Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Throttling Individual User Bandwidth

Hello -

I just ran into an instance where a single user on a network completely maxxed out a 100Mbps Internet connection for 30 minutes downloading. I'd like to create a policy on the Cisco ASA that throttles bandwidth per user. In a nutshell, I would like the policy to say, "there's no one user on this network who can use more than 25 Mbps."

Does anyone know the way to do this? I don't want to throttle the whole subnet with a policing policy (all users on the network share 25 Mbps) or any one IP address.

Seems simple, but I just can't think of the solution - penny for your thoughts!

Jeremy

3 REPLIES

Throttling Individual User Bandwidth

Hello Jeremy,

As you said sounds easy but I would say is kind of messy (I have not done it in the past)

But lets talk about the options

One that will not work

Cause if you use something like

class-map test

match any

policy-map global-policy

class test

police output 25000

any kind of traffic (I mean if there are 2 connections across the firewall) will be policed at that level which is not what you are looking for!

Second option (This is the best I could think at the moment lol)

Maybe like this (Let's say internal network is 192.168.10.0/24)

access-list test permit ip host 192.168.10.1 any

access-list test permit ip host 192.168.10.2 any

access-list test permit ip host 192.168.10.3 any

And keeps going...

Then

class-map test

match access-list test

policy-map global-policy

class test

police output 250000

That would match each of the ACL lines and then filter it properly, what do you think?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Throttling Individual User Bandwidth

I had thought about doing it that way...which is what prompted this post - a 255 item access-list simply to define per-user bandwidht limits? There's got to be a better way...

...right?

If not, how do ya'll prevent a single user from jeopordizing the Internet connection by downloading gobs of data?

Jeremy

Throttling Individual User Bandwidth

Hello Jeremy,

I do agree on the fact that this could be really problematic ( I mean it could be boring and we could be making our ASA's running configuration really big) but as you want to do it to all of the host but PER host I don't see any other way to match this traffic.

Do you?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
216
Views
0
Helpful
3
Replies