From: mani poopal (mani_ccie@yahoo.com)
Date: Sun Oct 02 2005 - 07:51:34 GMT-3
Hi Simon,
Thanks, it make sense.
Mani
simon hart <simon@harttel.com> wrote:
Mani,
There is no implicit deny at the end of the rate-limit statement, therefore
traffic that does not match either ACL 101 or 102 will not be policed and
will be allowed to consume bandwidth at line rate.
In order to prove the point I have for illustration put a rate limit
statement on e0
interface Ethernet0
ip address 192.168.1.5 255.255.255.0
rate-limit output access-group 101 8000 1500 2000 conform-action drop
exceed-action drop
Extended IP access list 101
permit tcp any any eq smtp
As you can see I have ACL 101 matching smtp traffic only. The rate limit
has both a conform and exceed action of drop for outbound packets, this has
the effect of denying outbound smtp. However I still have connectivity to
the rest of the network, i.e. I can ping
terminal_bb1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/32/148 ms
Therefore you can achieve what you wish by not adding any configuration at
the end.
Henk, mentioned you can use rate-limit input 800000 16000 24000
conforma-action continue exceed-action continue. This is equally as valid,
but pretty pointless really because it is not achieving anything, basically
no policing is taking place.
HTH
Simon
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of mani
poopal
Sent: 02 October 2005 09:13
To: Henk de Tombe; ccielab@groupstudy.com
Subject: RE: CAR-ratelimit command AND ospf question
Hi Tim, Henk and others,
Thanks for the response, Henk, you said I can use rate-limit input 800000
16000 24000 conforma-action continue exceed-action continue. But how can we
arrive at 800000 16000 24000 if not given for all other traffic. If I don't
put the last statement, will the rate-limit will allow any remaining
traffic, provided if bw is available(hopefully there is no implicit deny as
in the case with access-lists)
Mani
Henk de Tombe wrote:
Hi Mani,
I'll have a try on this one.
You can use "rate-limit input 8000000 16000 24000 conform-action continue
exceed-action continue". The router will just let you traffic through till
it reaches the limitation of your networklink. Without limiting traffic you
still can set some precedence bits for use in othernetwork segments.
You could also remove the last statement and don't do anything with the
remaining traffic.
There are three ways to get the ip address of a loopback interface
advertised as a /24 in the network.
1 - ip ospf network point-to-point
2 - area range - requires the loopback be on a different area
3 - redistribute connected
Regards,
Henk
-----Oorspronkelijk bericht-----
Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens mani poopal
Verzonden: zondag 2 oktober 2005 05:57
Aan: ccielab@groupstudy.com
Onderwerp: CAR-ratelimit command AND ospf question
Hi Group,
I have a small question regarding rate-limit command and ospf. Pls look at
the following commands from cisco url.
QUESTION1:
=================================================================
interface Hssi0/0/0
description 45Mbps to R2
rate-limit input access-group 101 20000000 24000 32000 conform-action
set-prec-transmit 5 exceed-action set-prec-transmit 0
rate-limit input access-group 102 10000000 24000 32000 conform-action
set-prec-transmit 5 exceed-action drop
rate-limit input 8000000 16000 24000 conform-action set-prec-transmit 5
exceed-action
drop
================================================================
Now the last line is for any remaining traffic, instead of limiting
remaining traffic, if I want to allow all the remaining traffic, what
commands I need instead of the last line "rate-limit input 8000000 16000
24000 confrom-action set-prec-transmit 5 exceed-action drop or do I need any
command.
QUESTION2:
In ospf what other methods are available to make ospf loopback appear as
24bit routes(assume mask of 24) other than using ip ospf network type to
point to point or redistribute connected.)
thanks
Mani
---------------------------------
Yahoo! for Good
Click here to donate to the Hurricane Katrina relief effort.
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3