Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1218
Views
0
Helpful
1
Replies

how to configure BWth restriction on 7200

davemac2626
Level 1
Level 1

‎12-17-2011 11:36 AM - edited ‎02-21-2020 04:31 AM

Hi all

 

I would like some help in configuring interfaces on a 7200.

 

Ideally is there anyway you can configure any interface to auto shutdown if a bandwidth limit has been reached?

 

As far as I am aware I can configure the following command to drop packets:

 

rate-limit output 10000000 2000 2000 conform-action continue exceed-action drop

 

however I would like the interface if possible to be shutdown.....

 

I have seen a TCL script available (TCP_Syn_Flow_Detection.tar) that will carry out this action if the Syn flow of TCP packets has hit a certain limit however not sure if this will suffice....

 

Any help anyone can give me would be most appreciated.

 

Router config is:

 

#sh run

Building configuration...

 

Current configuration : 30077 bytes

!

! Last configuration change at 19:22:26 UTC Tue Nov 29 2011 by support

! NVRAM config last updated at 19:22:28 UTC Tue Nov 29 2011 by support

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname THN-7201-A

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

no aaa new-model

clock summer-time GB recurring last Sun Mar 2:00 last Sun Oct 2:00

ip source-route

ip cef

!

!

!

!

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

memory-size iomem 0

username support secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

archive

log config

  hidekeys

path tftp://xx.xxx.xxx.xx/SIPCOM/THN-7201-A

write-memory

time-period 1440

!

!

!

!

!

ip ftp username sipcom_backup

ip ftp password 7 xxxxxxxxxxxxxxxxxxxxxxxx

!

!

!

!

interface Loopback0

ip address xx.xxx.xxx.x 255.255.255.255

!

interface Tunnel0

bandwidth 100000

ip address xx.xxx.xxx.x 255.255.255.252

keepalive 10 3

tunnel source FastEthernet0/0

tunnel destination xxx.xxx.x.xx

!

interface Tunnel64

bandwidth 2000

ip address xxx.xx.xx.x 255.255.255.252

keepalive 10 3

tunnel source GigabitEthernet0/1

tunnel destination xxx.xxx.xxx.xxx

!

interface FastEthernet0/0

description TATA CCT 347764

ip address xxx.xxx.x.xx 255.255.255.252

ip access-group SIPCOM_VOICERECORD_IN in

ip nat outside

ip virtual-reassembly

duplex full

speed 100

!

interface GigabitEthernet0/0

description THN PRIVATE

ip address xx.xxx.xxx.xxx 255.255.255.128

ip virtual-reassembly

duplex auto

speed 1000

media-type rj45

negotiation auto

standby 0 ip xx.xxx.xxx.xxx

standby 0 preempt

!

interface GigabitEthernet0/1

description VTL LINK 1

ip address xxx.xxx.xx.xx 255.255.255.252

ip access-group 101 in

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex full

speed 1000

media-type rj45

negotiation auto

!

interface GigabitEthernet0/2

description BT IPEX LINK 1

ip address xx.xxx.xxx.xxx 255.255.255.248

ip virtual-reassembly

duplex full

speed 1000

negotiation auto

!

interface GigabitEthernet0/3

description THN PUBLIC

ip address xx.xxx.xxx.x 255.255.255.128

ip access-group 117 in

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

negotiation auto

standby 1 ip xx.xxx.xxx.x

standby 1 preempt

!

interface Group-Async0

physical-layer async

no ip address

encapsulation slip

!

router eigrp 200

redistribute connected metric 1500 0 1 255 1500 route-map EIGRP-TUNNEL

network xx.xxx.xxx.xxx 0.0.0.0

network xx.xxx.xxx.x 0.0.0.0

no auto-summary

!

router ospf 100

log-adjacency-changes

redistribute connected subnets

network xx.xx.x.x 0.0.0.255 area 0

!

router bgp 47631

bgp log-neighbor-changes

neighbor xx.xxx.xxx.xxx remote-as 47631

neighbor xxx.xxx.x.xx remote-as 6453

neighbor xxx.xxx.xx.xx remote-as 8190

!

address-family ipv4

  redistribute connected route-map SIPCOM

  redistribute static

  neighbor xx.xxx.xxx.xxx activate

  neighbor xx.xxx.xxx.xxx next-hop-self

  neighbor xxx.xxx.x.xx activate

  neighbor xxx.xxx.x.xx weight 100

  neighbor xxx.xxx.xx.xx activate

  neighbor xxx.xxx.xx.xx weight 200

  no auto-summary

  no synchronization

  network xx.xxx.xxx.0 mask 255.255.248.0

  network xx.xxx.xxx.0 mask 255.255.255.0

exit-address-family

!

