3 May
1999
3 May
'99
7:48 p.m.
3) Can't manage it. Providers are understaffed with clueful people.
Is this really that hard?
access-list 175 permit icmp any any int bleh/bleh rate-limit input access-group 175 128000 8000 8000 conform-action transmit exceed-action drop rate-limit output access-group 175 128000 8000 8000 conform-action transmit exceed-action drop
I agree, the above isn't all that hard. However, I'd argue that the above is in some sense wrong. There's no need to put all ICMP traffic in the same basket; some ICMP traffic is required for e.g. path MTU discovery to work. So, instead I'd use access-list 175 permit icmp any any echo-reply But you all knew that already, right? ;-) - Håvard