Filter
Top Products
Rate Limiting
NOTE: The deny option is not applicable to rate limiting. Always specify permit when configuring an ACL for
use in a rate limiting rule.
Syntax: [no] access-list <num> deny | permit host <ip-protocol> any any [log]
NOTE: For complete syntax descriptions for standard and extended ACLs, see “Using Access Control Lists
(ACLs)” on page 3-1.
Here is the syntax for rate limit ACLs.
Syntax: [no] access-list rate-limit <num> <mac-addr> | <precedence> | mask <precedence-mask>
The <num> parameter specifies the ACL number.
The <mac-addr> | <precedence> | mask <precedence-mask> parameter specifies a MAC address, an IP
precedence, or a mask value representing a set of IP precedence values or a Diffserv control point.
To specify a MAC address, enter the address in the following format: xxxx.xxxx.xxxx.
To specify an IP precedence, specify one of the following:
• 0 – The ACL matches packets that have the routine precedence.
• 1 – The ACL matches packets that have the priority precedence.
• 2 – The ACL matches packets that have the immediate precedence.
• 3 – The ACL matches packets that have the flash precedence.
• 4 – The ACL matches packets that have the flash override precedence.
• 5 – The ACL matches packets that have the critical precedence.
• 6 – The ACL matches packets that have the internetwork control precedence.
• 7 – The ACL matches packets that have the network control precedence.
To specify a mask value for a set of IP precedence values, enter mask followed by a two-digit hexadecimal
number for the precedence values.
The precedence values are in an 8-bit field in the IP packet header. To calculate the hexadecimal number for a
combination of precedence values, write down the values for the entire field to create the binary number for the
mask value, then convert the number to hexadecimal. For example, to specify a mask for precedences 2, 4, and
5, write down the following values for the precedence field:
Bit position 8
Precedence 7
Bit pattern 0
1 2 3 4 5 6 7
0 1 2 3 4 5 6
0 0 1 0 1 1 0
Then, reading the digits from right to left, convert the number to hexadecimal. In this case, 00110100 binary
becomes 0x34. Enter the mask as mask 34.
For simplicity, you can convert the digits in groups of four bits each.
For example, you can convert bits 1 – 4 (binary 0100) to get hexadecimal “4” for the right digit. Then convert bits
5 – 8 (binary 0011) to get hexadecimal “3” for the left digit. The result is “34”.
Alternatively, you can enter the entire eight-bit binary number in a calculator, then convert the number to
hexadecimal. For example, you can enter the binary number “00110100” and convert it to hexadecimal to get
“34”. (Without the leading zeros, enter “110100”.)
4 - 15