Showing results for 
Search instead for 
Did you mean: 


ASA 5506-X police traffic

Hi ,

I have an ASA 5506x and need to throttle down the download link (upload as well but later).

I have tried the QoS policing feature using both input/output and ASA does police but the link is unusable - pings keep dropping when I just open a website, cannot download anything, speedtest shows 10mbps but when I do it, everything stops for a few seconds.

I know policing is a hard way of doing QoS but should it be that bad? Am I missing anything obvious here? As I read, there is no shaping on this device...

With this config, it is usuable. I eve tried this: my link is 100Mbps, I policed it at 90Mbps - got the same result - unusable link dropping everything after loading a basic youtube clip, downloads drop etc. I tried both input/output on inside and outside interfaces - no matter how I combine or or just do one a the time - it is usable.


class-map inside_1-class1
 match any
policy-map inside_1-policy1
 class inside_1-class1
  police output 10000000 9999 conform-action transmit exceed-action drop
service-policy inside_1-policy1 interface inside_1

ciscoasa# show service-policy police

Interface inside_1:
  Service-policy: inside_1-policy1
    Class-map: inside_1-class1
      Output police Interface inside_1:
        cir 10000000 bps, bc 9999 bytes
        conformed 44897 packets, 49804767 bytes; actions:  transmit
        exceeded 7949 packets, 11391125 bytes; actions:  drop
        conformed 1173704 bps, exceed 308368 bps