Solved: prevent users from hogging bandwidth

TECH-JEFF · ‎11-16-2016

Hi, we have a Cisco ASA5520 as our Firewall, lately a lot of users are having some downloads, video stream, etc. Though we can see under monitoring which IP address is hogging the bandwidth, my question is, I know that only web filters are able to block sites with streaming, etc...

Is there a bandwidth limitation which Cisco ASA can do to that specific port or IP?

Thanks

Jeff

Jefferson Co

Karsten Iwen · ‎11-17-2016

On the ASA you can configure MPF, where you describe traffic in a class-map based on address and port. These classes are referenced in a policy-map where you can police the traffic. That means that all traffic above the given policing-rate is dropped.

All in all, this will be a nightmare to configure. Given that the ASA 5520 is approaching EOL, it's time to look for a replacement. The Cisco Meraki MX appliances are really powerful when it comes to traffic control like you want to do it.

View solution in original post

Karsten Iwen · ‎11-17-2016

On the ASA you can configure MPF, where you describe traffic in a class-map based on address and port. These classes are referenced in a policy-map where you can police the traffic. That means that all traffic above the given policing-rate is dropped.

All in all, this will be a nightmare to configure. Given that the ASA 5520 is approaching EOL, it's time to look for a replacement. The Cisco Meraki MX appliances are really powerful when it comes to traffic control like you want to do it.

TECH-JEFF · ‎11-17-2016

I see, luckily we're on the part where we thought of migrating to a NGFW.

Thanks though for the input.

Jeff

Jefferson Co