https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230109#M859429 <HTML><HEAD></HEAD><BODY><P>I would suggest to do a QOS or Rate-limit would be the easy way to get this done.</P><P></P><P>If this is a router or switch. If ASA you will have to do QOS.</P></BODY></HTML> Wed, 10 Jun 2009 09:31:18 GMT Pravin Phadte 2009-06-10T09:31:18Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230108#M859424 <P>Hi, I am wondering of how to setup the bandwidth limit on following V-LANS. We have 2 MBPS 1:1 lease line and the downloading speed comes max upto 180 to 200 KB.</P><P></P><P>1) NOC (192.168.12.0/24)</P><P>2) DEV (192.168.13.0/24)</P><P>3) QA (192.168.14.0/24)</P><P>4) Tech(192.168.15.0/24)</P><P></P><P>Now, Internet is on and when users downloading anything from any V-lans then it consumes higher bandwidth which could have resulted Network gets chowk and it affects buisness production activities. Now I want to setup a limited bandwidth for entire V-lan like assign only upto 30kb downloading for QA V-Lan and same for other except NOC V-LAN. Can anyone suggest is it possible as I know it can be done by QOS but I am not so much perfect in QOS commands so I would request to experts please expain briefly with commands, if possible.</P><P>Thanks</P><P></P><P>1)</P> Mon, 11 Mar 2019 15:40:53 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230108#M859424 ray_stone 2019-03-11T15:40:53Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230109#M859429 <HTML><HEAD></HEAD><BODY><P>I would suggest to do a QOS or Rate-limit would be the easy way to get this done.</P><P></P><P>If this is a router or switch. If ASA you will have to do QOS.</P></BODY></HTML> Wed, 10 Jun 2009 09:31:18 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230109#M859429 Pravin Phadte 2009-06-10T09:31:18Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230110#M859436 <HTML><HEAD></HEAD><BODY><P>With this config, QA VLAN will get only 30KB, but the usage of WAN link may be bigger, because you can only limit traffic when egress from ASA.</P><P></P><P></P><P>access-list traffic_QA extended permit ip any 192.168.14.0 255.255.255.255</P><P> </P><P>class-map traffic_QA</P><P> match access-list traffic_QA</P><P></P><P>policy-map limit_QA_out</P><P> class traffic_QA</P><P> police output 30000 60000</P><P></P><P>service-policy limit_QA_out interface VL_QA</P><P></P><P></P><P><BR /></P><P>Guido.</P><P><FONT color="blue">Please rate all the helpful comments.</FONT></P><P></P></BODY></HTML> Thu, 11 Jun 2009 11:50:50 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230110#M859436 BrinksArgentina 2009-06-11T11:50:50Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230111#M859440 <HTML><HEAD></HEAD><BODY><P>Hi, Thank you for your responses.</P><P></P><P>"but the usage of WAN link may be bigger, because you can only limit traffic when egress from ASA"</P><P></P><P>I didn't understand the meaning of above sentence. Can you pls expain it briefly.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 12 Jun 2009 06:13:20 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230111#M859440 ray_stone 2009-06-12T06:13:20Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230112#M859445 <HTML><HEAD></HEAD><BODY><P>QoS for inbound traffic</P><P></P><P>Ok, I review all and make some testing and finally found how this must be done.</P><P>Yes, you CAN throttle down inbound traffic.</P><P>The only consideration is that you must specify the outside address, so you must create a different pool for each VLAN.</P><P></P><P></P><P><CODE></CODE></P><P>global (outside) 1 200.1.1.2</P><P>global (outside) 2 200.1.1.3</P><P></P><P>nat (NOC) 1 192.168.12.0 255.255.255.0</P><P>nat (QA) 2 192.168.14.0 255.255.255.0</P><P></P><P></P><P>access-list traffic_wwwNOC extended permit ip any host 200.1.1.2</P><P>access-list traffic_wwwQA extended permit ip any host 200.1.1.2</P><P> </P><P>class-map class_wwwNOC</P><P> match access-list traffic_wwwNOC</P><P></P><P>class-map class_wwwQA</P><P> match access-list traffic_wwwQA</P><P></P><P>policy-map limit_outside</P><P> class class_wwwNOC</P><P> police input 1500000 60000</P><P></P><P> class class_wwwQA</P><P> police input 300000 30000</P><P></P><P>service-policy limit_outside interface outside</P><P></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/qos.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/qos.html</A></P><P><BR /></P><P>Guido.</P><P><FONT color="blue">Please rate all the helpful comments.</FONT></P><P></P></BODY></HTML> Fri, 12 Jun 2009 13:18:13 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230112#M859445 BrinksArgentina 2009-06-12T13:18:13Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230113#M859450 <HTML><HEAD></HEAD><BODY><P>Hi, If I am using below commands in my configuration:</P><P></P><P>global (outside) 1 interface outside</P><P>global (outside) 2 interface outside</P><P></P><P>What commands needs to be changed???