Configuring a connection-rate ACL using source IP address criteria
To configure a connection-rate ACL using UDP/TCP criteria, see Configuring a connection-rate ACL using UDP/TCP criteria.
Syntax
ip access-list connection-rate-filter < crf-list-name >
switch(config-crf-nacl)#
If the ACL already exists, this command simply puts the CLI into the ACE context.
Syntax
< filter | ignore > ip < any | host ip-addr | ip-addr mask-length >
Used in the ACE context to specify the action of the connection-rate ACE and the source IP address of the traffic that the ACE affects.
< filter | ignore >
The filter
option
assigns policy filtering to traffic with source IP address (SA) matching
the source address in the ACE. The ignore
option
specifies bypassing policy filtering for traffic with an SA that matches
the source address in the ACE.
ip < any | host ip-addr | ip-addr mask-length >
Specifies the SA criteria for traffic addressed by the ACE.
any
Applies the ACEs action (filter
or ignore
)
to traffic having any SA.
host ip-addr
Applies the ACEs action (filter
or ignore
)
to traffic having the specified host SA.
ip-addr mask-length
Applies the ACEs action (filter
or ignore
)
to traffic having an SA within the range defined by either:
<src-ip-addr/cidr-mask-bits>
or
<src-ip-addr <mask>>
Use this criterion for traffic received from either a subnet or a group of IP addresses. The mask can be in either dotted-decimal format or CIDR format with the number of significant bits. See Using an ACL in a connection-rate configuration example.