Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QoS/Rate Limiting on the ASA

Is it possible to rate limit, or police, the bandwidth for some users while not for other users? Can this be done based on the type of traffic? Source/destination?

TIA

4 REPLIES
Cisco Employee

Re: QoS/Rate Limiting on the ASA

there is something called Traffic shaping that might help you with what you are trying to do. here is a link http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/qos.html#wp1074879

In the class map you will define the source IP that way you will be able to say which IP will be part of the policy.

Cisco Employee

Re: QoS/Rate Limiting on the ASA

you need to use acl to define the traffic.

example :

Limiting the bandwidth to 1 mbps

----------------------------------

class-map QOS_IT

match access-list OUTSIDE_mpc_in_V1

class-map QOS_IT_IN

match access-list inside_mpc_in_V1

policy-map my_policy

class QOS_IT_IN

police output 1000000

policy-map my_policy_1

class QOS_IT

police input 1000000

service-policy my_policy interface inside

service-policy my_policy_1 interface outside

##########

Qos Over Vpn

----------------

access-list 101 extended permit tcp any any eq telnet

class-map tcp_traffic

match access-list 101

!

policy-map tcp_policy

class tcp_traffic

priority

!

service-policy tcp_policy interface outside

service-policy tcp_policy interface inside

!

priority-queue inside

priority-queue outside

when you create the priority queue on the inside and on the outside

interfaces, the packet will be put into the priority queue from the inside

interface, and transfered along to the outside interface queue with the same

priority (after encryption).

########

New Member

Re: QoS/Rate Limiting on the ASA

Thanks. But, in this situation, VPN users are not an issue. We just want to police certain users, not others as they surf the internet.

Cisco Employee

Re: QoS/Rate Limiting on the ASA

i just gave an example for other ppl in forum who MIGHT need vpn traffic to be policed.

just use the acl to define the traffic and u should be good.

534
Views
0
Helpful
4
Replies