Chapter 10
| Access Control Lists
IPv6 ACLs
ā 408 ā
Here is a more detailed example for setting the CPU rate limit for SNMP packets.
Set ACL
Console(config)#access-list ip extended snmp-acl
Console(config-ext-acl)#permit any any destination-port 161
Console(config-ext-acl)#permit any any destination-port 162
Console(config-ext-acl)#exit
Set class map
Console(config)#class-map snmp-class
Console(config-cmap)#match access-list snmp-acl
Console(config-cmap)#
Set policy map and rate-limit
Console(config)#policy-map cpu-rate-limit-policy
Console(config-pmap)#class snmp-class
Console(config-pmap-c)police flow 10000 20000 conform-action transmit
violate-action drop
Console(config-pmap-c)exit
Console(config-pmap)#exit
Bind the service-policy to control-plane
Console(config)#control-plane
Console(config)#interface ethernet 1/1
Console(config-if)#service-policy input cpu-rate-limit-policy
Console(config-if)#
Related Commands
access-list ipv6 (403)
Time Range (189)
ipv6 access-group
(Interface Configuration)
This command binds an IPv6 ACL to a port. Use the no form to remove the port.
Syntax
ipv6 access-group acl-name {in |
out}
[time-range time-range-name] [counter]
no ipv6 access-group acl-name {in
| out}
acl-name ā Name of the ACL. (Maximum length: 32 characters)
in ā Indicates that this list applies to ingress packets.
out ā Indicates that this list applies to egress packets.
time-range-name - Name of the time range. (Range: 1-32 characters)
counter ā Enables counter for ACL statistics.
Default Setting
None
Command Mode
Interface Configuration (Ethernet)
To Next Page
Loading...
