, it will not have as many QoS capabilities.

Hopt this helps.


CreatePlease to create content