Using Profile Acls With The Traffic Rate Limiting Facility - Cabletron Systems IA1100 User's Reference Manual

Internet appliance

Hide thumbs Also See for IA1100:

Getting started manual (82 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

Table of Contents

For example, you can define an IP policy that causes all telnet packets travelling from

source network 9.1.1.0/24 to destination network 15.1.1.0/24 to be forwarded to

destination address 10.10.10.10. You use a Profile ACL to define the selection criteria (in

this case, telnet packets travelling from source network 9.1.1.0/24 to destination network

15.1.1.0/24). Then you use an ip-policy command to specify what happens to packets that

match the selection criteria (in this example, forward them to address 10.10.10.10). The

following commands illustrate this example.

This command creates a Profile ACL called prof1 that uses as its selection criteria all telnet

packets travelling from source network 9.1.1.0/24 to destination network 15.1.1.0/24:

ia(config)# acl prof1 permit ip 9.1.1.0/24 15.1.1.0/24 any any telnet 0

This Profile ACL is then used in conjunction with the ip-policy command to cause packets

matching prof1's selection criteria (that is, telnet packets travelling from 9.1.1.0/24 to

15.1.1.0/24) to be forwarded to 10.10.10.10:

ia(config)# ip-policy p5 permit profile prof1 next-hop-list 10.10.10.10

See

Chapter 10, "IP Policy-Based Forwarding Configuration Guide,"

on using the ip-policy command.

Using Profile ACLs with the Traffic Rate Limiting Facility

Traffic rate limiting is a mechanism that allows you to control bandwidth usage of

incoming traffic on a per-flow basis. A flow meeting certain criteria can have its packets

re-prioritized or dropped if its bandwidth usage exceeds a specified limit.

For example, you can cause packets in flows from source address 1.2.2.2 to be dropped if

their bandwidth usage exceeds 10 Mbps. You use a Profile ACL to define the selection

criteria (in this case, flows from source address 1.2.2.2). Then you use a rate-limit

command to specify what happens to packets that match the selection criteria (in this

example, drop them if their bandwidth usage exceeds 10 Mbps). The following commands

illustrate this example.

This command creates a Profile ACL called prof2 that uses as its selection criteria all

packets originating from source address 1.2.2.2:

ia(config)# acl prof2 permit ip 1.2.2.2

The following command creates a rate limit definition that causes flows matching Profile

ACL prof2's selection criteria (that is, traffic from 1.2.2.2) to be restricted to 10 Mbps for

each flow. If this rate limit is exceeded, the packets are dropped.

ia(config)# rate-limit client1 input acl prof2 rate-limit 10000000

exceed-action drop-packets

Internet Appliance User Reference Manual

Chapter 13: Access Control List Configuration Guide

for more information

221

Table of Contents

This manual is also suitable for:

Ia1200

Using Profile Acls With The Traffic Rate Limiting Facility - Cabletron Systems IA1100 User's Reference Manual

Using Profile ACLs with the Traffic Rate Limiting Facility

Related Manuals for Cabletron Systems IA1100

Related Content for Cabletron Systems IA1100

This manual is also suitable for:

Table of Contents