[cisco-nas] Problem with Commited Access rate limit
raz
raz at geo.net.pk
Sun Oct 12 23:00:00 EDT 2003
Hi there,
I am using Cisco As5300 with 120 ports MICA modem and 4 E1 interfaces.
as we are using it for an ISP, to avoid improper uploads generated from dialup users due to worms like blaster and welchia we have tried to stop this upload with CAR command though the command seems to be working but when we check an infected user its upload goes beyond 70 kbps which shouldnt happen if there is proper CAR command implementation.
I am pasting the CAR configuation in our AS5300.
interface Group-Async1
ip unnumbered FastEthernet0
ip access-group 100 in
ip access-group 100 out
no ip directed-broadcast
rate-limit input 8000 8000 9000 conform-action transmit exceed-action drop
rate-limit output 32000 8000 9000 conform-action transmit exceed-action drop
encapsulation ppp
ip tcp header-compression passive
async mode interactive
peer default ip address pool setup_pool
no fair-queue
ppp authentication pap
ppp multilink
group-range 1 120
according to this CAR configuration the upload shouldnt go higher then 9kbps but infact it goes more than 70kbps as you can see below its more then 9kbps
geonet-ds1#show in as 64
Async64 is up, line protocol is up
modem(slot/port)=2/3, state=CONNECTED
dsx1(slot/unit/channel)=0/0/4, status=VDEV_STATUS_ACTIVE_CALL.VDEV_STATUS_ALLOCATED.
Hardware is Async Serial
Interface is unnumbered. Using address of FastEthernet0
MTU 1500 bytes, BW 115 Kbit, DLY 100000 usec,
reliability 255/255, txload 2/255, rxload 126/255
Encapsulation PPP, loopback not set
Keepalive not set
DTR is pulsed for 5 seconds on reset
LCP Open, multilink Open
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 1w6d
Queueing strategy: fifo
Output queue 0/10, 9441 drops; input queue 3/10, 0 drops
5 minute input rate 57000 bits/sec, 75 packets/sec
5 minute output rate 1000 bits/sec, 2 packets/sec
3963840 packets input, 352277595 bytes, 0 no buffer
So i would like to know where i am making the mistake and why the CAR is not functioning as we want it to function.
would appreciate your help
Best regards
Raz
Geonet.
Pakistan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-nas/attachments/20031012/d9095e3a/attachment.htm
More information about the cisco-nas
mailing list