To perform this we will utilize a service policy - the example below only limits download speed (not upload speed) - since the latter is not usually contested.
Define an access list to match the traffic we wish to throttle (including subnets we do not wish to e.g. internal ones):
access-list rate-limit-acl extended deny ip 10.50.0.0 255.255.0.0 10.100.0.0 255.255.0.0
access-list rate-limit-acl extended permit ip any 10.100.0.0 255.255.0.0
Create a class-map to classify the traffic:
class-map throttle_classmap
match access-list rate-limit-acl
exit
Define a policy map to setup qos (this will limit bandwidth to 2 megabits and allow a burst speed of 16000 bits) :
policy-map throttle_policymap
class throttle_classmap
police output 2000000 16000
police input 2000000 16000
exit
exit
and finally create a service policy apply it to your inside interface:
service-policy throttle_policymap interface inside
0 comments:
Post a Comment