Rate limiting MYsql (Port 3310)
The Doctor
and I am trying to rate limit to10Mbps but
this customer is still doing 100Mpbs.
Attaching show run
Current configuration : 24131 bytes
!
! Last configuration change at 10:23:57 PCTime Tue Nov 17 2009 by web
! NVRAM config last updated at 10:23:59 PCTime Tue Nov 17 2009 by web
!
version 12.4
no parser cache
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
!
hostname netknow
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
no logging rate-limit
logging console critical
enable secret 5 $1$gFVw$XqGyRVw0ojOlyoYmojIAE1
!
no aaa new-model
memory-size iomem 10
clock timezone PCTime 0
!
crypto pki trustpoint TP-self-signed-3484789670
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3484789670
revocation-check none
rsakeypair TP-self-signed-3484789670
!
!
crypto pki certificate chain TP-self-signed-3484789670
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343834 37383936 3730301E 170D3039 30383235 31353531
33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34383437
38393637 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100ADF5 A9469A99 541DD7C8 DA07A8A6 51C15019 FA657A31 9754F13A 511F210B
64B486CE 81213182 4A2708C3 E7A9CC1B DA0C9883 DCC69B50 DFFD49E6 5B9B0945
0F09C4DA 8BDC29BB 1593D334 8C9E9F69 2195A085 2729FAAB 67DE7AD2 90D3585E
165C4783 FFB9ACC7 B1B7FA1D F4BE1130 856AD959 0FF4D53F 429E7A8B 81C44F8B
B6E70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 148D4E54 9054AD58 FCAC9CD5 4C685555 C46CE96B
51301D06 03551D0E 04160414 8D4E5490 54AD58FC AC9CD54C 685555C4 6CE96B51
300D0609 2A864886 F70D0101 04050003 8181003A 6F13391E ABACBAB1 C5827937
E71D3EDF 84699A35 9596D97B 6295AEEF 27457F4A 490D0282 75DADCA6 6B324758
30E91CB5 37F903A7 E51A618E 699A7280 84D1FC38 8082D9FE 9FE6288C CE9DCAAA
0AB73908 C63935C0 99277D22 2C796B05 A0009606 A54336E9 947F9CF5 56DEF447
E0200B34 F8175B91 235B50EA D63BC7AC 2397B1
quit
dot11 syslog
no ip source-route
ip cef
ip cef accounting per-prefix prefix-length
!
!
!
!
no ip bootp server
ip domain name nk.ca
ip host tardis 204.209.81.2
ip host ns2 204.209.81.3
ip host doctor 204.209.81.1
ip host panopticon 204.209.81.4
ip name-server 66.244.223.130
ip name-server 66.251.87.194
ip name-server 204.209.81.1
ip name-server 204.209.81.3
ip name-server 142.77.2.101
ip name-server 142.77.2.36
ip inspect name FWRULE smtp alert on audit-trail on timeout 60
ip inspect name FWRULE http java-list 52 alert on audit-trail on timeout 300
ip inspect name FWUDP udp alert on audit-trail on timeout 300
ip inspect name FWICMP icmp alert on audit-trail on timeout 300
ip inspect name FWTCP tcp alert on audit-trail on timeout 300
ip inspect name FWJAVA http java-list 51
ip inspect name FWHTTP http alert on audit-trail on timeout 60
ip inspect name FWIN udp alert on audit-trail on timeout 300
ip inspect name FWIN icmp alert on audit-trail on timeout 300
ip inspect name FWIN tcp alert on audit-trail on timeout 300
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip accounting-list 0.0.16.0 255.255.225.255
!
multilink bundle-name authenticated
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username root privilege 15 password 7 0228054F0307017918
username web privilege 15 password 7 000A40120F555B11
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
!
class-map match-all LEAPFROG
match access-group 110
class-map match-any SHAW
match access-group 102
class-map match-all GENERAL
match access-group 105
!
!
policy-map leapfrog
policy-map shaw
class SHAW
police 12000000 12000000 12000000 conform-action drop exceed-action drop violate-action drop
policy-map leapfrog1
class LEAPFROG
police 100000 100000 100000 conform-action drop exceed-action drop violate-action drop
policy-map general1
class GENERAL
police 1550000 1550000 1550000 conform-action drop exceed-action drop violate-action drop
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$
bandwidth 12000
ip address 208.118.93.1 255.255.255.0 secondary
ip address 208.118.94.1 255.255.255.0 secondary
ip address 69.196.84.1 255.255.255.0 secondary
ip address 69.196.85.1 255.255.255.0 secondary
ip address 204.209.81.2 255.255.255.0
ip access-group 102 in
ip access-group 105 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip accounting mac-address input
ip accounting mac-address output
ip accounting precedence input
ip accounting precedence output
ip accounting access-violations
ip route-cache flow
load-interval 30
duplex auto
speed auto
media-type rj45
ntp broadcast
no cdp enable
no mop enabled
!
interface GigabitEthernet0/1
bandwidth 12000
ip address 208.118.95.98 255.255.255.252
ip access-group 110 in
ip access-group 110 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip accounting precedence input
ip accounting precedence output
ip accounting access-violations
ip inspect FWRULE in
ip inspect FWIN out
ip route-cache flow
no ip mroute-cache
load-interval 30
duplex auto
speed auto
media-type rj45
no mop enabled
hold-queue 100 in
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 208.118.95.97
ip route 69.196.84.0 255.255.255.0 204.209.81.12
ip route 69.196.84.0 255.255.255.0 GigabitEthernet0/0
ip route 69.196.85.0 255.255.255.0 204.209.81.13
ip route 69.196.85.0 255.255.255.0 GigabitEthernet0/0
ip route 204.209.81.0 255.255.255.0 GigabitEthernet0/0
ip route 208.118.93.0 255.255.255.0 GigabitEthernet0/0
ip route 208.118.93.2 255.255.255.254 204.209.81.1
ip route 208.118.93.4 255.255.255.252 204.209.81.1
ip route 208.118.93.8 255.255.255.248 204.209.81.1
ip route 208.118.93.16 255.255.255.240 204.209.81.1
ip route 208.118.93.32 255.255.255.224 204.209.81.19
ip route 208.118.93.64 255.255.255.192 204.209.81.4
ip route 208.118.93.128 255.255.255.224 204.209.81.1
ip route 208.118.93.160 255.255.255.224 204.209.81.1
ip route 208.118.93.192 255.255.255.224 204.209.81.14
ip route 208.118.93.224 255.255.255.240 204.209.81.14
ip route 208.118.93.240 255.255.255.248 204.209.81.14
ip route 208.118.93.248 255.255.255.252 204.209.81.14
ip route 208.118.93.252 255.255.255.254 204.209.81.14
ip route 208.118.93.254 255.255.255.255 204.209.81.14
ip route 208.118.94.0 255.255.255.0 GigabitEthernet0/0
ip route 208.118.94.0 255.255.255.192 204.209.81.1
ip route 208.118.94.64 255.255.255.192 204.209.81.25
ip route 208.118.94.128 255.255.255.128 204.209.81.25
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map nonat interface GigabitEthernet0/0 overload
!
ip access-list standard NK.CA
!