ip forward-protocol nd

ip route x.x.x.x 0.0.0.0 xxx.xxx.xx.xx 10

ip route xx.x.x.x 255.255.0.0 xx.xxx.224.254

ip route xx.x.xx.176 255.255.255.255 195.219.0.13

ip route xx.xxx.224.0 255.255.248.0 FastEthernet0/0

ip route xx.xxx.224.160 255.255.255.224 xx.xxx224.8

ip route xx.xxx.225.0 255.255.255.0 xx.xxx.224.54

ip route xx.xxx.226.16 255.255.255.240 xx.xxx.224.151

ip route xx.xxx.226.128 255.255.255.240 xx.xxx.224.8

ip route xx.xxx.226.228 255.255.255.252 xx.xxx.224.80

ip route xx.xxx.226.248 255.255.255.252 xx.xxx.224.126

ip route xx.xxx.226.252 255.255.255.252 xx.xxx.224.126

ip route xx.xxx.227.0 255.255.255.0 xx.xxx.224.126

ip route xx.xxx.228.0 255.255.255.0 xx.xxx.224.126

ip route xx.xxx.229.0 255.255.255.0 xx.xxx.224.126

ip route xx.xxx.229.0 255.255.255.224 xx.xxx.224.126

ip route xx.xxx.229.240 255.255.255.248 172.16.64.2

ip route xx.xxx.230.0 255.255.255.0 xx.xxx.224.126

ip route xx.xxx.230.254 255.255.255.255 xx.xxx.224.126

ip route xx.xxx.231.0 255.255.255.0 xx.xxx.224.126

ip route xx.xxx.191.208 255.255.255.248 xx.xxx.224.126

ip route xxx.xx6.163.112 255.255.255.255 xx.xxx.224.126

ip route xxx.xx6.163.113 255.255.255.255 xx.xxx.224.126

ip route xxx.xx.8.0 255.255.255.0 xx.xxx.224.254

ip route xxx.xx.9.0 255.255.255.0 xx.xxx.224.126

ip route xxx.xx.20.0 255.255.255.0 xx.xxx.224.126

ip route xxx.xx.0.0 255.255.0.0 xx.xxx.224.126

ip route xxx.xx8.0.5 255.255.255.255 xx.xxx.224.254

ip route xxx.xx8.64.0 255.255.255.0 xxx.xx.xx.2

ip route xxx.xx8.70.0 255.255.255.0 xx.xxx.224.126

ip route xxx.xx.0.0 255.255.0.0 Null0

no ip http server

no ip http secure-server

!

ip flow-cache timeout active 1

ip flow-export source GigabitEthernet0/3

ip flow-export version 9

ip flow-export destination xxx.xx.x.75 9996

!

no ip nat service skinny tcp port 2000

no ip nat service sip udp port 5060

ip nat inside source list 106 interface GigabitEthernet0/3 overload

ip nat inside source static tcp 172.16.9.20 22 xx.xxx.224.30 22 extendable

ip nat inside source static tcp xxx.xx.x.20 443 xx.xxx.224.30 443 extendable

ip nat inside source static tcp xxx.xx.x.22 22 xx.xxx.224.31 22 extendable

ip nat inside source static tcp xxx.xx.x.22 443 xx.xxx.224.31 443 extendable

ip nat inside source static tcp xxx.xx.x.24 22 xx.xxx.224.32 22 extendable

ip nat inside source static tcp xxx.xx.x.24 443 xx.xxx.224.32 443 extendable

!

ip access-list standard EIGRP

permit xx.xxx.224.128 0.0.0.127

ip access-list standard SIPCOM

permit xx.xxx.224.0 0.0.7.255

permit xx.xxx.224.0 0.0.0.255

ip access-list standard SIPCOM/21

deny   xx.xxx.224.0 0.0.0.255

deny   xx.xxx.225.0 0.0.0.255

deny   xx.xxx.226.0 0.0.0.255

deny   xx.xxx.227.0 0.0.0.255

deny   xx.xxx.228.0 0.0.0.255

deny   xx.xxx.229.0 0.0.0.255

deny   xx.xxx.230.0 0.0.0.255

deny   xx.xxx.231.0 0.0.0.255

permit xx.xxx.224.0 0.0.0.7

!

