Configuring ACL-based Traffic Policing (Rate Limiting)
Context
ACL-based traffic policing allows the device to rate-limit the packets matching ACLs and take different actions for packets of different colors.
Procedure
- Configuring traffic policing globally or in a VLAN
- Run the following commands as required.
Only the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the following configuration.
Run traffic-limit [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for incoming packets matching an ACL.
Run traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for outgoing packets matching an ACL.
Run traffic-limit [ vlan vlan-id ] inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for incoming packets matching Layer 2 and Layer 3 ACLs.
Run traffic-limit [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for incoming packets matching Layer 2 and Layer 3 ACLs.
Run traffic-limit [ vlan vlan-id ] outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for outgoing packets matching Layer 2 and Layer 3 ACLs.
Run traffic-limit [ vlan vlan-id ] outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for outgoing packets matching Layer 2 and Layer 3 ACLs.
Traffic policing can define packet colors:
- When the size of a packet is less than the CBS, the packet is colored green.
- When the size of a packet is greater than or equal to the CBS but less than the PBS, the packet is colored yellow.
- When the size of a packet is greater than or equal to the PBS, the packet is colored red.
By default, green packets and yellow packets are allowed to pass through, and red packets are discarded.
- Run the following commands as required.
- Configuring traffic policing on an interface
- Run the following commands as required.
Only the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the following configuration.
Run traffic-limit inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for incoming packets matching an ACL.
Run traffic-limit outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for outgoing packets matching an ACL.
Run traffic-limit inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for incoming packets matching Layer 2 and Layer 3 ACLs.
Run traffic-limit inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for incoming packets matching Layer 2 and Layer 3 ACLs.
Run traffic-limit outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for outgoing packets matching Layer 2 and Layer 3 ACLs.
Run traffic-limit outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ]
Traffic policing is configured for outgoing packets matching Layer 2 and Layer 3 ACLs.
Traffic policing can define packet colors:
- When the size of a packet is less than the CBS, the packet is colored green.
- When the size of a packet is greater than or equal to the CBS but less than the PBS, the packet is colored yellow.
- When the size of a packet is greater than or equal to the PBS, the packet is colored red.
By default, green packets and yellow packets are allowed to pass through, and red packets are discarded.
- Run the following commands as required.