cancel
Showing results for 
Search instead for 
Did you mean: 

Meter - ACL - Policy : "rate-limit" Protocol based traffic ? eg. port 80

Meter - ACL - Policy : "rate-limit" Protocol based traffic ? eg. port 80

Dewald_Botha1
New Contributor
Good day all,

Need some advice if you may - I have an X440 and I would like to create ACLs that limit certain protocol ports, like port 80 (http).

Please check my config below:

vlan 2 created
ports 1-10 added to vlan 2 untagged
meter created:
"create meter HTTP-limit
configure meter HTTP-limit committed-rate 1024 Kbps max-burst-size 128 Kb out-actions drop
configure access-list Limits ports 10 ingress"ACL created and applied to port 10 (port where user is connected):
"configure access-list Limits vlan "DATA" ingress"
Policy created:
"Policies at Policy Server:
Policy: Limits
entry 1 {
if match all {
protocol TCP ;
destination-port 80 ;
}
then {
meter HTTP-limit ;
count HTTP-limit-count ;
}
}
Number of clients bound to policy: 1
Client: acl bound once"Access-List counter:
"show acce count
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
Limits * 10 ingress
HTTP-limit-count 1638"

With the above config - there is NO meter limiting on the traffic.

BUT - when I remove:
"protocol TCP ; destination-port 80 " and have the brackets empty - it works beautifully.

From my understanding and reading through the ACL Solutions Guide - the above should work ?

If I enter :
check policy Limitsit returns successful..

I think I am missing a command or expression somewhere. Can anyone provide some guidance ?

thanks !

16 REPLIES 16

Drew_C
Valued Contributor III
Hi Dewald, I wanted to follow up here and see if you were able to get this working.

Jarek
New Contributor II
Can you paste:
sh access-list usage acl-slice port 1

before and after applaying ACL ?
--
Jarek

Dewald_Botha1
New Contributor
Hi,

No - this is the only config that is on the switch. Nothing else.

thanks

Jarek
New Contributor II
Do you have any other ACL's on this switch ? (on vlan's or port's )

--
Jarek

GTM-P2G8KFN