On Thu, 30 Mar 2006 15:56:02 -0800
Robert Sherrard <rob@robsherrard.com> wrote:
I've got a situation in which I'd like to rate limit a few servers
that hang off of my 6590's... it appears that this can only be done
on a layer 3 interface. These servers however aren't, they simply on
a switch port / access. Aside from hard setting the l2 interface to
10mbit, can anyone think of another creative way to do this? Is one
option moving these servers into a separate VLAN, then rate-limiting
from there?
Is rate limiting by source IP address an acceptable to you? If so,
then you could do it that way. An untested example that should set
you out in search of the necessary doc:
class-map match-all cm-src-specific
match access-group name acl-src-specific
!
interface Vlan99
service-policy input sp-rate-limit
!
policy-map sp-rate-limit
class cm-src-specific
police flow mask src-only 1000000 4000 conform-action transmit exceed-action drop
!
ip access-list extended acl-src-specific
permit ip any any
John