ip access-list extended SIPCOM_VOICERECORD_IN

permit ip host xx.xx.xx.24 host xx.xxx.224.30

permit ip xxx.xxx.x.0 0.0.0.255 host xx.xxx.224.30

deny   ip any host xx.xxx.224.30

permit ip host xx.xx.xx.24 host xx.xxx.224.31

permit ip xxx.xxx.x.0 0.0.0.255 host xx.xxx.224.31

deny   ip any host xx.xxx.224.31

permit ip host xx.xx.xx.24 host xx.xxx.224.32

deny   ip any host xx.xxx.224.32

permit ip host xxx.xxx.xx.101 xx.xxx.226.0 0.0.0.255

permit ip host xxx.xxx.xx.101 any

deny   ip host xxx.xxx.xx.250 any

permit ip host xxx.xxx.xxx.44 any

permit ip host x.xx.xxx.218 any

deny   ip host xxx.xxx.xxx.118 any

permit ip host xxx.xxx.xx.54 any

permit udp any host xx.xxx.224.12 range 50000 59998

permit udp any host xx.xxx.224.17 range 50000 59998

permit tcp host xx.xxx.xx.215 host xx.xxx.224.5 eq www

permit tcp host xx.xxx.xxx.18 host xx.xxx.224.5 eq www

permit tcp host xx.xxx.xxx.139 host xx.xxx.224.5 eq www

permit tcp host xxx.x.xxx.60 host xx.xxx.224.5 eq www

deny   ip host xx.xxx.xxx.222 host xx.xxx.224.5

permit tcp host xxx.xx.xx.146 host xx.xxx.224.5 eq www

permit tcp host xx.xxx.xx.194 host xx.xxx.224.5 eq www

permit tcp host xx.xxx.xxx.116 host xx.xxx.224.5 eq www

permit ip host x.x.x.x host xx.xxx.224.5

permit udp any host xx.xxx.224.15 eq tftp

permit udp any host xx.xxx.224.16 eq tftp

permit tcp any host xx.xxx.224.12 eq 2000

permit tcp any host xx.xxx.224.15 eq 2000

permit tcp any host xx.xxx.224.13 eq 2000

permit tcp any host xx.xxx.224.18 eq 2000

permit udp any host xx.xxx.224.13 eq tftp

permit udp any host xx.xxx.224.18 eq tftp

permit tcp host xx.xxx.x.x host xx.xxx.224.5 eq 3389

permit tcp host xx.xxx.x.xxx host xx.xxx.224.5 eq www

permit tcp host xx.xxx.xxx.xxx host xx.xxx.224.5 eq www

permit tcp host xx.xxx.xxx.162 host xx.xxx.224.5 eq www

permit tcp host xxx.xxx.x.108 host xx.xxx.224.5 eq www

permit tcp host xxx.xxx.x.13 host xx.xxx.224.5 eq www

permit tcp host xx.xxx.x.82 host xx.xxx.224.5 eq www

permit tcp host xx.xxx.x.76 host xx.xxx.224.5 eq www

permit tcp host xxx.x.xx.185 host xx.xxx.224.5 eq www

permit tcp host xxx.xxx.x.166 host xx.xxx.224.5 eq www

permit tcp host xx.x.x.33 host xx.xxx.224.5 eq www

permit tcp host xx.xxx.x.242 host xx.xxx.224.5 eq www

permit tcp x.x.x.0 0.0.1.255 any eq 443

permit tcp x.x.x.0 0.0.1.255 any eq www

permit tcp x.x.x.0 0.0.1.255 any eq 2208

permit tcp x.x.x.0 0.0.1.255 any eq 2206

permit tcp x.x.x.0 0.0.1.255 any eq 2220

permit tcp x.x.x.0 0.0.1.255 any eq 22

permit ip host x.x.x.7 any

permit ip host x.x.x.189 any

permit ip host x.x.x.41 any

deny   ip any host xx.xxx.x.7

permit ip any xx.xxx.x.160 0.0.0.31

permit tcp host xx.x.x.36 host xx.xxx.224.5 eq www

permit tcp host x.x.x.227 host xx.xxx.224.5 eq www

permit tcp host x.x.x.65 host xx.xxx.224.5 eq www

permit tcp host x.x.x.166 host xx.xxx.224.5 eq www

permit tcp host x.x.x.124 host xx.xxx.224.5 eq www

permit tcp host x.x.x.193 host xx.xxx.224.5 eq www

permit tcp host x.x.x.138 host xx.xxx.224.5 eq www

permit tcp host x.x.x.98 host xx.xxx.224.5 eq www

permit tcp host x.x.x.171 host xx.xxx.224.5 eq www

permit tcp host x.x.x.114 host xx.xxx.224.5 eq www

permit tcp host x.x.x.153 host xx.xxx.224.5 eq www

permit tcp host x.x.x.116 host xx.xxx.224.5 eq www

permit tcp host x.x.x.32 host xx.xxx.224.5 eq www

permit tcp host x.x.x.x host xx.xxx.224.5 eq www

permit tcp host x.x.x.59 host xx.xxx.224.5 eq www

permit tcp host x.x.x.18 host xx.xxx.224.5 eq www

permit tcp host x.x.x.195 host xx.xxx.224.5 eq www

permit tcp host x.x.x.28 host xx.xxx.224.5 eq www

permit tcp host x.x.x.44 host xx.xxx.224.5 eq www

permit ip host x.x.x.114 host xx.xxx.224.5

permit tcp host x.x.x.114 host xx.xxx.224.5 eq ftp

permit tcp host x.x.x.114 host xx.xxx.224.5 eq ftp-data

permit udp host xx.xxx.224.40 host xx.xxx.224.5 eq 20

permit tcp host xx.xxx.224.40 host xx.xxx.224.5 eq www

permit udp host xx.xxx.224.40 host xx.xxx.224.5 eq 21

permit tcp host x.x.x.179 host xx.xxx.224.5 eq www

permit tcp host x.x.x.243 host xx.xxx.224.5 eq www

permit tcp x.x.x.0 0.0.15.255 host xx.xxx.224.5 eq smtp

permit tcp x.x.x.0 0.0.15.255 host xx.xxx.224.5 eq smtp

permit tcp x.x.x.0 0.0.7.255 host xx.xxx.224.5 eq smtp

permit tcp x.x.x.0 0.0.7.255 host xx.xxx.224.5 eq smtp

permit tcp x.x.x.0 0.0.7.255 host xx.xxx.224.5 eq smtp

permit tcp x.x.x.0 0.0.1.255 host xx.xxx.224.5 eq smtp

deny   ip any host xx.xxx.224.13

deny   ip any host xx.xxx.224.14

deny   ip any host xx.xxx.224.17

deny   ip any host xx.xxx.224.18

permit tcp x.x.x.0 0.0.1.255 host xx.xxx.224.5 eq smtp

permit tcp host x.x.x.151 host xx.xxx.224.10 eq 22

permit tcp host x.x.x.151 host xx.xxx.224.11 eq 22

permit tcp host x.x.x.151 host xx.xxx.224.15 eq 22

permit tcp host x.x.x.151 host xx.xxx.224.16 eq 22

deny   ip any host xx.xxx.224.12

permit tcp any host xx.xxx.224.10 eq www

permit tcp 195.245.230.0 0.0.1.255 host xx.xxx.224.5 eq smtp

permit tcp any host xx.xxx.224.10 eq 2208

permit tcp any host xx.xxx.224.10 eq 443

permit tcp any host xx.xxx.224.11 eq www

permit tcp any host xx.xxx.224.11 eq 2208

permit tcp any host xx.xxx.224.11 eq 443

permit tcp any host xx.xxx.224.15 eq www

permit tcp any host xx.xxx.224.15 eq 443

permit tcp any host xx.xxx.224.16 eq www

permit tcp any host xx.xxx.224.16 eq 443

deny   ip any host xx.xxx.224.5

deny   ip any host xx.xxx.224.10

deny   ip any host xx.xxx.224.11

deny   ip any host xx.xxx.224.15

deny   ip any host xx.xxx.224.16

deny   ip any xx.xxx.x.128 0.0.0.127

deny   ip any xx.xxx.x.0 0.0.0.255

permit ip any xx.xxx.x.228 0.0.0.3

deny   ip any xx.xxx.x.0 0.0.0.255

permit ip any any

permit tcp host x.x.x.111 host xx.xxx.224.5 eq www

!

