Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
979
Views
0
Helpful
2
Replies

Help - ASA 5525

ron.pickar
Level 1
Level 1

‎04-18-2016 11:01 AM - edited ‎03-12-2019 12:37 AM

Hello,

I'm setting up rate limiting on an ASA with the police command.  I can't seem to find if this is a  per host basis or if my entire group will be limited to the set threshold.  If I use an ACL to include RFC 1918 and permit the rate limit on the inside interface outbound and set police to 10000000 will that include the entire object group or will that be on a per ip basis within the range?

My goal is to limit on a per user or IP basis to 10Mb.

 object-group network RATE_LIMIT_PERMIT

   group-object RFC_1918

access-list RATE_LIMIT_INTERNET_TRAFFIC extended permit ip object-group RATE_LIMIT_PERMIT any

 

class-map RATE_LIMIT_INET

match access-list RATE_LIMIT_INTERNET_TRAFFIC

 

policy-map RATE_LIMIT_INET_POLICY

class RATE_LIMIT_INET

police output 10000000 1875000

 

service-policy RATE_LIMIT_INET_POLICY interface inside

Thanks in advance,

Ron

Labels:
0 Helpful
2 Replies 2

Tagir Temirgaliyev
Spotlight
Spotlight

‎04-18-2016 06:32 PM

if you want per user limitation so you must make ACL for each user and class-map for each user

0 Helpful

ron.pickar
Level 1
Level 1
In response to Tagir Temirgaliyev

‎04-19-2016 06:13 AM

That was my fear.  That will be too much overhead to create. Is there a better option to limit on a per user basis within the ASA?

Thanks,

Ron

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card