02-25-2014 01:14 AM - edited 03-11-2019 08:49 PM
Hi All,
We have 8 Mbps of bandwidth from one of our ISP, terminated on a Router (gi 0/0), from that router port (gi 0/1) is connected to my Lan1 and another port (gi 0/0) is connected to Cisco ASA (Lan2).
Management has decided to give 2Mbps(upload and download) limit to our Lan2 Network, out of that 8Mbps ILL, so to achive this, i did the following configuration in cisco ASA .
access-list rate-limit-acl extended permit ip any host x.x.x.63
access-list rate-limit-acl extended permit ip any host a.b.c.112
access-list rate-limit-acl extended permit ip host x.x.x.63 any
access-list rate-limit-acl extended permit ip host a.b.c.112 any
class-map rate-limit
match access-list rate-limit-acl
policy-map limit-policy
class rate-limit
police output 2000000 4000
police input 2000000 4000
service-policy limit-policy interface ouside
Dont understand , what went wrong and where , its not working , the specified hosts in the ACL are enjoying the full bandwith (8 Mbps). Even i have tried applying the Service-policy to inside interface but no luck.
Request all the experts for advice.
Regards,
Ashraf
02-25-2014 10:50 AM
Hello, Ashraf.
I guess you have applied policy on outside interface, however, ACL is configured with private IP-addresses.
PS: try to apply policy in the inside interface and provide show service-policy limit-policy
02-25-2014 09:28 PM
Hello MikhailovskyVV ,
Thanks for the reply,
1. The ACL corresponds to the traffic flowing from inside (private ip) to outside (public ip) and vise versa .
in the ACL "any" corresponds to inside hosts and "x.x.x.63" , a.b.c.112 are public ip's.
2. Following is the output of show service-policy limit-policy , after i applied the service-policy to inside interface.
ciscoasa# sh service-policy
Interface inside:
Service-policy: limit-policy
Class-map: rate-limit
Output police Interface inside:
cir 2000000 bps, bc 4000 bytes
conformed 4 packets, 260 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps
Input police Interface inside:
cir 2000000 bps, bc 4000 bytes
conformed 0 packets, 0 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps
3. Do we need to create two saparate policy-map, per interface with police input or police output statement.
Regards,
Ashraf
02-26-2014 09:12 PM
Can somebody pls provide some input.
Regards,
Ashraf
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: