From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Tue Aug 22 2006 - 12:48:30 ART
Hi Guys,
Reading today at this link:
http://www.cisco.com/warp/public/63/car_rate_limit_icmp.html#rate_limit_tcp_
syn
I found that maybe the access-list 103 is inversed :S
Or Just I wake up with dyslexia this morning.
With this configuration
access-list 103 deny tcp any host 10.0.0.1 established
!--- Let established sessions run fine
access-list 103 permit tcp any host 10.0.0.1
!--- We are just going to rate limit the initial tcp SYN packet,
!-- as the other packets in the TCP session would have hit the prior entry
in the ACL
interface <interface> <interface #>
rate-limit input access-group 103 8000 8000 8000 conform-action transmit
exceed-action drop
We are going only to rate-limit TCP Traffic if I'm not wrong
I think that the ACL should be only
access-list 103 permit tcp any host 10.0.0.1 established
Opinions are welcome
Thanks
Victor.-
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:58 ART