logging trap debugging
access-list 1 permit 0.0.0.0
access-list 23 permit 204.209.81.0 0.0.0.255
access-list 23 permit 208.118.93.0 0.0.0.255
access-list 23 permit 208.118.94.0 0.0.0.255
access-list 23 permit 68.149.46.0 0.0.0.255
access-list 40 permit 204.209.81.0 0.0.0.255
access-list 40 permit 208.118.93.0 0.0.0.255
access-list 51 permit any
access-list 52 permit any
access-list 101 permit tcp any 204.209.81.0 0.0.0.255
access-list 101 permit tcp any 208.118.93.0 0.0.0.255
access-list 101 permit tcp any 208.118.94.0 0.0.0.255
access-list 102 deny ip 119.30.128.0 0.0.63.255 any
access-list 102 deny ip 222.184.0.0 0.7.255.255 any
access-list 102 deny ip 115.64.0.0 0.0.255.255 any
access-list 102 deny ip 75.64.0.0 0.7.255.255 any
access-list 102 deny ip 111.177.0.0 0.0.255.255 any
access-list 102 deny ip 210.51.176.0 0.0.15.255 any
access-list 102 deny ip 122.82.192.0 0.0.31.255 any
access-list 102 deny ip 218.22.0.0 0.1.255.255 any
access-list 102 deny ip 72.232.0.0 0.1.127.255 any
access-list 102 deny ip 196.22.192.0 0.0.1.255 any
access-list 102 deny ip 196.22.192.0 0.0.15.255 any
access-list 102 deny ip 196.22.208.0 0.0.15.255 any
access-list 102 deny ip 196.22.224.0 0.0.7.255 any
access-list 102 deny ip 196.22.232.0 0.0.3.255 any
access-list 102 deny ip 196.22.238.0 0.0.1.255 any
access-list 102 deny ip 219.117.209.0 0.0.0.255 any
access-list 102 deny ip 59.0.0.0 0.31.255.255 any
access-list 102 deny ip 75.125.0.0 0.0.255.255 any
access-list 102 deny ip 89.170.128.0 0.0.63.255 any
access-list 102 deny ip 89.170.192.0 0.0.31.255 any
access-list 102 deny ip 89.170.224.0 0.0.15.255 any
access-list 102 deny ip 89.170.240.0 0.0.7.255 any
access-list 102 deny ip 66.39.218.0 0.0.0.255 any
access-list 102 deny ip 121.60.0.0 0.3.255.255 any
access-list 102 deny ip 62.141.56.0 0.0.7.255 any
access-list 102 deny ip 222.170.68.0 0.0.1.255 any
access-list 102 deny ip 83.235.20.0 0.0.3.255 any
access-list 102 deny ip 202.222.30.0 0.0.0.255 any
access-list 102 deny ip 91.184.40.0 0.0.0.255 any
access-list 102 deny ip 200.84.0.0 0.0.255.255 any
access-list 102 deny ip 60.248.0.0 0.0.255.255 any
access-list 102 deny ip 203.250.128.0 0.0.15.255 any
access-list 102 deny ip 81.130.192.0 0.0.15.255 any
access-list 102 deny ip 81.130.208.0 0.0.7.255 any
access-list 102 deny ip 85.158.214.0 0.0.0.255 any
access-list 102 deny ip 125.161.192.0 0.0.31.255 any
access-list 102 deny ip 200.25.192.0 0.0.15.255 any
access-list 102 deny ip 198.168.0.0 0.3.255.255 any
access-list 102 deny ip 200.149.77.0 0.0.0.255 any
access-list 102 deny ip 66.45.224.0 0.0.31.255 any
access-list 102 deny ip 174.36.0.0 0.1.255.255 any
access-list 102 deny ip 222.124.224.0 0.0.0.255 any
access-list 102 deny ip 75.46.64.0 0.0.15.255 any
access-list 102 deny ip 61.48.0.0 0.3.255.255 any
access-list 102 deny ip 66.36.224.0 0.0.31.255 any
access-list 102 deny ip 24.121.0.0 0.0.255.255 any
access-list 102 deny ip 124.40.0.0 0.0.63.255 any
access-list 102 deny ip 82.69.0.0 0.0.127.255 any
access-list 102 deny ip 72.55.128.0 0.0.127.255 any
access-list 102 deny ip 71.6.0.0 0.0.255.255 any
access-list 102 deny ip 219.239.132.0 0.0.0.255 any
access-list 102 deny ip 89.120.0.0 0.3.255.255 any
access-list 102 deny ip 89.32.152.0 0.0.7.255 any
access-list 102 deny ip 80.249.64.0 0.0.15.255 any
