From: Salman Abbas (dukelondon@gmail.com)
Date: Fri Nov 24 2006 - 09:50:15 ART
Hi Scott,
I have 2 questions which I've tried asking but people dont seem
to answer accurately although I dont think they are very complicated. So
finally you are my saviour.
Question 1: There is a server between SW1 and R6 using UDP port 2000. On SW1
int fa0/6, limit all UDP port 2000 traffic by maximum 256Kbps and normal
64Kbps to avoid congestion on your VLAN.
So, for my 3550 police command, what values would I use for CIR and "Burst
in Bytes" respectively? and will I have to use the service-policy "input" or
"output"?
policy map QoS
class UDP
police ____ _____ exceed action drop
int fa0/6
service-policy _____ QoS
Question 2:
There is a DoS Smurf attack entering R6's s0/0 interface. Use CAR to limit
traffic to maximum 256Kbps and normal 8Kbps
So, for my rate limit command, what values will I use for CIR, Bc and Be ?
rate-limit input access-group 110 ____ _____ ______ conform-action
transmit exceed-action drop
Thanks a million in advance,
Best Regards,
Salman
On 11/23/06, Salman Abbas <dukelondon@gmail.com> wrote:
>
> Hi Scott,
>
> Thanks a bunch!!!
>
> Regards,
>
> Salman
>
>
> On 11/22/06, Scott Morris <swm@emanon.com> wrote:
> >
> > The 'redirect out' on the ethernet interface would imply that requests
> > are
> > coming FROM different places. If your hosts are supposed to be on the
> > same
> > interface (ethernet) then it will be an inbound redirect from the
> > routers'
> > perspective.
> >
> > As for the route-cache part, that's really an efficiency thing to not
> > force
> > process switching on everything. In a lab, most likely nobody cares (
> > e.g.
> > not a REQUIRED command) but in real life it would be a good thing to do.
> >
> > HTH,
> >
> >
> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > JNCIE
> > #153, CISSP, et al.
> > CCSI/JNCI-M/JNCI-J
> > IPExpert VP - Curriculum Development
> > IPExpert Sr. Technical Instructor
> > smorris@ipexpert.com
> > http://www.ipexpert.com
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Salman Abbas
> > Sent: Wednesday, November 22, 2006 6:42 AM
> > To: ccie >> Cisco certification
> > Subject: WCCP complexity
> >
> > Hi Guys,
> >
> > Please help to answer the following question:
> >
> >
> > R1----------------------------SW------------------------------Web
> > Caching
> > System
> >
> >
> > R1 must intercept the http traffic coming to its ethernet interface and
> > redirect it towards the Web Caching engine. So first I'll use the
> > following
> > two commands,
> >
> >
> > ip wccp web-cache
> >
> > interface e0
> > ip wccp web-cache redirect out
> >
> > Now since Im using the same interface (R1 e0) for both incoming web
> > traffic
> > and outgoing web cache redirection, will it be necessary to use the
> > command
> >
> > int e0
> > *ip route-cache same-interface*
> >
> > Will I need the above mentioned ip route-cache command or any additional
> > commands to meet the requirement of this question?
> >
> > Thanks in advance,
> >
> > Cheers!!!
> > Salman
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART