[nsp] Example code of how to "rate limit" a port on a 3550
Warren Kumari, PhD, CCIE#9190
warren at kumari.net
Thu Jul 1 16:29:00 EDT 2004
Well, yeah, but only on dscp 0 traffic. Traffic with other DSCP bits
wont get policed (and it seems that more and more virii and DoS are
setting DSCP). You will need to match all of hte DSCP bits for police
this way.
Warren
On Jul 1, 2004, at 3:57 PM, Jon Lewis wrote:
> On Thu, 1 Jul 2004, Matthew Crocker wrote:
>
>> This is what I use, works pretty well for me.
>> !
>> class-map match-all allip
>> match access-group 100
>> !
>> policy-map 2mbps
>> class allip
>> police 2000000 32000 exceed-action drop
>> !
>> int f0/1
>> service-policy input 1mbps
>> !
>> access-list 100 permit ip any any
>>
>> This only works to police packets as they enter the switch port. You
>> can't use 'match access-group' in a output service-policy on the 3550.
>
> If, in the class map, you match ip dscp 0, instead of an access-group,
> you
> can police in both directions.
>
> ----------------------------------------------------------------------
> Jon Lewis | I route
> Senior Network Engineer | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
--
Outside of a dog, a book is your best friend, and inside of a dog, it's
too dark to read
More information about the cisco-nsp
mailing list