QOS: Is there a way to limit sessions

Unanswered Question
Jun 23rd, 2009

I need a way to instead of dynamically limiting lets say, ssh. I would like to dynamically limit ssh sessions. I formal way would be via access list but i would like it to be regardless of source and destination. So a typical ssh session could not exceed 1mbs. or something like that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Istvan_Rabai Tue, 06/23/2009 - 13:45

Hi Derek,


I don't know of a command to rate-limit the ssh traffic per session.


You could configure rate-limiting on all ssh sessions using control-plane policing.


Example:


access-list 100 permit tcp any any eq 22


class-map match-all SSH

match access-group 100


policy-map SSH

class SSH

police 1000000


control-plane

service-policy input SSH


I hope this helps somewhat.


Cheers:

Istvan


derek.winchester Tue, 06/23/2009 - 14:09

The control plane would limit session originated from that platform? How exactly would this limit sessions?

Istvan_Rabai Tue, 06/23/2009 - 20:36

Hi Derek,


In this configuration example sessions destined to this platform are policed to 1000000 bits per second.


According to this config you can easily configure it for sessions originated from this platform using the "service-policy output" instead of input.


Cheers:

Istvan

Actions

This Discussion