For configuring Bandwidth Limiting Example ,
Devices used
1. Cisco ASA 5510 Version 8.2(5)
2.Cisco 3560 switch.
3. Laptop
Connection
Internet leased line (16Mbps) connected to E0/1 port of ASA and E0/0 connected to Switch 24th Port.
Total bandwidth is dived into 2 departments
1. Sales - 10Mbps (172.17.46.0/24)
2. HR - 6Mbps (172.17.47.0/24)
ASA Configuration
-------------------------
interface Ethernet0/0
nameif inside
security-level 100
ip address 172.17.1.1 255.255.255.0
!
interface Ethernet0/1
shutdown
nameif outside
security-level 0
ip address 8.1.5.8 255.255.255.248
!
access-list vlan46 extended permit ip 172.17.46.0 255.255.255.0 any
access-list vlan46 extended permit ip any 172.17.46.0 255.255.255.0
access-list vlan47 extended permit ip 172.17.47.0 255.255.255.0 any
access-list vlan47 extended permit ip any 172.17.47.0 255.255.255.0
global (outside) 1 interface
nat (inside) 1 172.17.1.0 255.255.255.0
nat (inside) 1 172.17.46.0 255.255.255.0
nat (inside) 1 172.17.47.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 78.100.54.185 1
route inside 172.17.46.0 255.255.255.0 172.17.1.1 1
route inside 172.17.47.0 255.255.255.0 172.17.1.1 1
class-map hr
match access-list vlan47
class-map sales
match access-list vlan46
policy-map bw
class hr
police output 6000000
police input 6000000
class sales
police output 10000000
police input 10000000
!
service-policy bw interface inside
3560 Switch
------------------
vlan 46
name Sales
!
vlan 47
name HR
interface GigabitEthernet0/1
switchport access vlan 46
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 47
switchport mode access
interface GigabitEthernet0/24
description connected to CiscoASA5510
!
interface Vlan1
ip address 172.17.1.2 255.255.255.0
!
interface Vlan46
ip address 172.17.46.1 255.255.255.0
!
interface Vlan47
ip address 172.17.47.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 172.17.1.1
!
Testing
ASA
#show service-policy police
u can connect laptop on 1 and 2 port of the switch for testing .and all the other ports are in vlan 1 so u will get full speed.
I am testing by connecting the laptop and try to access speedtest.net site , then we can see the difference.
Devices used
1. Cisco ASA 5510 Version 8.2(5)
2.Cisco 3560 switch.
3. Laptop
Connection
Internet leased line (16Mbps) connected to E0/1 port of ASA and E0/0 connected to Switch 24th Port.
Total bandwidth is dived into 2 departments
1. Sales - 10Mbps (172.17.46.0/24)
2. HR - 6Mbps (172.17.47.0/24)
ASA Configuration
-------------------------
interface Ethernet0/0
nameif inside
security-level 100
ip address 172.17.1.1 255.255.255.0
!
interface Ethernet0/1
shutdown
nameif outside
security-level 0
ip address 8.1.5.8 255.255.255.248
!
access-list vlan46 extended permit ip 172.17.46.0 255.255.255.0 any
access-list vlan46 extended permit ip any 172.17.46.0 255.255.255.0
access-list vlan47 extended permit ip 172.17.47.0 255.255.255.0 any
access-list vlan47 extended permit ip any 172.17.47.0 255.255.255.0
global (outside) 1 interface
nat (inside) 1 172.17.1.0 255.255.255.0
nat (inside) 1 172.17.46.0 255.255.255.0
nat (inside) 1 172.17.47.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 78.100.54.185 1
route inside 172.17.46.0 255.255.255.0 172.17.1.1 1
route inside 172.17.47.0 255.255.255.0 172.17.1.1 1
class-map hr
match access-list vlan47
class-map sales
match access-list vlan46
policy-map bw
class hr
police output 6000000
police input 6000000
class sales
police output 10000000
police input 10000000
!
service-policy bw interface inside
3560 Switch
------------------
vlan 46
name Sales
!
vlan 47
name HR
interface GigabitEthernet0/1
switchport access vlan 46
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 47
switchport mode access
interface GigabitEthernet0/24
description connected to CiscoASA5510
!
interface Vlan1
ip address 172.17.1.2 255.255.255.0
!
interface Vlan46
ip address 172.17.46.1 255.255.255.0
!
interface Vlan47
ip address 172.17.47.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 172.17.1.1
!
Testing
ASA
#show service-policy police
u can connect laptop on 1 and 2 port of the switch for testing .and all the other ports are in vlan 1 so u will get full speed.
I am testing by connecting the laptop and try to access speedtest.net site , then we can see the difference.
No comments:
Post a Comment