Rate limiting MYsql (Port 3310)

Discussion in 'Cisco' started by The Doctor, Nov 22, 2009.

  1. The Doctor

    The Doctor Guest

    I have a customer that is doing heavy MySQL duplication
    and I am trying to rate limit to10Mbps but
    this customer is still doing 100Mpbs.

    Attaching show run

    Current configuration : 24131 bytes
    !
    ! Last configuration change at 10:23:57 PCTime Tue Nov 17 2009 by web
    ! NVRAM config last updated at 10:23:59 PCTime Tue Nov 17 2009 by web
    !
    version 12.4
    no parser cache
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service compress-config
    service sequence-numbers
    !
    hostname netknow
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200
    no logging rate-limit
    logging console critical
    enable secret 5 $1$gFVw$XqGyRVw0ojOlyoYmojIAE1
    !
    no aaa new-model
    memory-size iomem 10
    clock timezone PCTime 0
    !
    crypto pki trustpoint TP-self-signed-3484789670
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3484789670
    revocation-check none
    rsakeypair TP-self-signed-3484789670
    !
    !
    crypto pki certificate chain TP-self-signed-3484789670
    certificate self-signed 01
    3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33343834 37383936 3730301E 170D3039 30383235 31353531
    33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34383437
    38393637 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100ADF5 A9469A99 541DD7C8 DA07A8A6 51C15019 FA657A31 9754F13A 511F210B
    64B486CE 81213182 4A2708C3 E7A9CC1B DA0C9883 DCC69B50 DFFD49E6 5B9B0945
    0F09C4DA 8BDC29BB 1593D334 8C9E9F69 2195A085 2729FAAB 67DE7AD2 90D3585E
    165C4783 FFB9ACC7 B1B7FA1D F4BE1130 856AD959 0FF4D53F 429E7A8B 81C44F8B
    B6E70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
    551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
    301F0603 551D2304 18301680 148D4E54 9054AD58 FCAC9CD5 4C685555 C46CE96B
    51301D06 03551D0E 04160414 8D4E5490 54AD58FC AC9CD54C 685555C4 6CE96B51
    300D0609 2A864886 F70D0101 04050003 8181003A 6F13391E ABACBAB1 C5827937
    E71D3EDF 84699A35 9596D97B 6295AEEF 27457F4A 490D0282 75DADCA6 6B324758
    30E91CB5 37F903A7 E51A618E 699A7280 84D1FC38 8082D9FE 9FE6288C CE9DCAAA
    0AB73908 C63935C0 99277D22 2C796B05 A0009606 A54336E9 947F9CF5 56DEF447
    E0200B34 F8175B91 235B50EA D63BC7AC 2397B1
    quit
    dot11 syslog
    no ip source-route
    ip cef
    ip cef accounting per-prefix prefix-length
    !
    !
    !
    !
    no ip bootp server
    ip domain name nk.ca
    ip host tardis 204.209.81.2
    ip host ns2 204.209.81.3
    ip host doctor 204.209.81.1
    ip host panopticon 204.209.81.4
    ip name-server 66.244.223.130
    ip name-server 66.251.87.194
    ip name-server 204.209.81.1
    ip name-server 204.209.81.3
    ip name-server 142.77.2.101
    ip name-server 142.77.2.36
    ip inspect name FWRULE smtp alert on audit-trail on timeout 60
    ip inspect name FWRULE http java-list 52 alert on audit-trail on timeout 300
    ip inspect name FWUDP udp alert on audit-trail on timeout 300
    ip inspect name FWICMP icmp alert on audit-trail on timeout 300
    ip inspect name FWTCP tcp alert on audit-trail on timeout 300
    ip inspect name FWJAVA http java-list 51
    ip inspect name FWHTTP http alert on audit-trail on timeout 60
    ip inspect name FWIN udp alert on audit-trail on timeout 300
    ip inspect name FWIN icmp alert on audit-trail on timeout 300
    ip inspect name FWIN tcp alert on audit-trail on timeout 300
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    ip accounting-list 0.0.16.0 255.255.225.255
    !
    multilink bundle-name authenticated
    !
    voice-card 0
    no dspfarm
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    username root privilege 15 password 7 0228054F0307017918
    username web privilege 15 password 7 000A40120F555B11
    !
    !
    archive
    log config
    hidekeys
    !
    !