</P><P>Pls explain.</P></BODY></HTML> Sat, 13 Jun 2009 06:32:35 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230113#M859450 ray_stone 2009-06-13T06:32:35Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230114#M859454 <HTML><HEAD></HEAD><BODY><P>You need a public address for each VLAN with a different policy shaping.</P><P>For instance, if your outside ip address is 200.1.1.2 255.255.255.248, you can use:</P><P><CODE></CODE></P><P>global (outside) 1 interface outside</P><P>global (outside) 2 200.1.1.3</P><P></P><P>access-list traffic_wwwNOC extended permit ip any host 200.1.1.2 </P><P>access-list traffic_wwwQA extended permit ip any host <B>200.1.1.3</B></P><P></P><P></P><P>You can use for the global pool, an address curently used for PAT. For example if you have something like that:</P><P><CODE>static (inside,outside) tcp 200.1.1.3 80 192.168.12.20 80 netmask 255.255.255.255 </CODE></P><P> ... this is not a problem.</P><P></P><P>Witch is the netmask of your public address?</P><P></P><P></P><P><FONT color="green">Please note that I made a mistake in the acl of the previus post. Each acl must point to the correspondig public address of the global pool.</FONT></P><P><BR /></P><P>Guido.</P><P><FONT color="blue">Please rate all the helpful comments.</FONT></P></BODY></HTML> Sat, 13 Jun 2009 21:06:15 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230114#M859454 BrinksArgentina 2009-06-13T21:06:15Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230115#M859457 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>We have 2mbps link and 4 vlans are placed on ASA FW.</P><P></P><P>1) NOC 192.168.12.0</P><P>2) QA 192.168.15.0</P><P>3) Tech 192.168.21.0</P><P>4) DEV 192.168.14.0</P><P></P><P>Now I want to set the download speed 30 kb for entire V-LAN. I want to allow 150 KB bandwith for QA V-lan for STS DC Tunnel. I want to allow 150 KB Bandwidth for Techsol V-LAN for 192.168.59.109 host which is placed Sterling STS Tunnel.</P><P>Pls. explain the commands. Thnaks</P></BODY></HTML> Thu, 06 Aug 2009 12:04:03 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230115#M859457 ray_stone 2009-08-06T12:04:03Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230116#M859459 <HTML><HEAD></HEAD><BODY><P>Pls. advice!</P></BODY></HTML> Fri, 07 Aug 2009 05:00:04 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230116#M859459 ray_stone 2009-08-07T05:00:04Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230117#M859462 <HTML><HEAD></HEAD><BODY><P>How many public IP addresses do you have?</P><P></P><P>You need a /28 at least. One public IP for each global nat pool.</P><P></P><P>Guido</P></BODY></HTML> Fri, 07 Aug 2009 11:13:51 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230117#M859462 BrinksArgentina 2009-08-07T11:13:51Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230118#M859465 <HTML><HEAD></HEAD><BODY><P>Yes, we have 16 public IP</P></BODY></HTML> Fri, 07 Aug 2009 15:04:18 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230118#M859465 ray_stone 2009-08-07T15:04:18Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230119#M859467 <HTML><HEAD></HEAD><BODY><P>??</P></BODY></HTML> Sat, 08 Aug 2009 04:40:16 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230119#M859467 ray_stone 2009-08-08T04:40:16Z https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230120#M859468 <HTML><HEAD></HEAD><BODY><P>Do you have tested the previously posted commands?</P><P></P><P>(replace 200.1.1.x with you public address)</P><P><CODE></CODE></P><P>global (outside) 1 <FONT color="green">200.1.1.2</FONT></P><P>global (outside) 2 <FONT color="green">200.1.1.3</FONT></P><P></P><P>nat (NOC) 1 192.168.12.0 255.255.255.0 </P><P>nat (QA) 2 192.168.14.0 255.255.255.0 </P><P></P><P></P><P>access-list traffic_wwwNOC extended permit ip any host <FONT color="green">200.1.1.2</FONT> </P><P>access-list traffic_wwwQA extended permit ip any host <FONT color="green">200.1.1.3</FONT></P><P></P><P><FONT color="blue">!identify traffic:</FONT></P><P>class-map class_wwwNOC </P><P>match access-list traffic_wwwNOC </P><P></P><P>class-map class_wwwQA </P><P>match access-list traffic_wwwQA </P><P></P><P><FONT color="blue">!apply different shaping to each class of traffic:</FONT></P><P>policy-map limit_outside </P><P>class class_wwwNOC </P><P>police input 1500000 60000 </P><P></P><P>class class_wwwQA </P><P>police input 300000 30000 </P><P></P><P><FONT color="blue">!enable service-policy on the interface:</FONT></P><P>service-policy limit_outside interface outside </P><P></P></BODY></HTML> Sun, 09 Aug 2009 23:13:45 GMT https://community.cisco.com/t5/network-security/setup-bandwidth-limit-on-v-lans/m-p/1230120#M859468 BrinksArgentina 2009-08-09T23:13:45Z