ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
914
Views
0
Helpful
5
Replies
Highlighted
Beginner

Limiting incoming bandwidth on a Cisco ASA5510

I have a Cisco ASA5510 with two Cisco Catalyst 3560G switches plugged into it. Then I have 2 Cisco1400 Aironet WAPs plugged into the switches.

My goal is to limit incoming bandwith for two specific vlans. So users who are plugged into the switch or connected to the wifi can't go bandwidth crazy.

The rule I currently have setup on the ASA5510 is limiting internal bandwidth, I know shame on me.

So how do I setup a rule on the ASA5510 that will limit users external traffic on vlans without limit internal lan traffic?

Everyone's tags (4)
5 REPLIES 5
Highlighted
Rising star

Limiting incoming bandwidth on a Cisco ASA5510

It is simple. You can specify acl in class-map and deny to match all internal networks and match anything else.

Highlighted
Beginner

Limiting incoming bandwidth on a Cisco ASA5510

Could you please show me an example of that.

Thanks for the help

Highlighted
Rising star

Re: Limiting incoming bandwidth on a Cisco ASA5510

Something like this:

access-list CLASS_MAP_ACL extended deny ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0

access-list CLASS_MAP_ACL extended deny ip 10.0.0.0 255.0.0.0 172.16.0.0 255.240.0.0

access-list CLASS_MAP_ACL extended deny ip 10.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0

access-list CLASS_MAP_ACL extended deny ip 172.16.0.0 255.240.0.0 10.0.0.0 255.0.0.0

access-list CLASS_MAP_ACL extended deny ip 172.16.0.0 255.240.0.0 172.16.0.0 255.240.0.0

access-list CLASS_MAP_ACL extended deny ip 172.16.0.0 255.240.0.0 192.168.0.0 255.255.0.0

access-list CLASS_MAP_ACL extended deny ip 192.168.0.0 255.255.0.0 10.0.0.0 255.0.0.0

access-list CLASS_MAP_ACL extended deny ip 192.168.0.0 255.255.0.0 172.16.0.0 255.240.0.0

access-list CLASS_MAP_ACL extended deny ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0

access-list CLASS_MAP_ACL permit ip any any

class-map POLICE_CMAP

match access-list CLASS_MAP_ACL

policy-map POLICE_CMAP

class POLICE_CMAP

  police output 10000

  police input 10000

service-policy POLICE_CMAP interface

Please rate if it was helpful. "Correct answer" will be also helpful. Thank you.

Highlighted
Rising star

Re: Limiting incoming bandwidth on a Cisco ASA5510

Is it was what you need?

Highlighted
Beginner

Limiting incoming bandwidth on a Cisco ASA5510

Sorry for the late reply.

What you provided is the current rules I have but that still limits internal traffic.