From: Eugene Ward (eward15@juno.com)
Date: Mon Jun 06 2005 - 10:33:10 GMT-3
Wouldn't "match protocol ftp" be a better fit under the class map? When you say ftp traffic, shouldn't you consider both active and passive ftp as well as traffic sourced from the outside as well as the inside? If you couldn't use the "match protocol" command, then I would consider an access-list like this:
access-list 101 per tcp any any eq ftp
access-list 101 per tcp any any eq ftp-data
access-list 101 per tcp any eq ftp any
access-list 101 per tcp any eq ftp-data any
access-list 101 per tcp any gt 1023 any gt 1023
I could be reading too much into the question. Any thoughts?
Eugene Ward
------------------------------------------------------------------------
Hi all,
Think of a Scenario, where all ftp traffic has 3Mb and 150 kps burst and 200
kbps is total burst
All other traffic 2mb 300kbps burst and 400 total burst.
Following is my config.
class-map ftp
match access-group 101
Police-map ftp
class ftp
police police 3000000 18750 6250
class class-default
police 2000000 37500 12500
int s0/0
service-policy output ftp
access-list 101 per tcp any any eq ftp
access-list 101 per tcp any any eq ftp-data
Is above configuration right?
Thanks in advance
Haf
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3