access-list 102 deny ip 82.135.200.0 0.0.0.255 any
access-list 102 deny ip 82.135.201.0 0.0.0.255 any
access-list 102 deny ip 82.135.202.0 0.0.0.255 any
access-list 102 deny ip 222.208.0.0 0.7.255.255 any
access-list 102 deny ip 117.80.0.0 0.15.255.255 any
access-list 102 deny ip 121.16.0.0 0.7.255.255 any
access-list 102 deny ip 210.51.0.0 0.0.255.255 any
access-list 102 deny ip 61.186.104.0 0.0.6.255 any
access-list 102 deny ip 217.16.18.0 0.0.0.255 any
access-list 102 deny ip 125.77.0.0 0.0.255.255 any
access-list 102 deny ip 61.187.0.0 0.0.71.255 any
access-list 102 deny ip 218.66.0.0 0.1.127.255 any
access-list 102 deny ip 201.212.0.0 0.0.254.255 any
access-list 102 deny ip 220.169.0.0 0.0.63.255 any
access-list 102 deny ip 82.177.41.0 0.0.0.255 any
access-list 102 deny ip 77.81.128.0 0.0.7.255 any
access-list 102 deny ip 69.27.160.0 0.0.15.255 any
access-list 102 deny ip 82.77.189.0 0.0.0.255 any
access-list 102 deny ip 78.106.0.0 0.1.255.255 any
access-list 102 deny ip 61.138.224.0 0.0.31.255 any
access-list 102 deny ip 82.78.212.0 0.0.3.255 any
access-list 102 deny ip 222.80.0.0 0.3.127.255 any
access-list 102 deny ip 219.94.144.0 0.0.0.255 any
access-list 102 deny ip 125.65.112.0 0.0.0.255 any
access-list 102 deny ip 218.252.0.0 0.3.255.255 any
access-list 102 deny ip 87.118.96.0 0.0.31.255 any
access-list 102 deny ip 202.101.192.0 0.0.63.255 any
access-list 102 deny ip 61.10.64.0 0.0.31.255 any
access-list 102 deny ip 202.53.19.0 0.0.0.255 any
access-list 102 deny ip 221.192.0.0 0.3.255.255 any
access-list 102 deny ip 83.99.128.0 0.0.15.255 any
access-list 102 deny ip 83.99.144.0 0.0.0.255 any
access-list 102 deny ip 83.99.145.0 0.0.0.255 any
access-list 102 deny ip 83.99.146.0 0.0.0.255 any
access-list 102 deny ip 81.66.22.0 0.0.1.255 any
access-list 102 deny ip 81.140.0.0 0.0.127.255 any
access-list 102 deny ip 211.96.0.0 0.15.255.255 any
access-list 102 deny ip 203.115.96.0 0.0.31.255 any
access-list 102 deny ip 61.156.0.0 0.0.255.255 any
access-list 102 deny ip 209.193.64.0 0.0.47.255 any
access-list 102 deny ip 70.107.0.0 0.0.255.255 any
access-list 102 deny ip 122.162.0.0 0.0.255.255 any
access-list 102 deny ip 123.201.0.0 0.0.255.255 any
access-list 102 deny ip 66.239.0.0 0.0.255.255 any
access-list 102 deny ip 222.76.0.0 0.0.255.255 any
access-list 102 deny ip 66.16.0.0 0.0.255.255 any
access-list 102 deny ip 61.81.0.0 0.0.255.255 any
access-list 102 deny ip 89.211.0.0 0.0.255.255 any
access-list 102 deny ip 24.232.0.0 0.0.255.255 any
access-list 102 deny ip 219.133.0.0 0.0.255.255 any
access-list 102 deny ip 204.16.176.0 0.0.0.255 any
access-list 102 deny ip 66.214.0.0 0.0.255.255 any
access-list 102 deny ip 211.70.144.0 0.0.15.255 any
access-list 102 deny ip 203.201.128.0 0.0.31.255 any
access-list 102 deny ip 66.154.97.0 0.0.0.255 any
access-list 102 deny ip 85.17.141.0 0.0.0.255 any
access-list 102 deny ip 207.226.88.0 0.0.7.255 any
access-list 102 deny ip 91.186.4.0 0.0.0.255 any
access-list 102 deny tcp any host 204.209.81.1 eq 3306
access-list 102 deny udp any host 204.209.81.1 eq 3306
access-list 102 permit udp any eq 6277 any
access-list 102 permit tcp any any eq 6277
access-list 102 permit tcp any eq 6277 any gt 1023
access-list 102 permit udp any any eq 6277
access-list 102 permit tcp any any eq 2723
access-list 102 permit tcp any any eq 32000
