PIX Bandwitdh distribution

ahpark78 · ‎12-01-2006

Hi,

Can someone help me in answering the following Question

With PIX 525 version 6.2 can bandwidth distribution be done.

I need sample configuration for the following Scenario Bandwidth

allocation

Internet-Link is directly terminated on PIX 525 with Internet-bandwidth

4Mbps.

We need the Bandwidth allocation in the following way:-

DMZ1 has SAP Server

Bandwidth = 2mbps

DMZ2 has Web Server

Bandwidth = 1Mbps

DMZ3 has Lotus Domino Server

Bandwidth = 1Mbps

Rafiki-TLK · ‎12-02-2006

I don't know if version 6.2 will do this because I use version 7.1. I recommend to you to upgrade to version 7.x any way. For not so experienced persons the version 7.x web interface is a lot better to understand.

To limit the bandwidth for specific traffic you must use a policy class.

First define a access-list with permit statements to include the traffic that you want to limit.

Then use an otherwise empty class-map with just this access-list

Finally create a policy map that will police (limit) the bandwidth for this class-map.

In this example mebo is a local machine that will talk to a machine named mserver. I have limited the traffic from mebo to mserver to 256kbit.

access-list aclpm_mebo extended permit ip host mebo host mserver

class-map class_mebo

match access-list aclpm_mebo

!

policy-map policy_outbound

class class_mebo

police 256000 150000

Please notice the line police 256000 150000, where 256000 is bit per second, 150000 is burst rate in byte per second. I don't know why Cisco puts byte per second and bit per second in one line. This access-list will be used only for this class-map, it is not used at any interface.

You will need thee policy maps to achieve what you want.

ahpark78 · ‎12-02-2006

Thanks Rafiki,

but what is burst rate? and how can i achieve the limit on the interface?

meaning how i can apply the class map on the interface??

thanks again!