Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Limit bandwidth by protocol with CAR over VPN

I have a VPN over internet with two Cisco 1710 routers, with NAT. It works fine. But I want to limit traffic over VPN with:

interface Ethernet0

rate-limit inpur access-group 103 8000 8000 8000 conform-action transmit exceed-action drop

access-list 103 permit tcp any any range ftp-data ftp

And with "sh access-list" ftp traffic never matches access-list 103. If I use "access-list 103 permit ip any any" then it matches access-list.

I think the problem is with access-lists based in protocol.

Thanks in advance.

New Member

Re: Limit bandwidth by protocol with CAR over VPN

What happens if you put two lines in the access-list, explicitly permitting 21 & 20 rather than specifying the range? Do you get hits then?

How do you know the hits on the second access-list (permit ip any any) are ftp hits? Could they be hits from other IP protocols, after all, "permit ip any any" is quite generic.