06-23-2009 01:24 PM - edited 03-04-2019 05:13 AM
I need a way to instead of dynamically limiting lets say, ssh. I would like to dynamically limit ssh sessions. I formal way would be via access list but i would like it to be regardless of source and destination. So a typical ssh session could not exceed 1mbs. or something like that.
06-23-2009 01:45 PM
Hi Derek,
I don't know of a command to rate-limit the ssh traffic per session.
You could configure rate-limiting on all ssh sessions using control-plane policing.
Example:
access-list 100 permit tcp any any eq 22
class-map match-all SSH
match access-group 100
policy-map SSH
class SSH
police 1000000
control-plane
service-policy input SSH
I hope this helps somewhat.
Cheers:
Istvan
06-23-2009 02:09 PM
The control plane would limit session originated from that platform? How exactly would this limit sessions?
06-23-2009 08:36 PM
Hi Derek,
In this configuration example sessions destined to this platform are policed to 1000000 bits per second.
According to this config you can easily configure it for sessions originated from this platform using the "service-policy output" instead of input.
Cheers:
Istvan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide