[c-nsp] policer on ASR1001X
james list
jameslist72 at gmail.com
Tue Sep 7 08:10:06 EDT 2021
Dear experts,
I'd like to rate limit some ingress traffic coming from untrusted source to
10Mbs.
I've an ASR1001X (16.3.7) and this is the config I'd place:
*********************
ip access-list extended ACL_10_203_231_129
permit ip any host 10.203.231.129
class-map match-all CM_LIMIT_INGRESS
match access-group name ACL_10_203_231_129
policy-map PM_LIMIT_INGRESS
class CM_LIMIT_INGRESS
police 10000000 5000000 5000000 conform-action transmit exceed-action
drop violate-action drop
class class-default
The PM is attached to tunnel interface:
TUNNEL0
service-policy input PM_LIMIT_INGRESS
*********************
Can you please confirm:
1) I'll not drop/limit other traffic
2) ASR1001X applies rate limit in hardware and not in software (in order to
avoid CPU overload)
3) is there any mode to limit pps and not only bandwidth
Thanks in advance
Cheers
James
More information about the cisco-nsp
mailing list