Cisco Cisco IOS Software Release 11.0(20)BT Guía Para Resolver Problemas

Cisco IOS Software Release 11.2 and later, which support Traffic Shaping.

• 

Cisco IOS Software Releases 12.0XE, 12.1E, 12.1T, which support Modular QoS CLI.

• 

The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configure these access−lists:

access−list 102 permit icmp any any echo

access−list 102 permit icmp any any echo−reply

interface <interface> <interface #>

  rate−limit input access−group 102 256000 8000 8000 conform−action transmit 

  exceed−action drop

In order to enable CAR, you must enable Cisco Express Forwarding (CEF) on the box. In addition, you must
configure a CEF−switched interface for CAR.

The sample output uses bandwidth values for DS3 type bandwidths. Choose values based on the interface
bandwidth and the rate at which you want to limit a particular type of traffic. For smaller ingress interfaces,
you can configure lower rates.

If you know which host is under attack, configure these access lists:

access−list 103 deny tcp any host 10.0.0.1 established

access−list 103 permit tcp any host 10.0.0.1

interface <interface> <interface #>

rate−limit input access−group 103 8000 8000 8000 conform−action transmit 

exceed−action drop

Note: In this example, the host under attack is 10.0.0.1.

If you do not know which host is under DoS attack, and you want to protect a network, configure these access
lists:

access−list 104 deny tcp any any established