Solved: Re: Rate limit the internet Bandwidth/Speed

mkdccie · ‎07-30-2012

Hello ,

In ASA 5510.

How I can limit the users in (VLAN 20) to use the internet with a limited Bandwidth/speed with 3 mbps upload and 5 mbps download?

In case the outside interface (Native vlan) which is connected to the ISP and have a bandwidth/speed of 30 mbps upload and 50 mbps download.

Thanks in advanced,

MKD

Ramraj Sivagnanam Sivajanam · ‎07-30-2012

Hi Bro

Yes, the policies or rules that you've permitted or deny currently will still take into effect. The ACL TEST is merely to restrict outbound and inbound network traffic from VLAN with the transfer rate, as per your requirements, based on source IP Address. Let me know what works and doesn't work?

Warm regards,
Ramraj Sivagnanam Sivajanam

View solution in original post

Ramraj Sivagnanam Sivajanam · ‎07-30-2012

Hi Bro

Can you try this out and let me know the outcome;

access-list TEST remark ### QOS Traffic Policing for VLAN20 ###

access-list TEST permit ip 172.16.100.0 255.255.255.0 any

class-map TEST

match access-list TEST

policy-map TEST

class TEST

police input 3000000

police output 3000000

service-policy TEST in interface outside

For further details on this, please do refer to https://supportforums.cisco.com/message/3692590#3692590

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

mkdccie · ‎07-30-2012

Thanks Ramraj.

1- This will keep the same police when the vlan 20 goes to internet with NAT (outside interface ip) ?

2- We do not have here the inbound traffic ACL, so how the inbound traffic will be policing?

Thanks

MKD

Ramraj Sivagnanam Sivajanam · ‎07-30-2012

Hi Bro

Yes, the policies or rules that you've permitted or deny currently will still take into effect. The ACL TEST is merely to restrict outbound and inbound network traffic from VLAN with the transfer rate, as per your requirements, based on source IP Address. Let me know what works and doesn't work?

Warm regards,
Ramraj Sivagnanam Sivajanam

Timothy Chan · ‎02-28-2013

This worked well for limiting download but doesn't seem to put a limit on the upload. Am I doing something wrong?

I was just using speedtest.net to verify my upload and download are 10 Mbps. The test result is 9.40 Mbps down and 17.22 Mbps upload. I've retested a few times with the same result.

If I remove the service policy I get 55-60 Mbps up and down so it seems like the upload limit is doing something.

I do get matched packets for input and output though,

Interface Public_Wireless:

Service-policy: SHAPE-PUBLIC-WIRELESS

Class-map: LimitPublicWireless

Output police Interface Public_Wireless:

cir 10000000 bps, bc 312500 bytes

conformed 160908 packets, 180033824 bytes; actions: transmit

exceeded 4952 packets, 6813748 bytes; actions: drop

conformed 1502312 bps, exceed 56968 bps

Input police Interface Public_Wireless:

cir 10000000 bps, bc 312500 bytes

conformed 103702 packets, 26569368 bytes; actions: transmit

exceeded 1193 packets, 1561054 bytes; actions: drop

conformed 221728 bps, exceed 13048 bps

Here's my config,

! all wireless ip traffic

access-list PublicWireless extended permit ip 10.0.0.0 255.255.248.0 any

access-list PublicWireless extended permit ip any 10.0.0.0 255.255.248.0

class-map LimitPublicWireless

match access-list PublicWireless

policy-map SHAPE-PUBLIC-WIRELESS

class LimitPublicWireless

! 10Mbps limits

police output 10000000

police input 10000000

! What interface it is sourcing from

service-policy SHAPE-PUBLIC-WIRELESS interface Public_Wireless