Re: Per User Bandwidth Rate Limiting on an ASA v9.8

N3t W0rK3r · ‎09-24-2018

I am looking to understand if it is possible (and how) to implemented traffic policing on a per user (or per host) basis on a Cisco ASA 5525-X with FirePower Services running v9.8 software?

We can do this kind of thing on our wireless controllers, but I would like to do this at our Internet edge to prevent some users from monopolizing our pipe.

Thanks in advance.

John

balaji.bandi · ‎09-24-2018

just putting some sample configuration.(may be some syntax may change depends on version)

config t
!
access-list inet_1mb extended permit ip 10.10.10.0 255.255.255.0 any
!
class-map inet_limit
match access-list inet_1mb
!
policy-map throttle_inet
class inet_limit
!
police output 1000000 2000 conform-action transmit exceed-action drop <-- 1Mb Limit
police input 1000000 2000 conform-action transmit exceed-action drop <-- 1Mb Limit
!
service-policy throttle_inet interface inside

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

N3t W0rK3r · ‎09-25-2018

Thank you Balaji.

I believe your config just limits the aggregate bandwidth of ALL the hosts specified in the access-list to 1 Mbps. Or does it apply the 1 Mbps policy to EACH host in the range?

Please clarify.

Thanks.