    ip tcp synwait-time 10
    !
    class-map match-all LEAPFROG
    match access-group 110
    class-map match-any SHAW
    match access-group 102
    class-map match-all GENERAL
    match access-group 105
    !
    !
    policy-map leapfrog
    policy-map shaw
    class SHAW
    police 12000000 12000000 12000000 conform-action drop exceed-action drop violate-action drop
    policy-map leapfrog1
    class LEAPFROG
    police 100000 100000 100000 conform-action drop exceed-action drop violate-action drop
    policy-map general1
    class GENERAL
    police 1550000 1550000 1550000 conform-action drop exceed-action drop violate-action drop
    !
    !
    !
    !
    !
    interface GigabitEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$
    bandwidth 12000
    ip address 208.118.93.1 255.255.255.0 secondary
    ip address 208.118.94.1 255.255.255.0 secondary
    ip address 69.196.84.1 255.255.255.0 secondary
    ip address 69.196.85.1 255.255.255.0 secondary
    ip address 204.209.81.2 255.255.255.0
    ip access-group 102 in
    ip access-group 105 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting output-packets
    ip accounting mac-address input
    ip accounting mac-address output
    ip accounting precedence input
    ip accounting precedence output
    ip accounting access-violations
    ip route-cache flow
    load-interval 30
    duplex auto
    speed auto
    media-type rj45
    ntp broadcast
    no cdp enable
    no mop enabled
    !
    interface GigabitEthernet0/1
    bandwidth 12000
    ip address 208.118.95.98 255.255.255.252
    ip access-group 110 in
    ip access-group 110 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting output-packets
    ip accounting precedence input
    ip accounting precedence output
    ip accounting access-violations
    ip inspect FWRULE in
    ip inspect FWIN out
    ip route-cache flow
    no ip mroute-cache
    load-interval 30
    duplex auto
    speed auto
    media-type rj45
    no mop enabled
    hold-queue 100 in
    !
    no ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 208.118.95.97
    ip route 69.196.84.0 255.255.255.0 204.209.81.12
    ip route 69.196.84.0 255.255.255.0 GigabitEthernet0/0
    ip route 69.196.85.0 255.255.255.0 204.209.81.13
    ip route 69.196.85.0 255.255.255.0 GigabitEthernet0/0
    ip route 204.209.81.0 255.255.255.0 GigabitEthernet0/0
    ip route 208.118.93.0 255.255.255.0 GigabitEthernet0/0
    ip route 208.118.93.2 255.255.255.254 204.209.81.1
    ip route 208.118.93.4 255.255.255.252 204.209.81.1
    ip route 208.118.93.8 255.255.255.248 204.209.81.1
    ip route 208.118.93.16 255.255.255.240 204.209.81.1
    ip route 208.118.93.32 255.255.255.224 204.209.81.19
    ip route 208.118.93.64 255.255.255.192 204.209.81.4
    ip route 208.118.93.128 255.255.255.224 204.209.81.1
    ip route 208.118.93.160 255.255.255.224 204.209.81.1
    ip route 208.118.93.192 255.255.255.224 204.209.81.14
    ip route 208.118.93.224 255.255.255.240 204.209.81.14
    ip route 208.118.93.240 255.255.255.248 204.209.81.14
    ip route 208.118.93.248 255.255.255.252 204.209.81.14
    ip route 208.118.93.252 255.255.255.254 204.209.81.14
    ip route 208.118.93.254 255.255.255.255 204.209.81.14
    ip route 208.118.94.0 255.255.255.0 GigabitEthernet0/0
    ip route 208.118.94.0 255.255.255.192 204.209.81.1
    ip route 208.118.94.64 255.255.255.192 204.209.81.25
    ip route 208.118.94.128 255.255.255.128 204.209.81.25
    !
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source route-map nonat interface GigabitEthernet0/0 overload
    !
    ip access-list standard NK.CA
    !
    logging trap debugging
    access-list 1 permit 0.0.0.0
    access-list 23 permit 204.209.81.0 0.0.0.255
    access-list 23 permit 208.118.93.0 0.0.0.255
    access-list 23 permit 208.118.94.0 0.0.0.255
    access-list 23 permit 68.149.46.0 0.0.0.255
    access-list 40 permit 204.209.81.0 0.0.0.255
