You can use RACL entries to configure rate limiting actions that police the traffic to the control plane.
Note
You can bind only one service policy at the control plane interface, so all control plane rate-limiting configurations must be bound in the same policy-map with different class-maps. Each class-map can bind to only one IP access-group. A policy map can bind to multiple class-maps, and each class-map can be configured with a rate limit.For more information about RACL, see Receive ACL Rate Limiting.
For more information about ACLs, see the Extreme SLX-OS Security Configuration Guide.
For more information about class maps, see Class Maps.
For more information about the commands in the following examples, see the Extreme SLX-OS Command Reference.
# Create an IP-ACL to permit SSH flows originating from host 11.11.11.100 ip access-list extended ip-ssh-2 seq 10 permit tcp host 11.11.11.100 any eq 22 count # Create an IP-ACL to permit SSH flows originating from network 2.2.2.2/24 ip access-list extended ip-ssh-3 seq 10 permit tcp 2.2.2.2 0.0.0.255 any eq 22 count # Create a class-map that binds to IP ACL ip-ssh-2 class-map class-ssh-2 match access-group ip-ssh-2 # Create a class-map that binds to IP ACL ip-ssh-3 class-map class-ssh-3 match access-group ip-ssh-3 ! # Create a policy-map map-ssh, with class-maps class-ssh-2 rate limited at 100 KBPS # and with class-ssh-3 rate limited at 1 MBPS. policy-map map-ssh class class-ssh-2 police cir 100000 ! class class-ssh-3 police cir 1000000 ! ! # Bind above configured policy-map to control-plane interface. control-plane service-policy in map-ssh !