ip sla responder

ip sla 10

udp-jitter x.x.x.61 17000

frequency 30

ip sla schedule 10 life 300 start-time after 00:05:00 recurring

ip sla 100

udp-jitter xx.xxx.x.6 50002 source-ip xx.xxx.226.5 source-port 50004

tos 184

tag Tunnel0_Test

frequency 20

ip sla schedule 100 life forever start-time now

ip sla 101

udp-jitter xx.xxx.224.126 50002 source-ip xx.xxx.224.2 source-port 50004

tag Tunnel0_Test

frequency 20

ip sla schedule 101 life forever start-time now

logging alarm informational

access-list 30 permit x.x.0.0 0.0.255.255

access-list 30 permit x.x.x.0 0.0.0.255

access-list 34 permit x.x.x.28

access-list 34 permit xx.xxx.224.42

access-list 34 permit xx.xxx.224.40

access-list 34 permit xxx.xx.x.79

access-list 34 permit xxx.xx.x.75

access-list 34 permit x.x.x.0 0.0.255.255

access-list 101 permit ip host x.x.x.101 any

access-list 101 deny   ip host x.x.x.250 any

access-list 101 permit ip host x.x.x.218 any

access-list 101 permit udp any host xx.xxx.224.12 range 50000 59998

access-list 101 permit udp any host xx.xxx.224.17 range 50000 59998

access-list 101 permit ip host x.x.x.44 any

access-list 101 permit ip any xx.xxx.x.160 0.0.0.31

access-list 101 permit tcp host x.x.x.x host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.x host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.x host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.x host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.x host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.x host xx.xxx.224.5 eq www

