Friday, 6 February 2015

ASA 5505: Rate Limiting

Create ACL to define IP's to be throttled;

  • access-list ACL-THROTTLE extended permit ip host any
  • access-list ACL-THROTTLE extended permit ip any host

Create a class map and match the IP's from the ACL;

  • class-map CM-THROTTLE
  • match access-list ACL-THROTTLE

Create a policy map and match the class map. Use the police output/input commands to restrict bandwidth

  • policy-map PM-THROTTLE
  • class CM-THROTTLE
  • police output 1000000 2000
  • police input 1000000 2000

 show running-config all policy-map;

Set the policy map to an interface

  • service-policy PM-THROTTLE interface inside



No comments:

Post a Comment