[c-nsp] TCP port rate limit in VLAN interface on Sup720
Lee Starnes
lee.t.starnes at gmail.com
Tue Feb 21 16:02:04 EST 2012
Hi Everyone,
I did a few searches of the archives and was not able to find an answer to
what I'm trying to do. What we are trying to do is put a rate limit on
certain TCP ports for traffic on customer VLANs. I have put into place a
policy map that does not seem to be working. We are limiting both
directions. Below is what I have. Does anyone have any ideas why this would
not work? Is there a different way of handling this?
class-map match-any SMTP-Limit
match access-group name SMTP
!
!
policy-map SMTP-Limit
class SMTP-Limit
police 32000 1000 conform-action transmit exceed-action drop
violate-action drop
class class-default
!
!
!
interface Vlan555
desc CUSTOMER X
ip address 10.10.10.1 255.255.255.0
load-interval 30
service-policy input SMTP-Limit
service-policy output SMTP-Limit
!
!
!
ip access-list extended SMTP
permit tcp any any eq smtp
!
Thanks,
-Lee
More information about the cisco-nsp
mailing list