access-list 102 permit tcp any any eq 8000
access-list 102 permit tcp any any eq 143
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any echo
access-list 102 permit icmp any any ttl-exceeded
access-list 102 permit icmp any any administratively-prohibited
access-list 102 permit icmp any any packet-too-big
access-list 102 permit icmp any any traceroute
access-list 102 permit icmp any any unreachable
access-list 102 permit icmp any any source-quench
access-list 102 permit icmp host 205.150.160.10 any
access-list 102 permit tcp any any eq smtp
access-list 102 permit udp any any eq 443
access-list 102 permit tcp any any eq 66
access-list 102 permit udp any any eq 20000
access-list 102 permit udp any any eq 10000
access-list 102 permit tcp any any eq nntp
access-list 102 permit tcp any any eq 3389
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq 81
access-list 102 permit tcp any any eq 366
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any eq 465
access-list 102 permit tcp any any eq 587
access-list 102 permit tcp any any eq 995
access-list 102 permit udp any any eq domain
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any host 204.209.81.2 eq telnet
access-list 102 permit tcp any host 204.209.81.4 eq telnet
access-list 102 deny tcp any host 204.209.81.19 eq telnet
access-list 102 permit tcp any any eq 42
access-list 102 permit tcp any any eq 5432
access-list 102 permit udp any any eq 1645
access-list 102 permit udp any any eq 1646
access-list 102 permit tcp any any eq 123
access-list 102 permit tcp any any eq 22
access-list 102 permit tcp any any eq 5631
access-list 102 permit tcp any any eq 5632
access-list 102 permit udp any any eq 5632
access-list 102 permit tcp any any eq 8080
access-list 102 permit tcp any any eq 6699
access-list 102 permit udp any any eq 6257
access-list 102 permit tcp any any eq 1080
access-list 102 permit tcp any any eq 1863
access-list 102 permit tcp any any eq domain
access-list 102 permit tcp any any eq ftp-data
access-list 102 permit tcp any any range 6891 6901
access-list 102 permit udp any any range 3782 3783
access-list 102 permit tcp any any eq 3784
access-list 102 permit tcp any any eq 3690
access-list 102 permit udp any any eq 5190
access-list 102 permit udp any any eq 6901
access-list 102 permit udp any any range 10000 20000
access-list 102 permit tcp any any eq 6502
access-list 102 permit udp any any eq isakmp
access-list 102 permit udp any any eq non500-isakmp
access-list 102 permit udp any any eq 3388
access-list 102 permit tcp any any eq 3388
access-list 102 permit esp any any
access-list 102 permit tcp any any eq 6667
access-list 102 permit udp any any eq 6667
access-list 102 permit tcp any any eq 3783
access-list 102 permit udp any any eq 3783
access-list 102 permit tcp any any eq 27900
access-list 102 permit udp any any eq 27900
access-list 102 permit tcp any any eq 28900
access-list 102 permit udp any any eq 28900
access-list 102 permit tcp any any eq 29900
access-list 102 permit udp any any eq 29900
access-list 102 permit tcp any any eq 29901
access-list 102 permit udp any any eq 29901
access-list 102 permit tcp any any eq 13139
access-list 102 permit udp any any eq 13139
access-list 102 permit tcp any any eq 6515
access-list 102 permit udp any any eq 6515
