From: k c (jwongccie@yahoo.com.hk)
Date: Tue Jul 12 2005 - 02:58:35 GMT-3
Hi Group,
I need to permit tcp traffic from vlan10 (10.1.1.0) at 5Mbps and ftp traffic at 2Mbps. Are the following two methods correct? For method 2, will ftp packets match both policies tcp and ftp?
Method 1)
rate-limit input access-group 101 5000000 10000 20000 conform-action continue exceed-action drop
rate-limit intput access-group 102 2000000 10000 20000 conform-action transmit exceed-action drop
access-list 101 permit tcp 10.1.1.0 0.0.0.255 any
access-list 102 permit tcp 10.1.1.0 0.0.0.255 any eq ftp
access-list 102 permit tcp 10.1.1.0 0.0.0.255 any eq ftp-data
Method 2)
access-list 101 permit tcp 10.1.1.0 0.0.0.255 any
class-map match-all ftp
match protocol FTP
class-map match-all tcp
match access-group 101
policy-map ftp
class ftp
police cir 2000000
policy-map tcp
class tcp
police cir 5000000
service-policy ftp
interface f0/0
service-policy input tcp
Thanks.
%og+
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3