Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Bandwidth Throttling on ASA question

Hi All,

I have a question regarding Throttling Bandwidth on an ASA 5510.

Lets say for simplicities sake I Have two physical interfaces connected.

OUTSIDE -  Connects to my ISP.

Inside - with 2 subinterfaces connected.
                            192.168.1.1/24 VLAN 5
                            10.10.1.1/24  VLAN 10


Now what I want to do is restrict the bandwidth to and from the 192.168.1.1/24 network to 2mb/s

and

limit the bandwidth to and from the 10.10.1.1/24 network to 1mb/s.

NOTE: The two internal networks cannot talk to each other.


Now I understand I can do something like this say for the 192.168.1.0/24 network.

access-list 2mbs_throttle extended permit ip host 1.1.1.1 any
access-list 2mbs_throttle extended permit ip any host 1.1.1.1
access-list 2mbs_throttle extended permit ip host 1.1.1.2 any
access-list 2mbs_throttle extended permit ip any host 1.1.1.2

where 1.1.1.1 is the 192.168.1.0's PAT'd address AND 1.1.1.2 is an internal servers NAT'ed (via a STATIC) public address.

class-map cm_2mb_throttle
match access-list 2mbs_throttle


policy-map restrict-bandwidth-policy
class cm_2mb_throttle
police output 2000000 2000
police input 2000000 2000


service-policy restrict-bandwidth-policy interface outside


Does this look correct?

Is this restricting the total size of the servers NAT'ed behind 1.1.1.1 and 1.1.1.2 to 2mb/s with a small burst?

Also is there a better way of doing this? Could I somehow apply this policy to the VLANs?

Any help is very much appreciated.

Cheers.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Bandwidth Throttling on ASA question

No no, if the links are full duplex you have 2Mbps in each dirrection at the same time, so it is 2Mbps bidirectional.

That is what I meant.

I hope it makes sense.

PK

5 REPLIES

Re: Bandwidth Throttling on ASA question

Community Member

Re: Bandwidth Throttling on ASA question

Thanks I've seen that document.

I was asking if someone could help with my specific questions.

Cisco Employee

Re: Bandwidth Throttling on ASA question

Geia sou Marco,


Does this look correct?

Yes.

Is this restricting the total size of the 
servers NAT'ed behind 1.1.1.1 and 1.1.1.2 to 2mb/s with a small burst?

Note that you are giving 2Mbps up and down to the servers.

Also is 
there a better way of doing this? Could I somehow apply this policy to 
the VLANs?

Probably not. You can be more explicit on how much you want servers to upload and download but that is it.

I am not sure what you mean by "apply to the VLANs. You can apply it to traffic matches in the class-map. So you can do it for traffic matching vlan subnets.

I hope it helps.

PK

Community Member

Re: Bandwidth Throttling on ASA question

Hi PK,

Many thanks for yout informative reply.

I have just one further question based on your response

"Note that you are giving 2Mbps up and down to the servers."

Does this mean if I had a 10meg pipe that theoretically that subnet could use up to 4mbs? ie. 2mbs up + 2mb down?

Can you suggest a way that I could limit the total to 2mbs?

I don't want the subnet to be able to exceed 2mbs in total, but don't wont to restrict them to 1mbs up and 1mbs down

cheers.

Cisco Employee

Re: Bandwidth Throttling on ASA question

No no, if the links are full duplex you have 2Mbps in each dirrection at the same time, so it is 2Mbps bidirectional.

That is what I meant.

I hope it makes sense.

PK

2551
Views
0
Helpful
5
Replies
CreatePlease to create content