ASA5510限速实例

 最终结果：

BJG-ASA5510# sh service-policy interface LAN0

Interface LAN0:

  Service-policy: rate_limit_1

    Class-map: rate_limit_1

      Input police Interface LAN0:

        cir 819000 bps, bc 153600 bytes

        conformed 44986 packets, 3507805 bytes; actions:  transmit

        exceeded 0 packets, 0 bytes; actions:  drop

        conformed 2784 bps, exceed 0 bps

      Output police Interface LAN0:

        cir 819000 bps, bc 153600 bytes

        conformed 51857 packets, 48905064 bytes; actions:  transmit

        exceeded 10297 packets, 14647377 bytes; actions:  drop

        conformed 38288 bps, exceed 11824 bps

BJG-ASA5510#

 

1、  首先确定要限速的IP：

BJG-ASA5510# sh run object-group network | begin rate_limit_1

object-group network rate_limit_1

network-object host 10.1.2.253

BJG-ASA5510#

 

2、  创建ACL，把限速分组加入其中：

BJG-ASA5510# sh run access-list rate_limit_1

access-list rate_limit_1 extended permit ip object-group rate_limit_1 any

access-list rate_limit_1 extended permit ip any object-group rate_limit_1

BJG-ASA5510#

 

3、  创建类图：

BJG-ASA5510# sh run class-map rate_limit_1

!

class-map rate_limit_1

 match access-list rate_limit_1

!

BJG-ASA5510#

 

4、  制定限速策略：

BJG-ASA5510# sh run policy-map  rate_limit_1

!

policy-map rate_limit_1

description Limit rate to 100-150KB

class rate_limit_1

  police input 819000 153600   //第一个数值单位为bit，第二个数值单位为Byte。

  police output 819000 153600

!

BJG-ASA5510#

 

5、  把策略应用到接口上：

BJG-ASA5510(config)# service-policy rate_limit_1 interface LAN0