Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
0
Replies

ASR1001X policer

james_72
Level 1
Level 1

‎09-07-2021 06:11 AM

Dear experts,

I'd like to rate limit some ingress traffic coming from untrusted source to 10Mbs.
 
I've an ASR1001X (16.3.7) and this is the config I'd place:
 
*********************
ip access-list extended ACL_10_203_231_129
 permit ip any host 10.203.231.129


class-map match-all CM_LIMIT_INGRESS
 match access-group name ACL_10_203_231_129


policy-map PM_LIMIT_INGRESS
 class CM_LIMIT_INGRESS
  police 10000000 5000000 5000000 conform-action transmit  exceed-action drop  violate-action drop
 class class-default

The PM is attached to tunnel interface:

TUNNEL0
 service-policy input PM_LIMIT_INGRESS
 
*********************
 
Can you please confirm:
 
1) I'll not drop/limit other traffic
2) ASR1001X applies rate limit in hardware and not in software (in order to avoid CPU overload)
3) is there any mode to limit pps and not only bandwidth
 
Thanks in advance
Cheers

 

James
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card