Manualshelf

User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf
401402403404405406407408409410
Enterasys X-Pedition User Reference Manual 379
Applying ACLs
policy command to specify what happens to packets that match the selection criteria (in this
example, forward them to address 10.10.10.10). The following commands illustrate this example.
This command creates a Profile ACL called prof1 that uses as its selection criteria all telnet packets
travelling from source network 9.1.1.0/24 to destination network 15.1.1.0/24:
This Profile ACL is then used in conjunction with the ip-policy command to cause packets
matching prof1’s selection criteria (that is, telnet packets travelling from 9.1.1.0/24 to 15.1.1.0/24)
to be forwarded to 10.10.10.10:
See IP Policy-Based Forwarding Configuration Guide on page 313 for more information on using
the ip-policy command.
Using Profile ACLs with the Traffic Rate Limiting Facility
Traffic rate limiting is a mechanism that allows you to control bandwidth usage of incoming traffic
on a per-flow basis. A flow meeting certain criteria can have its packets re-prioritized or dropped if
its bandwidth usage exceeds a specified limit.
For example, you can cause packets in flows from source address 1.2.2.2 to be dropped if their
bandwidth usage exceeds 10 Mbps. You use a Profile ACL to define the selection criteria (in this
case, flows from source address 1.2.2.2). Then you use a rate-limit command to specify what
happens to packets that match the selection criteria (in this example, drop them if their bandwidth
usage exceeds 10 Mbps). The following commands illustrate this example.
This command creates a Profile ACL called prof2 that uses as its selection criteria all packets
originating from source address 1.2.2.2:
The following command creates a rate limit definition that causes flows matching Profile ACL
prof2’s selection criteria (that is, traffic from 1.2.2.2) to be restricted to 10 Mbps for each flow. If
this rate limit is exceeded, the packets are dropped.
When the rate limit definition is applied to an interface (with the rate-limit apply command),
packets in flows originating from source address 1.2.2.2 are dropped if their bandwidth usage
exceeds 10 Mbps.
See Limiting Traffic Rate on page 440 for more information on using the rate-limit command.
xp(config)# acl prof1 permit ip 9.1.1.0/24 15.1.1.0/24 any any telnet 0
xp(config)# ip-policy p5 permit profile prof1 next-hop-list 10.10.10.10
xp(config)# acl prof2 permit ip 1.2.2.2
xp(config)# rate-limit client1 input acl prof2 rate-limit 10000000 exceed-action drop-packets