05-19-2016 07:23 AM
I am having trouble setting up a policy to stop excessive WAN bandwidth for a particular application (i.e SQL)
Here is what I have tried:
Router(config)#traffic-policy POL rate-limit fixed 2000 exceed-action drop
Router(config)#access-list 101 permit tcp any eq 1433 any traffic-policy POL
Router(config)#access-list 101 permit tcp any any 1433 traffic-policy POL
Router(config)#interface ethernet ve 100
Router(config-if-ve100)#ip access-group 101 in
The problem is the moment I enable that, the router starts dropping ALL traffic; heck, I even loose my SSH session.
Now, I knwo that most ACLs have an implicit deny, but to specify the traffic the documentation says to use permit. Obviously if I add, "access-list 101 permit ip any any" at the end then it would classify ALL traffic as meeing the criteria to police.
The only other thing I can think of is to permit any any without traffic-policy POL