8.2 alternate solution

i toyed with mqc but was concerned that the bandwith 256k limitation might be on "all tha time"...  forced me to a flatter solution...



interface Ethernet0/1   

rate-limit input access-group 198 256000 3200 3200 conform-action transmit exceed-action drop

xxxxxxxxxxx

access-list 198 permit tcp any eq www any time-range 8-5

time-range 8-5
 periodic weekdays 8:00 to 17:00

xxxxxxxxxx

SW2#telnet 150.1.3.3 80 /source-interface ethernet 0/0
Trying 150.1.3.3, 80 ... Open


R4#sh access-l | be 198
Extended IP access list 198
    20 permit tcp any any eq www time-range 8-5 (active) (12 matches)

xxxxxxxxx
R4#Sh interfaces ethernet 0/1 rate-limit
Ethernet0/1
  Input
    matches: access-group 198
      params:  256000 bps, 3200 limit, 3200 extended limit
      conformed 14 packets, 840 bytes; action: transmit
      exceeded 0 packets, 0 bytes; action: drop
      last packet: 4748ms ago, current burst: 0 bytes
      last cleared 00:02:12 ago, conformed 0 bps, exceeded 0 bps


R4#clear counters

R4#clock set 00:01:00 jan 1 2008

 

SW2#telnet 150.1.3.3 80 /source-interface ethernet 0/0

Trying 150.1.3.3, 80 ... Open

 

R4#sh access-l | be 198

Extended IP access list 198

    20 permit tcp any any eq www time-range 8-5 (inactive)

R4#Sh interfaces ethernet 0/1 rate-limit
Ethernet0/1
  Input
    matches: access-group 198
      params:  256000 bps, 3200 limit, 3200 extended limit
      conformed 0 packets, 0 bytes; action: transmit
      exceeded 0 packets, 0 bytes; action: drop
      last packet: 329204ms ago, current burst: 0 bytes
      last cleared 00:01:10 ago, conformed 0 bps, exceeded 0 bps


xxxxxxxxxxxxxxxxxxxxxxxx

..also concerned with wording in task requirment "out interface e0/1" ..that logic sounds like out to vlan 44 to me...  one for the proctor...

xxxxxxxxxxxxxxxxxxxxxxx


...below link from archive..

http://forum.internetworkexpert.com/ubbthreads.php/ubb/showflat/Number/17266/page/2#Post17266


Comments

  • I think that's pretty elegant, nice and compact.  Looks like it works, as you've proved your ACL goes active|inactive, etc...  As you said at the end of your post, I think you'd need to make it a rate-limit output on your config, rather than input, and it'd meet the requirements.

    Very nice, and thank you for the tip!  It always helps to know another way to do something.

     

    --JB

  • Whew, thanks for the post. I did the same thing:


    interface Ethernet0/1
     ip address 136.8.44.4 255.255.255.0
     rate-limit output access-group 144 256000 4000 8000 conform-action transmit exceed-action drop


    Extended IP access list 144
        10 permit tcp any any eq www time-range WORKHOURS (inactive)

    time-range WORKHOURS
     periodic weekdays 8:00 to 17:00

     

    I'm always confused though, when it forces me to answer bc and be, what do I put? I just threw in 4000 and 8000 because it sounded good. I'm afraid this may not meet the solution.




  • Hi webwidejosh, I think that you dont achive the points because your access-list is wrong:

    Extended IP access list 144
        10 permit tcp any any eq www time-range WORKHOURS (inactive)

    It must be:

    Extended IP access list 144
        10 permit tcp any eq www  any time-range WORKHOURS (inactive)

Sign In or Register to comment.