access-list 102 permit tcp any any eq 6500
access-list 102 permit udp any any eq 6500
access-list 102 permit udp any any eq 6502
access-list 102 permit ip any any
access-list 103 permit ip 24.87.0.0 0.0.255.255 any
access-list 103 permit ip 61.156.0.0 0.0.255.255 any
access-list 103 permit ip 61.186.104.0 0.0.6.255 any
access-list 103 permit ip 69.27.160.0 0.0.15.255 any
access-list 103 permit ip 69.41.171.0 0.0.0.255 any
access-list 103 permit ip 69.50.160.0 0.0.0.255 any
access-list 103 permit ip 70.89.112.0 0.0.15.255 any
access-list 103 permit ip 70.107.0.0 0.0.255.255 any
access-list 103 permit ip 70.131.64.0 0.0.7.255 any
access-list 103 permit ip 71.6.0.0 0.0.255.255 any
access-list 103 permit ip 71.64.0.0 0.3.255.255 any
access-list 103 permit ip 72.55.128.0 0.0.127.255 any
access-list 103 permit ip 75.46.64.0 0.0.15.255 any
access-list 103 permit ip 76.0.0.0 0.7.255.255 any
access-list 103 permit ip 77.34.0.0 0.1.255.255 any
access-list 103 permit ip 77.81.128.0 0.0.7.255 any
access-list 103 permit ip 124.116.0.0 0.0.255.255 any
access-list 103 permit ip 125.40.0.0 0.7.255.255 any
access-list 103 permit ip 125.65.112.0 0.0.0.255 any
access-list 103 permit ip 211.96.0.0 0.15.255.255 any
access-list 103 permit ip 213.168.192.0 0.0.0.255 any
access-list 103 permit ip 216.20.0.0 0.0.127.255 any
access-list 103 permit ip 217.16.18.0 0.0.0.255 any
access-list 103 permit ip 217.147.41.0 0.0.0.255 any
access-list 103 permit ip 218.56.175.0 0.0.0.255 any
access-list 103 permit ip 78.106.0.0 0.1.255.255 any
access-list 103 permit ip 80.249.64.0 0.0.15.255 any
access-list 103 permit ip 218.66.0.0 0.1.127.255 any
access-list 103 permit ip 218.66.0.0 0.1.255.255 any
access-list 103 permit ip 218.84.0.0 0.1.255.255 any
access-list 105 deny ip 81.57.24.0 0.0.1.255 any
access-list 105 deny ip 89.223.32.0 0.0.0.255 any
access-list 105 deny ip 125.40.0.0 0.7.255.255 any
access-list 105 deny ip 77.34.0.0 0.1.255.255 any
access-list 105 deny ip 222.173.0.0 0.2.255.255 any
access-list 105 deny ip 86.86.0.0 0.0.255.255 any
access-list 105 deny ip 71.64.0.0 0.3.255.255 any
access-list 105 deny ip 64.72.118.0 0.0.0.255 any
access-list 105 deny ip 64.237.63.0 0.0.0.255 any
access-list 105 deny ip 64.72.124.0 0.0.0.255 any
access-list 105 deny udp any any eq 51760
access-list 105 deny udp any eq 51760 any
access-list 105 deny udp any any eq 44676
access-list 105 deny udp any eq netbios-ns any
access-list 105 permit tcp any host 204.209.81.29 gt 0
access-list 105 permit tcp any host 204.209.81.30 gt 0
access-list 105 permit tcp any host 204.209.81.26 gt 0
access-list 105 permit tcp any host 204.209.81.27 gt 0
access-list 105 permit tcp any host 204.209.81.28 gt 0
access-list 105 permit udp any host 204.209.81.29 gt 0
access-list 105 permit udp any host 204.209.81.30 gt 0
access-list 105 permit udp any host 204.209.81.26 gt 0
access-list 105 permit udp any host 204.209.81.27 gt 0
access-list 105 permit udp any host 204.209.81.28 gt 0
access-list 105 permit tcp host 204.209.81.29 gt 0 any
access-list 105 permit tcp host 204.209.81.30 gt 0 any
access-list 105 permit udp host 204.209.81.27 gt 0 any
access-list 105 permit udp host 204.209.81.28 gt 0 any
access-list 105 permit udp any any eq isakmp
access-list 105 permit udp any any eq non500-isakmp
access-list 105 permit tcp any any eq 1723
access-list 105 permit tcp any any eq 3306
access-list 105 permit esp any any
access-list 105 permit gre any any
access-list 105 permit tcp host 200.9.49.66 host 204.209.81.2 eq 22
access-list 105 permit tcp host 200.9.49.66 host 204.209.81.2 eq telnet
access-list 105 permit udp any any eq 6277
access-list 105 deny ip 198.168.0.0 0.3.255.255 any
access-list 105 deny ip 200.149.77.0 0.0.0.255 any
access-list 105 deny ip 66.45.224.0 0.0.15.255 any
access-list 105 deny ip 174.36.0.0 0.1.255.255 any
access-list 105 deny ip 222.124.224.0 0.0.0.255 any
access-list 105 deny ip 124.40.0.0 0.0.63.255 any
access-list 105 deny udp any eq 44676 any
access-list 105 permit tcp host 204.209.81.26 gt 0 any
access-list 105 permit tcp host 204.209.81.27 gt 0 any
access-list 105 permit tcp host 204.209.81.28 gt 0 any
access-list 105 permit tcp any any eq 6277
access-list 105 permit tcp any eq 6277 any
access-list 105 permit udp any eq 6277 any
access-list 105 deny ip any any dscp 1
access-list 105 permit ip any any
access-list 110 permit tcp any host 204.209.81.12 eq 3310
access-list 110 permit udp any host 204.209.81.12 eq 3310
access-list 110 permit ip any any
access-list 166 permit ip host 204.209.81.1 any
access-list 170 permit tcp any any syn
access-list 170 permit tcp any any fin
access-list 170 permit tcp host 204.209.81.1 any ack log
access-list 170 permit tcp any host 204.209.81.1 ack log
access-list 170 permit tcp any any ack log
access-list 170 permit tcp any any eq www
access-list 170 permit tcp any any eq nntp
access-list 170 permit tcp any any
access-list 170 permit ip any any
access-list 170 permit icmp any any
access-list 170 permit udp any any
access-list 171 permit tcp any any ack log
access-list 175 permit ip any host 205.150.160.10
access-list 176 permit ip any any
snmp-server community CommunityName RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
no cdp run
!
!
!
route-map nonat permit 10
match ip address 188
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^CCCCCCOnly authorized users allowed^C
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input pad telnet rlogin udptn v120 ssh
line vty 5 15
access-class 23 in
privilege level 15
login
transport input none
!
scheduler allocate 20000 1000
ntp clock-period 17207801
ntp source GigabitEthernet0/0
ntp server 204.209.81.1
!
end
What am I not doing right?
--
Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
http://twitter.com/rootnl2k http://www.myspace.com/502748630
Merry Christmas 2009 and Happy New Year 2010
klaus zerwes
> I have a customer that is doing heavy MySQL duplication
> and I am trying to rate limit to10Mbps but
> this customer is still doing 100Mpbs.
>
> Attaching show run
[...]
will not read all your running-config ...
create a access-list:
(conf)# access-list NR permit tcp host IP-of-MYSQL-Server eq 3306 any
on the interface:
(conf-if)# rate-limit input access-group NR rate burst-normal burst-max
conform-action transmit exceed-action drop
where
rate = average rate, in bits per second (bps). The value must be in
increments of 8 kbps
burst-normal = normal burst size, in bytes. The minimum value is rate
divided by 2000; calculate: rate*(1/8)bytes*1.5
burst-max = excess burst size, in bytes; calculate: burst-normal*2
Klaus
--
Klaus Zerwes
http://www.zero-sys.net