09-24-2018 01:45 PM - edited 02-21-2020 08:16 AM
I am looking to understand if it is possible (and how) to implemented traffic policing on a per user (or per host) basis on a Cisco ASA 5525-X with FirePower Services running v9.8 software?
We can do this kind of thing on our wireless controllers, but I would like to do this at our Internet edge to prevent some users from monopolizing our pipe.
Thanks in advance.
John
09-24-2018 01:58 PM
just putting some sample configuration.(may be some syntax may change depends on version)
config t
!
access-list inet_1mb extended permit ip 10.10.10.0 255.255.255.0 any
!
class-map inet_limit
match access-list inet_1mb
!
policy-map throttle_inet
class inet_limit
!
police output 1000000 2000 conform-action transmit exceed-action drop <-- 1Mb Limit
police input 1000000 2000 conform-action transmit exceed-action drop <-- 1Mb Limit
!
service-policy throttle_inet interface inside
09-25-2018 11:20 AM
Thank you Balaji.
I believe your config just limits the aggregate bandwidth of ALL the hosts specified in the access-list to 1 Mbps. Or does it apply the 1 Mbps policy to EACH host in the range?
Please clarify.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide