Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1580
  • Last Modified:

Limit bandwidth on a single PC with Cisco ASA

I try to test the QOS possibilities of the ASA5520 so i've throttle my IP but i didn't seem to slow down

And in the config i've put this

hostname(config)# access-list myPC permit tcp host 10.6.18.40 any
hostname(config)# class-map myPC
hostname(config-cmap)# match access-list PC
hostname(config)# policy-map restrict_PC
hostname(config-pmap)# class myPC
hostname(config-pmap-c)# police output 256000 20000

service-policy restrict_PC interface outside

Is there anything wrong in my syntax ?
0
cegepdematane
Asked:
cegepdematane
  • 3
  • 2
1 Solution
 
harbor235Commented:
How are you test throughput? you have defined 256K bps with max burst of 20K Bps.

Do the following;

show service-policy myPC, what do youo see? also look for ACL hits

-harbor235 ;}
0
 
cegepdemataneAuthor Commented:
sh service-policy interface outside

Interface outside:
  Service-policy: restrict_PC
    Class-map: myPC
      Output police Interface outside:
        cir 256000 bps, bc 20000 bytes
        conformed 0 packets, 0 bytes; actions:  transmit
        exceeded 0 packets, 0 bytes; actions:  drop
        conformed 0 bps, exceed 0 bps

0
 
Voltz-dkCommented:
At the very least you seem to have a typo - myPC vs PC:

hostname(config)# access-list myPC permit tcp host 10.6.18.40 any
hostname(config-cmap)# match access-list PC
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Voltz-dkCommented:
It's likely also an issue that you match again a 10 address on the outside interface.
0
 
cegepdemataneAuthor Commented:
Sorry it was a mistake there were no typo error in my config ..only here

you've right it should be applied on the inside interface ?
0
 
Voltz-dkCommented:
Ya, unless you have alot of public IPs or don't need the granularity.  For what I understand you want to do, it should be on the inside interface.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now