Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1160
Views
0
Helpful
0
Replies

ASA 5506-X police traffic

mar001
Level 1
Level 1

‎05-23-2020 01:10 AM - edited ‎05-23-2020 01:12 AM

Hi ,

I have an ASA 5506x and need to throttle down the download link (upload as well but later).

I have tried the QoS policing feature using both input/output and ASA does police but the link is unusable - pings keep dropping when I just open a website, cannot download anything, speedtest shows 10mbps but when I do it, everything stops for a few seconds.

I know policing is a hard way of doing QoS but should it be that bad? Am I missing anything obvious here? As I read, there is no shaping on this device...

With this config, it is usuable. I eve tried this: my link is 100Mbps, I policed it at 90Mbps - got the same result - unusable link dropping everything after loading a basic youtube clip, downloads drop etc. I tried both input/output on inside and outside interfaces - no matter how I combine or or just do one a the time - it is usable.

 

class-map inside_1-class1
 match any
policy-map inside_1-policy1
 class inside_1-class1
  police output 10000000 9999 conform-action transmit exceed-action drop
service-policy inside_1-policy1 interface inside_1



ciscoasa# show service-policy police

Interface inside_1:
  Service-policy: inside_1-policy1
    Class-map: inside_1-class1
      Output police Interface inside_1:
        cir 10000000 bps, bc 9999 bytes
        conformed 44897 packets, 49804767 bytes; actions:  transmit
        exceeded 7949 packets, 11391125 bytes; actions:  drop
        conformed 1173704 bps, exceed 308368 bps

 

 

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card