access-list 101 deny   ip host x.x.x.x host xx.xxx.224.5

access-list 101 permit tcp host x.x.x.x host xx.xxx.224.5 eq www

access-list 101 permit ip host x.x.x.x host xx.xxx.224.80

access-list 101 permit ip host x.x.x.x host xx.xxx.224.80

access-list 101 deny   tcp any host xx.xxx.224.80 eq 22

access-list 101 deny   tcp any host xx.xxx.224.80 eq www

access-list 101 deny   tcp any host xx.xxx.224.81 eq www

access-list 101 deny   tcp any host xx.xxx.224.81 eq 22

access-list 101 deny   tcp any host xx.xxx.224.81 eq telnet

access-list 101 permit udp any host xx.xxx.224.15 eq tftp

access-list 101 permit udp any host xx.xxx.224.16 eq tftp

access-list 101 permit tcp any host xx.xxx.224.12 eq 2000

access-list 101 permit tcp any host xx.xxx.224.15 eq 2000

access-list 101 permit tcp any host xx.xxx.224.13 eq 2000

access-list 101 permit tcp any host xx.xxx.224.18 eq 2000

access-list 101 permit udp any host xx.xxx.224.13 eq tftp

access-list 101 permit udp any host xx.xxx.224.18 eq tftp

access-list 101 deny   tcp any host xx.xxx.224.80 eq telnet

access-list 101 permit ip any host xx.xxx.224.8

access-list 101 permit tcp host x.x.x.162 host xx.xxx.224.5 eq www

access-list 101 permit ip any host xx.xxx.224.9

access-list 101 permit udp any any eq ntp

access-list 101 permit ip host x.x.x.44 any

access-list 101 permit icmp host x.x.x.28 any

access-list 101 permit icmp host x.x.x.18 any

access-list 101 permit ip any host xx.xxx.224.40

access-list 101 permit ip host x.x.x.18 any

access-list 101 permit tcp host x.x.x.18 host xx.xxx.224.10 eq www

access-list 101 permit tcp host x.x.x.18 host xx.xxx.224.10 eq 443

access-list 101 permit tcp host x.x.x.18 host xx.xxx.224.10 eq 2208

access-list 101 permit ip host x.x.x.24 any

access-list 101 permit ip x.x.x.0 0.0.0.255 any

access-list 101 permit ip x.x.x.0 0.0.0.255 host xx.xxx.224.36

access-list 101 permit tcp any host xx.xxx.224.10 eq www

access-list 101 permit tcp any host xx.xxx.224.10 eq 843

access-list 101 permit tcp any host xx.xxx.224.10 eq 2208

access-list 101 permit tcp any host xx.xxx.224.10 eq 443

access-list 101 permit tcp any host xx.xxx.224.11 eq www

access-list 101 permit tcp any host xx.xxx.224.11 eq 2208

access-list 101 permit tcp any host xx.xxx.224.11 eq 443

access-list 101 permit tcp any host xx.xxx.224.15 eq www

access-list 101 permit tcp any host xx.xxx.224.15 eq 443

access-list 101 permit tcp any host xx.xxx.224.16 eq www

access-list 101 permit tcp any host xx.xxx.224.16 eq 443

access-list 101 permit tcp host x.x.x.28 any eq 22

access-list 101 permit tcp host x.x.x.3 any eq 22

access-list 101 permit tcp host x.x.x.3 any eq www

access-list 101 permit tcp host x.x.x.3 any eq 443

access-list 101 permit tcp host x.x.x.2 any eq www

access-list 101 permit ip host x.x.x.114 host xx.xxx.224.5

access-list 101 permit tcp host x.x.x.114 host xx.xxx.224.5 eq ftp

access-list 101 permit tcp host x.x.x.114 host xx.xxx.224.5 eq ftp-data

access-list 101 permit tcp host x.x.x.2 any eq 443

access-list 101 permit tcp x.x.x.0 0.0.1.255 any eq 443

access-list 101 permit tcp x.x.x.0 0.0.1.255 any eq www

access-list 101 permit tcp x.x.x.0 0.0.1.255 any eq 2208

access-list 101 permit tcp x.x.x.0 0.0.1.255 any eq 2206

access-list 101 permit tcp x.x.x.0 0.0.1.255 any eq 2220

access-list 101 permit tcp x.x.x.0 0.0.1.255 any eq 22

access-list 101 permit tcp host x.x.x.2 any eq 22

access-list 101 permit tcp host x.x.x.179 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.13 any eq 1099

access-list 101 permit tcp host x.x.x.104 any eq 1099

access-list 101 permit tcp host x.x.x.13 any eq 2208

access-list 101 permit tcp host x.x.x.104 any eq 2208

access-list 101 permit tcp host x.x.x.13 any eq 36001

access-list 101 permit tcp host x.x.x.13 any eq 36002

access-list 101 permit tcp host x.x.x.104 any eq 36001

access-list 101 permit tcp host x.x.x.104 any eq 36002

access-list 101 permit tcp host x.x.x.104 any eq 443

access-list 101 permit tcp host x.x.x.13 any eq 22

