Today I had a task for limiting bandwidth for a client behind my Cisco ASA.
This place has 100Mbit/s connection and I want to throttle one of my client to 97 Mbits
For this task we need to create ip access list first.
source address is 10.128.2.10 to any host
access-list limit_client extended permit ip host 10.128.2.10 any
create a class map
class-map inside-class
match access-list limit_client
creating our policy map
I am not really good at math :) so i used this web site for bit calculation
http://edoceo.com/utilitas/bandwidth-calculator?f=&cmd=Calculate
policy-map inside-policy
description bandwidth limit for Disk-Array
class inside-class
police input 101711500 50852
police output 101711500 50852
Then, Apply our service policy to inside interface.
service-policy inside-policy interface inside
Here, I limit input and output speed to 97Mbits and i used 50Kbits burst size for short amount time.
Default action is if you pass 97Mbit+50Kbits, ASA will drop your other packets.
Thanks
No comments:
Post a Comment