[c-nsp] TCP port rate limit in VLAN interface on Sup720
Lee Starnes
lee.t.starnes at gmail.com
Wed Feb 22 13:23:24 EST 2012
Hi Tony,
It would seem that I had everything except for the mls qos vlan-based on
the port.
Thanks for the help.
-Lee
On Tue, Feb 21, 2012 at 5:18 PM, Tony <td_miles at yahoo.com> wrote:
> Hi Lee,
>
> Basic questions, have you enabled qos globally (mls qos) and have you
> enabled VLAN based qos for the interface your VLAN is on (mls qos
> vlan-based) ?
>
> What does the output of "show policy-map int vlan 555" give ?
>
>
>
> regards,
> Tony.
>
>
>
> ----- Original Message -----
> From: Lee Starnes <lee.t.starnes at gmail.com>
> To: cisco-nsp at puck.nether.net
> Cc:
> Sent: Wednesday, 22 February 2012 7:02 AM
> Subject: [c-nsp] TCP port rate limit in VLAN interface on Sup720
>
> Hi Everyone,
>
> I did a few searches of the archives and was not able to find an answer to
> what I'm trying to do. What we are trying to do is put a rate limit on
> certain TCP ports for traffic on customer VLANs. I have put into place a
> policy map that does not seem to be working. We are limiting both
> directions. Below is what I have. Does anyone have any ideas why this would
> not work? Is there a different way of handling this?
>
> class-map match-any SMTP-Limit
> match access-group name SMTP
> !
> !
> policy-map SMTP-Limit
> class SMTP-Limit
> police 32000 1000 conform-action transmit exceed-action drop
> violate-action drop
> class class-default
> !
> !
> !
> interface Vlan555
> desc CUSTOMER X
> ip address 10.10.10.1 255.255.255.0
> load-interval 30
> service-policy input SMTP-Limit
> service-policy output SMTP-Limit
> !
> !
> !
> ip access-list extended SMTP
> permit tcp any any eq smtp
> !
>
>
>
> Thanks,
>
> -Lee
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list