Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1582
  • Last Modified:

Limit bandwidth on a single PC with Cisco ASA

I try to test the QOS possibilities of the ASA5520 so i've throttle my IP but i didn't seem to slow down

And in the config i've put this

hostname(config)# access-list myPC permit tcp host 10.6.18.40 any
hostname(config)# class-map myPC
hostname(config-cmap)# match access-list PC
hostname(config)# policy-map restrict_PC
hostname(config-pmap)# class myPC
hostname(config-pmap-c)# police output 256000 20000

service-policy restrict_PC interface outside

Is there anything wrong in my syntax ?
0
cegepdematane
Asked:
cegepdematane
  • 3
  • 2
1 Solution
 
harbor235Commented:
How are you test throughput? you have defined 256K bps with max burst of 20K Bps.

Do the following;

show service-policy myPC, what do youo see? also look for ACL hits

-harbor235 ;}
0
 
cegepdemataneAuthor Commented:
sh service-policy interface outside

Interface outside:
  Service-policy: restrict_PC
    Class-map: myPC
      Output police Interface outside:
        cir 256000 bps, bc 20000 bytes
        conformed 0 packets, 0 bytes; actions:  transmit
        exceeded 0 packets, 0 bytes; actions:  drop
        conformed 0 bps, exceed 0 bps

0
 
Voltz-dkCommented:
At the very least you seem to have a typo - myPC vs PC:

hostname(config)# access-list myPC permit tcp host 10.6.18.40 any
hostname(config-cmap)# match access-list PC
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
Voltz-dkCommented:
It's likely also an issue that you match again a 10 address on the outside interface.
0
 
cegepdemataneAuthor Commented:
Sorry it was a mistake there were no typo error in my config ..only here

you've right it should be applied on the inside interface ?
0
 
Voltz-dkCommented:
Ya, unless you have alot of public IPs or don't need the granularity.  For what I understand you want to do, it should be on the inside interface.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now