From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Tue Aug 22 2006 - 13:40:16 ART
Yeah Sorry for the spam Group.
I understand now what it means, so all control bit are only exchange at the
begging and at the end
Silly me, so we are not rate limiting the TCP Traffic of "Establised"
connections
Thanks and please sorry for the spam
Victor.-
_____
De: Victor Cappuccio [mailto:cvictor@protokolgroup.com]
Enviado el: Martes, 22 de Agosto de 2006 11:49 a.m.
Para: 'Cisco certification'
Asunto: Rate Limiting for TCP Syn Packets
Hi Guys,
Reading today at this link:
http://www.cisco.com/warp/public/63/car_rate_limit_icmp.html#rate_limit_tcp_
syn
I found that maybe the access-list 103 is inversed :S
Or Just I wake up with dyslexia this morning.
With this configuration
access-list 103 deny tcp any host 10.0.0.1 established
!--- Let established sessions run fine
access-list 103 permit tcp any host 10.0.0.1
!--- We are just going to rate limit the initial tcp SYN packet,
!-- as the other packets in the TCP session would have hit the prior entry
in the ACL
interface <interface> <interface #>
rate-limit input access-group 103 8000 8000 8000 conform-action transmit
exceed-action drop
We are going only to rate-limit TCP Traffic if I'm not wrong
I think that the ACL should be only
access-list 103 permit tcp any host 10.0.0.1 established
Opinions are welcome
Thanks
Victor.-
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:58 ART