access-list 101 permit tcp host x.x.x.104 any eq 22

access-list 101 permit tcp host x.x.x.104 any eq www

access-list 101 permit tcp host x.x.x.13 any eq www

access-list 101 permit tcp host x.x.x.114 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.13 any eq 443

access-list 101 permit tcp host x.x.x.189 any eq 22

access-list 101 permit tcp host x.x.x.2 any eq 22

access-list 101 permit tcp host x.x.x.7 any eq 22

access-list 101 permit tcp host x.x.x.41 any eq 22

access-list 101 permit tcp host x.x.x.189 any eq www

access-list 101 permit tcp host x.x.x.2 any eq www

access-list 101 permit tcp host x.x.x.7 any eq www

access-list 101 permit tcp host x.x.x.41 any eq www

access-list 101 permit tcp host x.x.x.189 any eq 443

access-list 101 permit tcp host x.x.x.2 any eq 443

access-list 101 permit tcp host x.x.x.7 any eq 443

access-list 101 permit tcp host x.x.x.41 any eq 443

access-list 101 permit tcp host x.x.x.189 any eq 1099

access-list 101 permit tcp host x.x.x.2 any eq 1099

access-list 101 permit tcp host x.x.x.7 any eq 1099

access-list 101 permit tcp host x.x.x.41 any eq 1099

access-list 101 permit tcp host x.x.x.189 any eq 2208

access-list 101 permit tcp host x.x.x.2 any eq 2208

access-list 101 permit tcp host x.x.x.7 any eq 2208

access-list 101 permit tcp host x.x.x.41 any eq 2208

access-list 101 permit tcp host x.x.x.189 any eq 36001

access-list 101 permit tcp host x.x.x.2 any eq 36001

access-list 101 permit tcp host x.x.x.7 any eq 36001

access-list 101 permit tcp host x.x.x.41 any eq 36001

access-list 101 permit tcp host x.x.x.189 any eq 36002

access-list 101 permit tcp host x.x.x.2 any eq 36002

access-list 101 permit tcp host x.x.x.7 any eq 36002

access-list 101 permit tcp host x.x.x.41 any eq 36002

access-list 101 permit tcp host x.x.x.151 host xx.xxx.224.15 eq 22

access-list 101 permit tcp host x.x.x.151 host xx.xxx.224.16

access-list 101 permit tcp host x.x.x.151 host xx.xxx.224.11

access-list 101 permit tcp host x.x.x.151 host xx.xxx.224.10 eq 22

access-list 101 permit ip host x.x.x.x host xx.xxx.224.36

access-list 101 permit ip x.x.0.0 0.0.255.255 any

access-list 101 permit ip host x.x.x.206 host xx.xxx.224.2

access-list 101 permit ip xx.xxx.224.0 0.0.31.255 xx.xxx.228.0 0.0.0.255

access-list 101 permit ip host x.x.x.28 any

access-list 101 permit ip any xx.xxx.226.228 0.0.0.3

access-list 101 permit ip any xx.xxx.226.128 0.0.0.15

access-list 101 deny   ip any xx.xxx.226.0 0.0.0.255

access-list 101 permit tcp host x.x.x.194 host xx.xxx.224.5 eq 3389

access-list 101 permit tcp any host xx.xxx.224.5 eq 443

access-list 101 permit ip host x.x.x.x host xx.xxx.224.5

access-list 101 permit udp host x.x.x.x host xx.xxx.224.5 eq domain

access-list 101 permit tcp host x.x.x.242 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.36 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.65 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.124 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.195 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.138 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.98 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.171 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.153 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.116 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.193 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.32 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.18 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.243 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.28 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.44 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.108 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.82 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.76 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.59 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.134 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.33 host xx.xxx.224.5 eq www

