For Layer 2 ACL-based rate limiting on VPLS endpoints, ensure that the default TCAM profile is enabled.
Important
Layer 2 ACL-based rate limiting on VPLS endpoints is not supported on SLX 9150/Extreme 8520.Configure Layer 2 filter parameters to match the outer VLAN, VLAN-tag format, and inner VLAN based on the traffic received on a logical interface for which rate limiting is required. For more information on filtering by the VLAN-tag type, see the Extreme SLX-OS Security Configuration Guide.
For Layer 2 ACL-based rate limiting to filter known unicast traffic only, configure a rule for a MAC extended ACL with the known-unicast-only keyword. This configuration is supported only for an ingress ACL on an L2_Ratelimit profile. Note that an implicit deny applies for both unknown and known unicast traffic.
To display the Layer 2 ACL bindings, use the show access-list mac command.
To display the policy-map bindings and rate-limiting statistics, use the show policy-map interface command.
device# configure terminal
device(config)# mac access-list extended m1
device(conf-macl-ext)# permit any any vlan 100
device(conf-macl-ext)# exit
device(config)# class-map c1
device(config-classmap)# match access-group m1
device(config-classmap)# exit
device(config)# policy-map p1
device(config-policymap)# class c1
device(config-policymap-class)# police cir 400000
device(config-policymap-class)# exit
device(config)# interface ethernet 0/1
device(conf-if-eth-0/1)# service-policy in p1
device(config)# hardware device(config-hardware)# profile tcam layer2-egress-ratelimit device(config-hardware)# exit device# copy running-config startup-config device# reload system
The following example summarizes the commands in this procedure.
device# configure terminal device(config)# mac access-list extended m1 device(conf-macl-ext)# permit any any vlan 100 device(conf-macl-ext)# exit device(config)# class-map c1 device(config-classmap)# match access-group m1 device(config-classmap)# exit device(config)# policy-map p1 device(config-policymap)# class c1 device(config-policymap-class)# police cir 400000 device(config-policymap-class)# exit device(config-policymap)# exit device(config)# interface ethernet 0/1 device(conf-if-eth-0/1)# service-policy in p1