Hello,

i want to limit download bandwidth from my host 192.168.10.17 to any destination to 1Mbps.

I configured the following policy-service:

access-list MONITOR extended permit ip host 192.168.10.17 any

class-map MONITOR
match access-list MONITOR

policy-map MONITOR
class MONITOR
police output 100000 <- I used a 100Kbps just to test the configuration
police input 100000

service-policy global_policy global
service-policy MONITOR interface outside
service-policy MONITOR interface inside

I can see the following result:

Interface outside:
Service-policy: MONITOR
Class-map: MONITOR
Output police Interface outside:
cir 100000 bps, bc 3125 bytes
conformed 40489 packets, 3064540 bytes; actions: transmit
exceeded 34535 packets, 1908038 bytes; actions: drop
conformed 17384 bps, exceed 8 bps
Input police Interface outside:
cir 100000 bps, bc 3125 bytes
conformed 0 packets, 0 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps

Interface inside:
Service-policy: MONITOR
Class-map: MONITOR
Output police Interface inside:
cir 100000 bps, bc 3125 bytes
conformed 0 packets, 0 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps
Input police Interface inside:
cir 100000 bps, bc 3125 bytes
conformed 5909 packets, 355435 bytes; actions: transmit
exceeded 5664 packets, 308188 bytes; actions: drop
conformed 2160 bps, exceed 0 bps

It seems to work but watching at my network SNMP monitor (to my internet gateway)  as soon as I start downloading a big file the bandwidth consumption is immediately 20Mbps. Stopping the download the bandwidth values return to normal values.

What do I have wrong?

thanks

Johnny