Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QOS limited bandwith on specific ip adress

Hi, i am using asa5510 and i want to configure QOS,in particular a limited Bandwith rate on a specific IP address.

For example, I have a 4Mbits SDSL internet access and I want to dedicate to one IP a limited bandwith ( 2Mbits for example) on http protocol. I try to configure my ASA with ASDM and Service Policy Rule but it doesn'work. Can you Help me ?

Thank you.

This is my configuration :

access-list WAN_mpc extended permit object-group TCPUDP host 192.168.1.6 any eq www

class-map WAN-class

match access-list WAN_mpc

policy-map WAN-policy

class WAN-class

  police input 2000000 1500

  police output 2000000 1500

service-policy WAN-policy interface WAN

7 REPLIES
Silver

QOS limited bandwith on specific ip adress

What does show service-policy police say?

Daniel Dib
CCIE #37149

Please rate helpful posts.

Daniel Dib CCIE #37149 Please rate helpful posts.
New Member

QOS limited bandwith on specific ip adress

result of show service-policy police :

Interface WAN:

  Service-policy: WAN-policy

    Class-map: WAN-class

      Input police Interface WAN:

        cir 2000000 bps, bc 1500 bytes

        conformed 0 packets, 0 bytes; actions:  drop

        exceeded 0 packets, 0 bytes; actions:  drop

        conformed 0 bps, exceed 0 bps

      Output police Interface WAN:

        cir 2000000 bps, bc 1500 bytes

        conformed 0 packets, 0 bytes; actions:  drop

        exceeded 0 packets, 0 bytes; actions:  drop

        conformed 0 bps, exceed 0 bps

VIP Green

QOS limited bandwith on specific ip adress

I would have expected the input to have 0 and output to match, but strange that neither has matched.  First off your commited burst (bc) rate is very low, I suggest increasing this to 375000. In the future keep this formula in mind when calculating commited burst rate:

bc = (cir/8) x 1.5

(2000000/8) x 1.5 = 375000

It would seem that the traffic from the LAN is not being matched for some reason.  What version ASA are  you running? I do you have NAT configured?

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
New Member

QOS limited bandwith on specific ip adress

I use ASA Version 8.2  and yes I use NAT :

global (WAN) 1 interface

nat (LAN) 0 access-list LAN_nat0_outbound

nat (LAN) 1 192.168.1.0 255.255.255.0

nat (DMZ) 0 access-list DMZ_nat0_outbound_1 outside

static (DMZ,LAN) 194.206.x.x 10.1.1.2 netmask 255.255.255.255

static (DMZ,LAN) 194.206.y.y 10.1.1.3 netmask 255.255.255.255

static (DMZ,WAN) 194.206.x.x 10.1.1.2 netmask 255.255.255.255

static (DMZ,WAN) 194.206.y.y 10.1.1.3 netmask 255.255.255.255

static (LAN,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.248.0

VIP Green

QOS limited bandwith on specific ip adress

In this case you would need to use the public IP of the host for a match to occur.  as of 8.3 and higher you would use the private IP.

You would also need to amend the ACL so that inbound is also matched:

access-list WAN_mpc extended permit object-group TCPUDP host any eq www

access-list WAN_mpc extended permit object-group TCPUDP any host eq www

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
New Member

QOS limited bandwith on specific ip adress

To go on the Internet I use one public IP ( the interface WAN ip ) for all the LAN hosts in 192.168.1.0/24 with :

global (WAN) 1 interface

nat (LAN) 1 192.168.1.0 255.255.255.0

I don't want to limit the bandwith to all the hosts in LAN, i just want to limit one IP : 192.168.1.6

How can I do?

Thank you

VIP Green

QOS limited bandwith on specific ip adress

I do not think this is possible without having a dedicated public IP for 192.168.1.6 client machine.  At least not on the 8.2 ASA software.

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
202
Views
0
Helpful
7
Replies
CreatePlease login to create content