AOS-CX 10.07 ACLs and Classifier Policies Guide Help Center
Configuring the classifier policies example
These steps are part of the classifier policies configuration example.
Procedure
- Configure Switch A.
- Create a classifier policy named RATE_LIMIT_POLICY:
- Configure the policy RATE_LIMIT_POLICY, so that 102,400 kbps of traffic, matching the class SERVER_TRAFFIC, is forwarded and the excess is dropped:
- Configure the policy RATE_LIMIT_POLICY so that 25,600 kbps of traffic, matching the class HOST_A_TRAFFIC, is forwarded and the excess is dropped:
- Apply RATE_LIMIT_POLICY to interface 1/1/1 for the inbound traffic:
- To view the configuration with the RATE_LIMIT_POLICY applied:
- Configure Switch B.
- Create a classifier policy named RATE_LIMIT_HTTP:
switch(config)# policy RATE_LIMIT_HTTP
- Configure the policy RATE_LIMIT_HTTP so that 204,800 kbps of traffic, matching the class HTTP_TRAFFIC, is forwarded and the excess is dropped:
- Apply RATE_LIMIT_HTTP to interface 1/1/1 for inbound traffic:
- Show the running configuration with RATE_LIMIT_HTTP applied:
Create traffic classes named SERVER_TRAFFIC and HOST_A_TRAFFIC for matching the packets from the server and Host A:
switch# configure
switch(config)# class ip SERVER_TRAFFIC
switch(config-class-ip)# match any 1.1.1.1 any
switch(config-class-ip)# exit
switch(config)# class ip HOST_A_TRAFFIC
switch(config-class-ip)# match any 1.1.1.2 any
switch(config-class-ip)# exit
switch(config)# policy RATE_LIMIT_POLICY
switch(config-policy)# class ip SERVER_TRAFFIC action cir kbps 102400 exceed drop
switch(config-policy)# class ip HOST_A_TRAFFIC action cir kbps 25600 exceed drop
switch(config-policy)# exit
switch(config)# int 1/1/1
switch(config-if)# apply policy RATE_LIMIT_POLICY in
switch(config-if)# exit
switch# show running-config
Current configuration:
!
...
class ip SERVER_TRAFFIC
10 match any 1.1.1.1 any
class ip HOST_A_TRAFFIC
10 match any 1.1.1.2 any
policy RATE_LIMIT_POLICY
10 class ip SERVER_TRAFFIC action cir kbps 102400 exceed drop
20 class ip HOST_A_TRAFFIC action cir kbps 25600 exceed drop
interface 1/1/1
apply policy RATE_LIMIT_POLICY in
Create a traffic class named HTTP_TRAFFIC and configure it to match traffic to port 80:
switch(config)# class ip HTTP_TRAFFIC
switch(config-class-ip)# match tcp any any eq 80
switch(config-class-ip)# exit
switch(config-policy)# class ip HTTP_TRAFFIC action cir kbps 204800 exceed drop
switch(config-policy)# exit
switch(config)# int 1/1/1
switch(config-if)# apply policy RATE_LIMIT_HTTP in
switch(config-if)# exit
switch# show running-config
Current configuration:
!
...
class ip HTTP_TRAFFIC
10 match tcp any any eq 80
policy RATE_LIMIT_HTTP
10 class ip HTTP_TRAFFIC action cir kbps 204800 exceed drop
interface 1/1/1
apply policy RATE_LIMIT_HTTP in
switch# show running-config
Current configuration:
!
...
class ip HTTP_TRAFFIC
10 match tcp any any eq 80
policy RATE_LIMIT_HTTP
10 class ip HTTP_TRAFFIC action cir kbps 204800 exceed drop
interface 1/1/1
apply policy RATE_LIMIT_HTTP in