Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QoS Config Question


We have a Cisco ASA 5510 connecting our internal network to the Internet using a T1 circuit.

Often, a single person downloading a file from the Internet causes bandwidth usage to spike to the full 1.4Mb and to the detriment of other users.

Can someone please suggest the particular QoS config for being able to more equitably share bandwidth among connections?

Thanks in advance.


Cisco Employee

Re: QoS Config Question

Unfortunately, the PIX firewall has no feature set to manage bandwidth per user. On PIX

7.0 code, we have included QoS feature which is a traffic-management strategy that lets

you allocate network resources for both mission-critical and normal data, based on the

type of network traffic and the priority you assign to that traffic. In short, QoS ensures

unimpeded priority traffic and provides the capability of rate-limiting (policing) default


Here is some information on Applying QoS Policies :


New Member

Re: QoS Config Question

Thanks for your reply.

I'm having trouble with the link (second line starting with _guide also appende to url)

.. is it correct?

You mentioned policing of traffic.. is this a feature than can only be applied to default traffic or any defined traffic?

Thanks again.

Cisco Employee

Re: QoS Config Question

hello AA..

why dont you determine first what type of download is it...ftp,peer to peer, web, etc

1) Once we determine the type of protocol this download happens then we can apply the rate limiting for that protocol

2)Or else if there is a specific subnet or host that does this download then we can apply a traffic bandwidth for that host/subnet

New Member

Re: QoS Config Question

Thanks for the reply.

In the typical scenario of an internal network connected to the Internet, how would the rate limiting commands be applied?

Would the 'police' command be an 'input' or 'output'?

Which interface would the service-policy be applied to? The internal one, or the external Internet side?

Thanks again.

Cisco Employee

Re: QoS Config Question

well lets assume you want to rate limit for everything and anything thats accessed then following are the commands needed to limit it for 5mbps (Lets assume you need 5 mbps)

class-map police_traffic

match any

policy-map qos

class police_traffic

police output 5000000 5000000

service-policy qos interface inside


Look at the match command you can refine this by using an access-list, protocol instead of "any"