Dear experts, I'd like to rate limit some ingress traffic coming from untrusted source to 10Mbs.
I've an ASR1001X (16.3.7) and this is the config I'd place: ********************* ip access-list extended ACL_10_203_231_129 permit ip any host 10.203.231.129 class-map match-all CM_LIMIT_INGRESS match access-group name ACL_10_203_231_129 policy-map PM_LIMIT_INGRESS class CM_LIMIT_INGRESS police 10000000 5000000 5000000 conform-action transmit exceed-action drop violate-action drop class class-default The PM is attached to tunnel interface: TUNNEL0 service-policy input PM_LIMIT_INGRESS ********************* Can you please confirm: 1) I'll not drop/limit other traffic 2) ASR1001X applies rate limit in hardware and not in software (in order to avoid CPU overload) 3) is there any mode to limit pps and not only bandwidth Thanks in advance Cheers James _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