access-list 101 permit ip x.x.x.0 0.0.7.255 host xx.xxx.224.5

access-list 101 permit tcp host x.x.x.210 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.185 host xx.xxx.224.5 eq www

access-list 101 permit tcp host x.x.x.227 host xx.xxx.224.5 eq www

access-list 101 permit tcp x.x.x.0 0.0.15.255 host xx.xxx.224.5 eq smtp

access-list 101 permit tcp x.x.x.0 0.0.15.255 host xx.xxx.224.5 eq smtp

access-list 101 permit tcp x.x.x.0 0.0.7.255 host xx.xxx.224.5 eq smtp

access-list 101 permit tcp x.x.x.0 0.0.7.255 host xx.xxx.224.5 eq smtp

access-list 101 permit tcp x.x.x.0 0.0.7.255 host xx.xxx.224.5 eq smtp

access-list 101 permit tcp x.x.x.0 0.0.1.255 host xx.xxx.224.5 eq smtp

access-list 101 permit tcp x.x.x.0 0.0.1.255 host xx.xxx.224.5 eq smtp

access-list 101 permit tcp x.x.x.0 0.0.1.255 host xx.xxx.224.5 eq smtp

access-list 101 deny   ip any host xx.xxx.224.7

access-list 101 deny   ip any host xx.xxx.224.5

access-list 101 deny   ip any host xx.xxx.224.20

access-list 101 deny   ip any host xx.xxx.224.27

access-list 101 deny   ip any xx.xxx.224.128 0.0.0.127

access-list 101 deny   ip any xx.xxx.228.0 0.0.0.255

access-list 101 permit ip host x.x.x.24 host xx.xxx.224.32

access-list 101 permit ip host x.x.x.24 host xx.xxx.224.31

access-list 101 permit ip host x.x.x.24 host xx.xxx.224.30

access-list 101 permit ip x.x.x.0 0.0.0.255 host xx.xxx.224.30

access-list 101 permit ip x.x.x.0 0.0.0.255 host xx.xxx.224.31

access-list 101 permit ip x.x.x.0 0.0.0.255 host xx.xxx.224.32

access-list 101 permit ip x.x.x.0 0.0.0.255 host xx.xxx.224.33

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 deny   ip any host xx.x.x.x

