[nsp] PLZZZZZZZZZ reply
Jared Mauch
jared at puck.nether.net
Fri Oct 24 08:51:32 EDT 2003
On Fri, Oct 24, 2003 at 05:45:34PM -0700, raz wrote:
> Hi there,
>
> I am using Cisco As5300 with 120 ports MICA modem and 4 E1 interfaces.
> as we are using it for an ISP, to avoid improper uploads generated from dialup users due to worms like blaster and welchia we have tried to stop this upload with CAR command though the command seems to be working but when we check an infected user its upload goes beyond 70 kbps which shouldnt happen if there is proper CAR command implementation.
> I am pasting the CAR configuation in our AS5300.
>
>
> interface Group-Async1
> ip unnumbered FastEthernet0
> ip access-group 100 in
> ip access-group 100 out
> no ip directed-broadcast
> rate-limit input 8000 8000 9000 conform-action transmit exceed-action drop
> rate-limit output 32000 8000 9000 conform-action transmit exceed-action drop
While the first argument to the rate-limit is in bits,
the other two arguments are bytes.
eg:
rtr1.anar.mi(config-if)#rate-limit input ?
<8000-2000000000> Bits per second
rtr1.anar.mi(config-if)#rate-limit input 8000 ?
<1000-512000000> Normal burst bytes
rtr1.anar.mi(config-if)#rate-limit input 8000 1000 ?
<2000-1024000000> Maximum burst bytes
You should adjust accordingly. This obviously poses a problem
on dialup links. You may not be able to police/rate-limit with
the granularity you expect. You may be better off rate-limiting on the
upstream interface all "worm-like" traffic as opposed to doing it on
the dialup side.
- Jared
More information about the cisco-nsp
mailing list