From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Tue Jul 12 2005 - 11:35:49 GMT-3
The onnly thing that may not work that I can see is that for example 2,
you have not limited FTP to a subnet, whereas in example 1 you have,
that could cause a difference in what matches depending on topology.
Not sure what you mean about ftp matching both policies. The way you
have configured it, ftp is limited to 2Mbps, which can take up 40% of
allowable TCP traffic.
Chris
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
k c
Sent: Tuesday, July 12, 2005 12:59 AM
To: ccielab@groupstudy.com
Subject: Ratelimit vs MQC
Hi Group,
I need to permit tcp traffic from vlan10 (10.1.1.0) at 5Mbps and ftp
traffic at 2Mbps. Are the following two methods correct? For method 2,
will ftp packets match both policies tcp and ftp?
Method 1)
rate-limit input access-group 101 5000000 10000 20000 conform-action
continue exceed-action drop
rate-limit intput access-group 102 2000000 10000 20000 conform-action
transmit exceed-action drop
access-list 101 permit tcp 10.1.1.0 0.0.0.255 any
access-list 102 permit tcp 10.1.1.0 0.0.0.255 any eq ftp
access-list 102 permit tcp 10.1.1.0 0.0.0.255 any eq ftp-data
Method 2)
access-list 101 permit tcp 10.1.1.0 0.0.0.255 any
class-map match-all ftp
match protocol FTP
class-map match-all tcp
match access-group 101
policy-map ftp
class ftp
police cir 2000000
policy-map tcp
class tcp
police cir 5000000
service-policy ftp
interface f0/0
service-policy input tcp
Thanks.
%og+
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3