access-list 101 permit ip any any

access-list 102 permit ip xx.xx.xx.0 0.0.0.255 any

access-list 106 permit ip host xxx.xx.x.xx any

access-list 125 permit tcp xx.xxx.xxx.0 0.0.0.127 any eq smtp

access-list 125 permit ip host xx.xxx.xxx.x any

access-list 126 permit ip host xx.xxx.xxx.xxx host x.x.x.x

access-list 144 deny   tcp host xx.xxx.xxx.x any eq 445

access-list 144 deny   tcp host xx.xxx.xxx.x any eq 136

access-list 144 deny   tcp host xx.xxx.xxx.x any eq 137

access-list 144 deny   ip host xx.xxx.xxx.x xx.0.0.0 0.255.255.255

access-list 144 deny   tcp host xx.xxx.xxx.x any eq 135

access-list 144 permit tcp host xx.xxx.xxx.x any established

access-list 144 permit ip any any

snmp-server community c4rt3r RW 30

snmp-server community voiss RO 34

snmp-server community SIPcomMonitor RO 34

snmp-server location Telehouse North Rack18

snmp-server contact Support - 02033285000

snmp-server chassis-id THN-7201-A

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps vrrp

snmp-server enable traps ds1

snmp-server enable traps tty

snmp-server enable traps eigrp

snmp-server enable traps xgcp

snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config

snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up

snmp-server enable traps flash insertion removal

snmp-server enable traps srp

snmp-server enable traps ds3

snmp-server enable traps envmon

snmp-server enable traps isdn call-information

snmp-server enable traps isdn layer2

snmp-server enable traps isdn chan-not-avail

snmp-server enable traps isdn ietf

snmp-server enable traps ima

snmp-server enable traps channel

snmp-server enable traps ip local pool

snmp-server enable traps aaa_server

snmp-server enable traps atm subif

snmp-server enable traps bgp

snmp-server enable traps bstun

snmp-server enable traps bulkstat collection transfer

snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency

snmp-server enable traps memory bufferpeak

snmp-server enable traps cnpd

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps config-ctid

snmp-server enable traps dial

snmp-server enable traps dlsw

snmp-server enable traps dsp card-status

snmp-server enable traps dsp oper-state

snmp-server enable traps entity

snmp-server enable traps fru-ctrl

snmp-server enable traps resource-policy

snmp-server enable traps frame-relay multilink bundle-mismatch

snmp-server enable traps frame-relay

snmp-server enable traps frame-relay subif

snmp-server enable traps hsrp

snmp-server enable traps ipmobile

snmp-server enable traps ipmulticast

snmp-server enable traps mpls ldp

snmp-server enable traps mpls traffic-eng

snmp-server enable traps mpls fast-reroute protected

snmp-server enable traps msdp

snmp-server enable traps mvpn

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change nssa-trans-change

snmp-server enable traps ospf cisco-specific state-change shamlink interface-old

snmp-server enable traps ospf cisco-specific state-change shamlink neighbor

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message

snmp-server enable traps pppoe

snmp-server enable traps cpu threshold

snmp-server enable traps rsvp

snmp-server enable traps ipsla

snmp-server enable traps stun

snmp-server enable traps syslog

snmp-server enable traps l2tun session

snmp-server enable traps l2tun pseudowire status

snmp-server enable traps pw vc

snmp-server enable traps event-manager

snmp-server enable traps director server-up server-down

snmp-server enable traps firewall serverstatus

snmp-server enable traps rf

snmp-server enable traps isakmp policy add

snmp-server enable traps isakmp policy delete

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server enable traps alarms informational

snmp-server enable traps ccme

snmp-server enable traps srst

snmp-server enable traps mpls vpn

snmp-server enable traps voice

snmp-server enable traps dnis

snmp-server host xxx.xx.x.xx version 2c SIPcomMonitor

snmp-server host xxx.xx.x.xx version 2c SIPcomMonitor

!

!

!

!

route-map TATA permit 10

match ip address SIPCOM/21

set as-path prepend 47631 47631 47631

!

route-map IPEX permit 10

match ip address 126

!

route-map TITA permit 10

match ip address SIPCOM/21

!

route-map VR-Outbound_SMTP permit 10

match ip address 125

!

route-map EIGRP-TUNNEL permit 10

match ip address EIGRP

!

!

!

!

control-plane

!

!

!

mgcp fax t38 ecm

!

!

dial-peer cor custom

!

!

!

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

exec-timeout 30 0

password 7 xxxxxxxxxxxxxxxxxxxx

login local

!

ntp logging

ntp master

ntp server xxx.xx.xxx.xx

ntp server xx.xxx.xxx.xxx prefer

end

119137-7200 sh ver.txt.zip
0 Helpful
1 Reply 1

Martin Hruby
Level 1
Level 1

‎08-17-2015 04:21 AM

Hello

You might accomplish this using an EEM applet, like this:

event manager applet SHUT_IF_BW_ABOVE_100
 event tag 1.0 timer watchdog time 5
 action 1.0 info type interface-names regexp "Fa|Gi|Tu"
 action 1.1 foreach _iface "$_info_interface_names"
 action 1.1.1  cli command "show interfaces $_iface | i output rate"
 action 1.1.2  set bw "0"
 action 1.1.3  set result "none"
 action 1.1.4  regexp "5 minute output rate ([0-9]+)" "$_cli_result" result bw
 action 1.1.5.01  if $bw gt "100000000"
 action 1.1.5.02   puts "Interface $_iface is above 100Mbps ($bw)"
 action 1.1.5.03   cli command "enable"
 action 1.1.5.04   cli command "config t"
 action 1.1.5.05   cli command "interface $_iface"
 action 1.1.5.06   cli command "shutdown"
 action 1.1.5.07   cli command "end"
 action 1.1.5.08  else
 action 1.1.5.09   puts "Interface $_iface is below 100Mbps ($bw)"
 action 1.1.5.10 end
 action 1.2 end
 action 1.3   exit

 

The above script will retrieve a list of all interfaces (matching Fa or Gi or Tu in the interface name) every 5 seconds and get the current output rate from the show interfaces command. If this value is above 100Mbps then the interface is shutdown. Every 5 seconds an output is for all interfaces is given which shows the bandwidth utilization. The interfaces are not "un-shut" once the bandwidth returns to normal. You can modify this according to your needs, I'm sure you get the idea.

Best regards,
Martin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card