04-13-2010 09:30 AM - edited 03-11-2019 10:32 AM
We have an interface on a ASA5520 connected to the internet. On one of the other interfaces we have the wireless gateway configured for guests to access the internet when needed. Now employees are using their personal laptops to take advantage of unregulated internet access which has on several occasions saturated the access to the internet to a standstill. Is there a way to limit the through put by a percentage of the main internet interface or some way to limit their speed? We only have a 10mg internet pipe.
04-13-2010 03:42 PM
You can police the wireless users traffic based on ip address as explained here
https://supportforums.cisco.com/docs/DOC-1230#Traffic_Policing_with_Prioritization
They will still be contending but they will be contending between each other about the bandwidth you have given them and they will not oversubscribe your wired users if you give them less than 10Mbps.
You cannot limit bandwidth per user though, you can limit connections per user using Modular Policy Framework, but not actual speed.
I hope it helps.
PK
04-14-2010 09:46 AM
I guess i need to spend some time on MPF. I have the service policy: global policy but can i add other policy maps without interfering the global policy? And could this policy be set on the wireless interface?
04-14-2010 10:04 AM
Yes you can apply a policy on a per interface basis
ASA(config)# access list CONNS-ACL extended permit ip any 10.1.1.1 255.255.255.255
ASA(config)# class-map CONNS-MAP
ASA(config-cmap)# match access-list CONNS-ACL
ASA(config)# policy-map CONNS-POLICY
ASA(config-pmap)# class CONNS-MAP
ASA(config-pmap-c)# set connection {[conn-max n] [embryonic-conn-max n] [per-client-embryonic-max n] [per-client-max n] [random-sequence-number {enable | disable}]}
ASA(config)# service-policy CONNS-POLICY {global | interface interface_name}
Note that you are limiting the connection number not the actual bandwidth with the "per-client-max" option.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide