Note
You can bind only one service policy at the control plane interface, so all control plane rate-limiting configurations must be bound in the same policy-map with different class-maps. Each class-map can bind to only one IP access-group. A policy map can bind to multiple class-maps, and each class-map can be configured with a rate limit.For more information about RACL, see Receive ACL Rate Limiting.
For more information about ACLs, see the Extreme SLX-OS Security Configuration Guide.
For more information about class maps, see Class Maps.
For more information about the commands in the following examples, see the Extreme SLX-OS Command Reference.
# Create an IP-ACL to permit SSH flows originating from host 11.11.11.100 ip access-list extended ip-ssh-2 seq 10 permit tcp host 11.11.11.100 any eq 22 count # Create an IP-ACL to permit SSH flows originating from network 2.2.2.2/24 ip access-list extended ip-ssh-3 seq 10 permit tcp 2.2.2.2 0.0.0.255 any eq 22 count # Create a class-map that binds to IP ACL ip-ssh-2 class-map class-ssh-2 match access-group ip-ssh-2 # Create a class-map that binds to IP ACL ip-ssh-3 class-map class-ssh-3 match access-group ip-ssh-3 ! # Create a policy-map map-ssh, with class-maps class-ssh-2 rate limited at 100 KBPS # and with class-ssh-3 rate limited at 1 MBPS. policy-map map-ssh class class-ssh-2 police cir 100000 ! class class-ssh-3 police cir 1000000 ! ! # Bind above configured policy-map to control-plane interface. control-plane service-policy in map-ssh !