Rate Limiting for TCP Syn Packets
Yeah Sorry for the spam Group.
I understand now what it means, so all control bit are only exchange at the begging and at the end
Silly me, so we are not rate limiting the TCP Traffic of “Establised” connections
Thanks and please sorry for the spam
Victor.-
_____
De: Victor Cappuccio [mailto:cvictor@protokolgroup.com] Enviado el: Martes, 22 de Agosto de 2006 11:49 a.m. Para: ‘Cisco certification’ Asunto: Rate Limiting for TCP Syn Packets
Hi Guys,
Reading today at this link:
http://www.cisco.com/warp/public/63/car_rate_limit_icmp.html#rate_limit_tcp_ syn
I found that maybe the access-list 103 is inversed :S
Or Just I wake up with dyslexia this morning.
With this configuration
access-list 103 deny tcp any host 10.0.0.1 established !— Let established sessions run fine access-list 103 permit tcp any host 10.0.0.1 !— We are just going to rate limit the initial tcp SYN packet, !– as the other packets in the TCP session would have hit the prior entry in the ACL interface rate-limit input access-group 103 8000 8000 8000 conform-action transmit exceed-action drop
We are going only to rate-limit TCP Traffic if I’m not wrong
I think that the ACL should be only
access-list 103 permit tcp any host 10.0.0.1 established
Opinions are welcome
Thanks
Victor.-
Category: CCIE Study
