07-30-2012 12:24 AM - edited 03-11-2019 04:35 PM
Hello ,
In ASA 5510.
How I can limit the users in (VLAN 20) to use the internet with a limited Bandwidth/speed with 3 mbps upload and 5 mbps download?
In case the outside interface (Native vlan) which is connected to the ISP and have a bandwidth/speed of 30 mbps upload and 50 mbps download.
Thanks in advanced,
MKD
Solved! Go to Solution.
07-30-2012 03:09 AM
Hi Bro
Yes, the policies or rules that you've permitted or deny currently will still take into effect. The ACL TEST is merely to restrict outbound and inbound network traffic from VLAN with the transfer rate, as per your requirements, based on source IP Address. Let me know what works and doesn't work?
07-30-2012 02:48 AM
Hi Bro
Can you try this out and let me know the outcome;
access-list TEST remark ### QOS Traffic Policing for VLAN20 ###
access-list TEST permit ip 172.16.100.0 255.255.255.0 any
class-map TEST
match access-list TEST
policy-map TEST
class TEST
police input 3000000
police output 3000000
service-policy TEST in interface outside
For further details on this, please do refer to https://supportforums.cisco.com/message/3692590#3692590
P/S: If you think this comment is useful, please do rate them nicely :-)
07-30-2012 03:02 AM
Thanks Ramraj.
1- This will keep the same police when the vlan 20 goes to internet with NAT (outside interface ip) ?
2- We do not have here the inbound traffic ACL, so how the inbound traffic will be policing?
Thanks
MKD
07-30-2012 03:09 AM
Hi Bro
Yes, the policies or rules that you've permitted or deny currently will still take into effect. The ACL TEST is merely to restrict outbound and inbound network traffic from VLAN with the transfer rate, as per your requirements, based on source IP Address. Let me know what works and doesn't work?
02-28-2013 09:30 AM
This worked well for limiting download but doesn't seem to put a limit on the upload. Am I doing something wrong?
I was just using speedtest.net to verify my upload and download are 10 Mbps. The test result is 9.40 Mbps down and 17.22 Mbps upload. I've retested a few times with the same result.
If I remove the service policy I get 55-60 Mbps up and down so it seems like the upload limit is doing something.
I do get matched packets for input and output though,
Interface Public_Wireless:
Service-policy: SHAPE-PUBLIC-WIRELESS
Class-map: LimitPublicWireless
Output police Interface Public_Wireless:
cir 10000000 bps, bc 312500 bytes
conformed 160908 packets, 180033824 bytes; actions: transmit
exceeded 4952 packets, 6813748 bytes; actions: drop
conformed 1502312 bps, exceed 56968 bps
Input police Interface Public_Wireless:
cir 10000000 bps, bc 312500 bytes
conformed 103702 packets, 26569368 bytes; actions: transmit
exceeded 1193 packets, 1561054 bytes; actions: drop
conformed 221728 bps, exceed 13048 bps
Here's my config,
! all wireless ip traffic
access-list PublicWireless extended permit ip 10.0.0.0 255.255.248.0 any
access-list PublicWireless extended permit ip any 10.0.0.0 255.255.248.0
class-map LimitPublicWireless
match access-list PublicWireless
policy-map SHAPE-PUBLIC-WIRELESS
class LimitPublicWireless
! 10Mbps limits
police output 10000000
police input 10000000
! What interface it is sourcing from
service-policy SHAPE-PUBLIC-WIRELESS interface Public_Wireless
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide