Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1146
Views
10
Helpful
7
Replies

Bandwidth Allocation

ferdinandmucos
Level 1
Level 1

‎12-07-2016 09:58 PM - edited ‎03-05-2019 07:38 AM

I have an internal server that needs access from outside. When users are not in their work stations the server can be accessed from outside easily. But when users are all available, Because of bandwidth overload users from outside cant access the internal server. Out of my 20Mbps speed, I would like to allocate 2mb dedicated bandwidth to this server to avoid the issue of connection refuse especially when users are actively using the internet. How would i configure this on my cisco asa firewall which is my gateway and router? Thanks in advance for the assistance.

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎12-08-2016 12:13 AM

Hello,

the QoS options on the ASA are somewhat limited. Bandwidth reservation is as far as I know not possible, traffic policing is, but that is not what you want.

You could place all traffic to the server in the low latency queue, which is processed before the standard queue. That way, traffic to the server will always have priority.

The configuration would look like this:

ciscoasa(config)#access-list 100 extended permit ip any host 192.168.1.1
ciscoasa(config)#access-group 100 in interface outside
ciscoasa(config)#class-map SERVER_PRIORITY_CLASS
ciscoasa(config-cmap)#match access-list 100
ciscoasa(config-cmap)#policy-map SERVER__PRIORITY_POLICY
ciscoasa(config-pmap)#class SERVER_PRIORITY_CLASS
ciscoasa(config-pmap-c)#priority
ciscoasa(config-pmap-c)#end
ciscoasa#configure terminal
ciscoasa(config)#priority-queue outside
ciscoasa(config)#service-policy SERVER_PRIORITY_POLICY interface outside
ciscoasa(config)#end

ferdinandmucos
Level 1
Level 1
In response to Georg Pauwen

‎12-08-2016 12:59 AM

Thanks for the response gpauwen. In my interface i have a dmz. after firewall interface which is my gateway, the traffic hits my router again before it goes outside. do i need to do the same configs on my router too?

0 Helpful

Georg Pauwen
VIP
VIP
In response to ferdinandmucos

‎12-08-2016 01:58 AM

Hello,

yes, good idea to configure the policy on your router as well. You have more options here, instead of:

ciscoasa(config-pmap-c)#priority

you can actually use the bandwidth command"

Router(config-pmap-c)#bandwidth 2000000

Apply the service policy inbound and outbound.

0 Helpful

ferdinandmucos
Level 1
Level 1
In response to Georg Pauwen

‎12-08-2016 05:45 AM

On my router when I key in access-group it replies invalid input. what would be the problem?

0 Helpful

Georg Pauwen
VIP
VIP
In response to ferdinandmucos

‎12-08-2016 08:11 AM

Hello,

on your router (IOS) the configuration would look like this:

access-list 100 permit ip any host 192.168.1.1

class-map SERVER_PRIORITY
 match access-group 100

policy-map 2_MB_SERVER
 class SERVER_PRIORITY
  priority 2000

int s0/1
service-policy output 2_MB_SERVER

ferdinandmucos
Level 1
Level 1
In response to Georg Pauwen

‎12-08-2016 09:43 PM

Thanks a lot for your help. The solution helped me.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎12-09-2016 06:29 AM

BTW, the example policy won't "trigger" unless the physical interface congests.  Assuming your physical interface is more than 20 Mbps, you'll want a parent shaper.

e.g.

policy-map 20Mbps_Shape
class class-default
 shape average 20000000
 service-policy 2_MB_SERVER

int xxx
 service-policy output 20Mbps_Shape

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card