[cisco-nas] IP CEF Problem
Gert Doering
gert at greenie.muc.de
Sat Jan 24 06:31:33 EST 2004
Hi,
On Sat, Jan 24, 2004 at 07:28:05PM +0800, Rommel Y. Catabian wrote:
> As i read it, i need to enable "IP CEF" on the router (Cisco3660) which also
> double as a Remote Access Server, to make rate-limiting work. However,
> the problem is our dial-up connections become slower when I enable ip cef.
CEF is not required for rate-limiting.
> CISCO-3660-NAS2#sh version
> Cisco Internetwork Operating System Software
> IOS (tm) 3600 Software (C3660-IS-M), Version 12.2(2)T4, RELEASE SOFTWARE
> (fc3)
... but this is something you might want to upgrade anyway. It's "T", and
the number in brackets is way too low... there is at least one serious
security vulnerability in this IOS version, which entitles you to a free
upgrade.
> interface FastEthernet0/0
> description **UPLINK CONNECTION**
> ip address 203.190.xx.xx 255.255.255.252
> ip nat outside
> rate-limit input 2048000 4000 4000 conform-action transmit exceed-action drop
Why *input*?
You want to do traffic-shaping for *output*.
(Also, traffic-shaping is more gentle to the packets than rate-limiting).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nas
mailing list