Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Limiting incoming bandwidth on a Cisco ASA5510

I have a Cisco ASA5510 with two Cisco Catalyst 3560G switches plugged into it. Then I have 2 Cisco1400 Aironet WAPs plugged into the switches.

My goal is to limit incoming bandwith for two specific vlans. So users who are plugged into the switch or connected to the wifi can't go bandwidth crazy.

The rule I currently have setup on the ASA5510 is limiting internal bandwidth, I know shame on me.

So how do I setup a rule on the ASA5510 that will limit users external traffic on vlans without limit internal lan traffic?

Everyone's tags (4)
5 REPLIES

Limiting incoming bandwidth on a Cisco ASA5510

It is simple. You can specify acl in class-map and deny to match all internal networks and match anything else.

New Member

Limiting incoming bandwidth on a Cisco ASA5510

Could you please show me an example of that.

Thanks for the help

Re: Limiting incoming bandwidth on a Cisco ASA5510

Something like this:

access-list CLASS_MAP_ACL extended deny ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0

access-list CLASS_MAP_ACL extended deny ip 10.0.0.0 255.0.0.0 172.16.0.0 255.240.0.0

access-list CLASS_MAP_ACL extended deny ip 10.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0

access-list CLASS_MAP_ACL extended deny ip 172.16.0.0 255.240.0.0 10.0.0.0 255.0.0.0

access-list CLASS_MAP_ACL extended deny ip 172.16.0.0 255.240.0.0 172.16.0.0 255.240.0.0

access-list CLASS_MAP_ACL extended deny ip 172.16.0.0 255.240.0.0 192.168.0.0 255.255.0.0

access-list CLASS_MAP_ACL extended deny ip 192.168.0.0 255.255.0.0 10.0.0.0 255.0.0.0

access-list CLASS_MAP_ACL extended deny ip 192.168.0.0 255.255.0.0 172.16.0.0 255.240.0.0

access-list CLASS_MAP_ACL extended deny ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0

access-list CLASS_MAP_ACL permit ip any any

class-map POLICE_CMAP

match access-list CLASS_MAP_ACL

policy-map POLICE_CMAP

class POLICE_CMAP

  police output 10000

  police input 10000

service-policy POLICE_CMAP interface

Please rate if it was helpful. "Correct answer" will be also helpful. Thank you.

Re: Limiting incoming bandwidth on a Cisco ASA5510

Is it was what you need?

New Member

Limiting incoming bandwidth on a Cisco ASA5510

Sorry for the late reply.

What you provided is the current rules I have but that still limits internal traffic.

840
Views
0
Helpful
5
Replies
CreatePlease to create content