Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
3
Replies

Cisco ASA Bandwidth limiting issue

Mohammed Ashraf Ali
Level 1
Level 1

‎02-25-2014 01:14 AM - edited ‎03-11-2019 08:49 PM

Hi All,

We have 8 Mbps of bandwidth from one of our ISP,  terminated on a Router (gi 0/0), from that router port (gi 0/1) is connected to my Lan1 and another port (gi 0/0)  is connected to Cisco ASA (Lan2).

Management has decided to give 2Mbps(upload and download) limit to our Lan2 Network, out of that 8Mbps ILL, so to achive this, i did the following configuration in cisco ASA .

access-list rate-limit-acl extended permit ip any host x.x.x.63

access-list rate-limit-acl extended permit ip any host a.b.c.112

access-list rate-limit-acl extended permit ip host x.x.x.63 any

access-list rate-limit-acl extended permit ip host a.b.c.112 any

class-map rate-limit

match access-list rate-limit-acl

policy-map limit-policy

class rate-limit

police output 2000000 4000

police input 2000000 4000

service-policy limit-policy interface ouside

Dont understand , what went wrong and where , its not working , the specified hosts in the ACL  are enjoying the full bandwith (8 Mbps). Even i have tried applying the Service-policy to inside interface but no luck. 

Request all the experts for advice.

Regards,

Ashraf

Labels:
0 Helpful
3 Replies 3

Vasilii Mikhailovskii
Level 7
Level 7

‎02-25-2014 10:50 AM

Hello, Ashraf.

I guess you have applied policy on outside interface, however, ACL is configured with private IP-addresses.

PS: try to apply policy in the inside interface and provide show service-policy limit-policy

0 Helpful

Mohammed Ashraf Ali
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎02-25-2014 09:28 PM

Hello MikhailovskyVV ,

Thanks for the reply,

1. The ACL corresponds to the traffic flowing from inside (private ip) to outside (public ip) and vise versa .

in the ACL  "any" corresponds to inside hosts and "x.x.x.63" , a.b.c.112 are public ip's.

2. Following is the output of show service-policy limit-policy , after i applied the service-policy to inside interface.

ciscoasa# sh service-policy            

Interface inside:

  Service-policy: limit-policy

    Class-map: rate-limit

      Output police Interface inside:

        cir 2000000 bps, bc 4000 bytes

        conformed 4 packets, 260 bytes; actions:  transmit

        exceeded 0 packets, 0 bytes; actions:  drop

        conformed 0 bps, exceed 0 bps

      Input police Interface inside:

        cir 2000000 bps, bc 4000 bytes

        conformed 0 packets, 0 bytes; actions:  transmit

        exceeded 0 packets, 0 bytes; actions:  drop

        conformed 0 bps, exceed 0 bps

3. Do we need to create two saparate policy-map, per interface with  police input or  police output statement.

Regards,

Ashraf

0 Helpful

Mohammed Ashraf Ali
Level 1
Level 1
In response to Mohammed Ashraf Ali

‎02-26-2014 09:12 PM

Can somebody pls provide some input.

Regards,

Ashraf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card