[c-nsp] access list Q
Tim Franklin
tim at colt.net
Wed Feb 16 08:35:53 EST 2005
Hi Noel,
> Wanting to rate limit traffic on a port, lets say 25, in and out...
Remember that traffic isn't "on" a port - it's from one port, to another
port. They might be the same port number for certain packets, but there's
still a distinct source and destination port.
> I was of the belief that it's like, <from> <to> <port>, so
>
> access-list 119 permit tcp any any eq 25
This matches any source address, any source port, any destination address,
destination port 25.
> applied to an interface with in and out would catch, but I
> then applied to same access list
>
> access-list 119 permit tcp any eq 25 any
This matches any source address, source port 25, any destination address,
any destination port.
Which one you want, and which direction you need to apply the ACL in, will
depend on *exactly* what traffic you're trying to match, and where.
Regards,
Tim.
--
____________ Tim Franklin e: tim at colt.net
\C/\O/\L/\T/ Product Engineering Manager w: www.colt.net
V V V V Managed Data Services t: +44 20 7863 5714
f: +44 20 7863 5876
More information about the cisco-nsp
mailing list