11-08-2006 06:01 AM - edited 03-03-2019 02:38 PM
Hi I am current having difficulty with a section of CAD operators who need to download CAD drawings all day long (on a 512k connection). I have applied the following ACL and Limits on Serial0.01:
rate-limit input access-group 101 512000 24000 32000 conform-action set-prec-transmit 5 exceed-action set-prec-transmit 0
rate-limit input access-group 102 256000 24000 32000 conform-action set-prec-transmit 5 exceed-action drop
rate-limit input 256000 16000 24000 conform-action set-prec-transmit 5 exceed-action drop
rate-limit output access-group 101 512000 24000 32000 conform-action set-prec-transmit 5 exceed-action set-prec-transmit 0
rate-limit output access-group 102 256000 24000 32000 conform-action set-prec-transmit 5 exceed-action drop
access-list 101 permit tcp any any eq www
access-list 102 permit tcp any any eq ftp
The problem I have is that all traffic regardless of who it is from is restricted by this. Is it possible to allow devices such as my servers no rate-limit, say via IP or MAC address? If so can somebody forward me the CL for this?
Thanks, Mark
11-08-2006 07:56 AM
Hi,
Just include the ips that you need to deny from the rate limit , then just add a deny statement before
access-list 101 deny host x.x.x.x any
access-list 101 permit tcp any any eq www
Hope this helps
regards
vanesh k
11-08-2006 09:44 AM
I don't have the 'host' option as shown below:
LondonRO(config)#access-list 101 deny ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload Compression Protocol
pim Protocol Independent Multicast
tcp Transmission Control Protocol
udp User Datagram Protocol
LondonRO(config)#access-list 101 deny
11-08-2006 09:45 AM
I'm actually really lost on this one and finding it hard to get my head round it!!!
11-08-2006 10:21 AM
Hi ,
Pls use " access-list 101 deny ip host x.x.x.x any"
But if you alreay have a acl 101 defined , the newly added one would get added next.
If your access-list is numbered one then
sh ip access-list 101
10
20
then
ip access-list extended 101
5 deny ip host x.x.x.x any
Or else u need to remove the CAR first , then delete the ACL , add the new ACL and apply the CAR
regards
vanesh k
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide