[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4843
  • Last Modified:

How to limit bandwidth using ASA 5505 and Catalyst 3500XL per PC?

I have a Catalyst 3500xl and an ASA 5505 and I would like to be able to throttle bandwidth on a per PC basis.  How can this be accomplished with these if that's even possible?
Catalyst = WS-C3524-XL, ver 12.0(5)WC5

The cable connection runs through the ASA 5505 and then to the 3500XL where all the PC's are connected.  The ASA 5505 is running DHCP.

This is my first question, so please go easy.  I will provide any more information that you need.
0
tulsais
Asked:
tulsais
  • 4
  • 3
  • 2
1 Solution
 
Darkstriker69Commented:
For your first question it is no slouch.

I'm sure there is a much easier way to do this with your switch using QOS, but alas I am a firewall guy so I will tell you how you might do it with your ASA.

- Open your ASDM (I am assuming you have ASDM vs 5.x)
- Click "configuration"
- Click "security policy"
- Change the radial from "Access Rules"  to "Service Policy Rules" (you should currently have none listed)
- Click the green plus to add a new rule
- Change the interface to "inside" and give the rule a name that coresponds to the IP address you will be limiting the bandwidth of
- click next and choose "Source and Destination IP address (Uses ACL)" and click next
- Set the source IP address to the desired IP address and the subnet mask to 255.255.255.255
- Set the destination interface to "outside" and leave the 0s
- click next and click the "QOS" tab at the top
- check the "Police Output" checkbox and set your desired bandwith limit
- click "finish"

hopefully this is somewhat like what you are looking for, it will only limit bandwith out to the internet so if you want to limit internal bandwith you will need to somehow do it with the swich. Also it is based on IP address so you might have to set DHCP reservations. Im sure you can do QOS based on what port the PC is using on the switch so that might be a better solution.

Good Luck,

Darkstriker69
0
 
lrmooreCommented:
Neither of these two devices is designed for this service. Certainly not the layer 2 only 3500XL switch. It has no capacity to do any bandwidth policing. Switches are designed to pass traffic as fast as possible. Newer switches can use QoS policies to police certain traffic types, but not by end user.
The ASA has some rudimentary policing capability, but don't think it will do what you want.
The real question is why you think you need to do this and what other steps you can take to resolve the issue. This is usually an end user people problem that does not always require a technology solution.
0
 
Darkstriker69Commented:
After some research I see lrmoore is right about the capabilities of your switch. Based on this web site.

http://www.cisco.com/warp/public/473/139.html

I found this faq:

Q. Do the Catalyst 2900 XL and 3500 XL series switches support rate-limiting or policing on ports or VLANs?

A. Catalyst 2900 XL and 3500 XL series switches do not provide rate-limiting or policing features. The bandwidth interface command is not related to QoS. It is an unsupported command on these switches.


0
Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

 
lrmooreCommented:
Version 8.0 on the ASA gives you more features to rate limit by IP address using service policies, but you can only apply one policy per interface and that might limit the usefulness of it.

0
 
tulsaisAuthor Commented:
It sounds like I will not be able to accomplish what I need to do without purchasing more equipment.  We house all our servers offsite and use the ASA to create a VPN tunnel to our data center allowing us to access our exchange, etc.  When one of our developers or creative guys uploads a large file to an FTP or sends a large email, it hoses the connection for everyone else.  My intention was to limit certain users' upload so this problem would not occur.
0
 
Darkstriker69Commented:
Why not create a service policy that would limit the bandwidth of all users sending information from your local network range to the remote network range?
0
 
tulsaisAuthor Commented:
I thought of that, but I need full range because I have to manage the servers at our remote locations.  I'm also help desk for a client which means I have to login the remote PC's at times.
0
 
Darkstriker69Commented:
Or a service policy that limits the bandwidth of traffic using port 25?
0
 
tulsaisAuthor Commented:
I will try that when I get to work in the AM.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now