Задача: зарезать трафик клиента в обе стороны до 1 Мбит/с
1. Создаем ACL:
access-list 133 permit ip any 192.168.99.0 0.0.0.255
access-list 133 permit ip 192.168.99.0 0.0.0.255 any
access-list 133 permit ip 192.168.99.0 0.0.0.255 any
2. На интерфейсе
rate-limit input access-group 133 1000000 10000 10000 conform-action transmit exceed-action drop
rate-limit output access-group 133 1000000 10000 10000 conform-action transmit exceed-action drop
rate-limit output access-group 133 1000000 10000 10000 conform-action transmit exceed-action drop
3. Проверяем:
#sh int fa4 rate-limit
Input
matches: access-group 133
params: 1000000 bps, 10000 limit, 10000 extended limit
conformed 16534 packets, 2178996 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
last packet: 180ms ago, current burst: 0 bytes
last cleared 00:14:37 ago, conformed 19000 bps, exceeded 0 bps
Output
matches: access-group 133
params: 1000000 bps, 10000 limit, 10000 extended limit
conformed 18034 packets, 16472072 bytes; action: transmit
exceeded 2702 packets, 3592499 bytes; action: drop
last packet: 36ms ago, current burst: 0 bytes
last cleared 00:14:27 ago, conformed 151000 bps, exceeded 33000 bps
matches: access-group 133
params: 1000000 bps, 10000 limit, 10000 extended limit
conformed 16534 packets, 2178996 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
last packet: 180ms ago, current burst: 0 bytes
last cleared 00:14:37 ago, conformed 19000 bps, exceeded 0 bps
Output
matches: access-group 133
params: 1000000 bps, 10000 limit, 10000 extended limit
conformed 18034 packets, 16472072 bytes; action: transmit
exceeded 2702 packets, 3592499 bytes; action: drop
last packet: 36ms ago, current burst: 0 bytes
last cleared 00:14:27 ago, conformed 151000 bps, exceeded 33000 bps