    access-list 40 permit 208.118.93.0 0.0.0.255
    access-list 51 permit any
    access-list 52 permit any
    access-list 101 permit tcp any 204.209.81.0 0.0.0.255
    access-list 101 permit tcp any 208.118.93.0 0.0.0.255
    access-list 101 permit tcp any 208.118.94.0 0.0.0.255
    access-list 102 deny ip 119.30.128.0 0.0.63.255 any
    access-list 102 deny ip 222.184.0.0 0.7.255.255 any
    access-list 102 deny ip 115.64.0.0 0.0.255.255 any
    access-list 102 deny ip 75.64.0.0 0.7.255.255 any
    access-list 102 deny ip 111.177.0.0 0.0.255.255 any
    access-list 102 deny ip 210.51.176.0 0.0.15.255 any
    access-list 102 deny ip 122.82.192.0 0.0.31.255 any
    access-list 102 deny ip 218.22.0.0 0.1.255.255 any
    access-list 102 deny ip 72.232.0.0 0.1.127.255 any
    access-list 102 deny ip 196.22.192.0 0.0.1.255 any
    access-list 102 deny ip 196.22.192.0 0.0.15.255 any
    access-list 102 deny ip 196.22.208.0 0.0.15.255 any
    access-list 102 deny ip 196.22.224.0 0.0.7.255 any
    access-list 102 deny ip 196.22.232.0 0.0.3.255 any
    access-list 102 deny ip 196.22.238.0 0.0.1.255 any
    access-list 102 deny ip 219.117.209.0 0.0.0.255 any
    access-list 102 deny ip 59.0.0.0 0.31.255.255 any
    access-list 102 deny ip 75.125.0.0 0.0.255.255 any
    access-list 102 deny ip 89.170.128.0 0.0.63.255 any
    access-list 102 deny ip 89.170.192.0 0.0.31.255 any
    access-list 102 deny ip 89.170.224.0 0.0.15.255 any
    access-list 102 deny ip 89.170.240.0 0.0.7.255 any
    access-list 102 deny ip 66.39.218.0 0.0.0.255 any
    access-list 102 deny ip 121.60.0.0 0.3.255.255 any
    access-list 102 deny ip 62.141.56.0 0.0.7.255 any
    access-list 102 deny ip 222.170.68.0 0.0.1.255 any
    access-list 102 deny ip 83.235.20.0 0.0.3.255 any
    access-list 102 deny ip 202.222.30.0 0.0.0.255 any
    access-list 102 deny ip 91.184.40.0 0.0.0.255 any
    access-list 102 deny ip 200.84.0.0 0.0.255.255 any
    access-list 102 deny ip 60.248.0.0 0.0.255.255 any
    access-list 102 deny ip 203.250.128.0 0.0.15.255 any
    access-list 102 deny ip 81.130.192.0 0.0.15.255 any
    access-list 102 deny ip 81.130.208.0 0.0.7.255 any
    access-list 102 deny ip 85.158.214.0 0.0.0.255 any
    access-list 102 deny ip 125.161.192.0 0.0.31.255 any
    access-list 102 deny ip 200.25.192.0 0.0.15.255 any
    access-list 102 deny ip 198.168.0.0 0.3.255.255 any
    access-list 102 deny ip 200.149.77.0 0.0.0.255 any
    access-list 102 deny ip 66.45.224.0 0.0.31.255 any
    access-list 102 deny ip 174.36.0.0 0.1.255.255 any
    access-list 102 deny ip 222.124.224.0 0.0.0.255 any
    access-list 102 deny ip 75.46.64.0 0.0.15.255 any
    access-list 102 deny ip 61.48.0.0 0.3.255.255 any
    access-list 102 deny ip 66.36.224.0 0.0.31.255 any
    access-list 102 deny ip 24.121.0.0 0.0.255.255 any
    access-list 102 deny ip 124.40.0.0 0.0.63.255 any
    access-list 102 deny ip 82.69.0.0 0.0.127.255 any
    access-list 102 deny ip 72.55.128.0 0.0.127.255 any
    access-list 102 deny ip 71.6.0.0 0.0.255.255 any
    access-list 102 deny ip 219.239.132.0 0.0.0.255 any
    access-list 102 deny ip 89.120.0.0 0.3.255.255 any
    access-list 102 deny ip 89.32.152.0 0.0.7.255 any
    access-list 102 deny ip 80.249.64.0 0.0.15.255 any
    access-list 102 deny ip 82.135.200.0 0.0.0.255 any
    access-list 102 deny ip 82.135.201.0 0.0.0.255 any
    access-list 102 deny ip 82.135.202.0 0.0.0.255 any
    access-list 102 deny ip 222.208.0.0 0.7.255.255 any
    access-list 102 deny ip 117.80.0.0 0.15.255.255 any
    access-list 102 deny ip 121.16.0.0 0.7.255.255 any
    access-list 102 deny ip 210.51.0.0 0.0.255.255 any
    access-list 102 deny ip 61.186.104.0 0.0.6.255 any
    access-list 102 deny ip 217.16.18.0 0.0.0.255 any
    access-list 102 deny ip 125.77.0.0 0.0.255.255 any
    access-list 102 deny ip 61.187.0.0 0.0.71.255 any
    access-list 102 deny ip 218.66.0.0 0.1.127.255 any
    access-list 102 deny ip 201.212.0.0 0.0.254.255 any
    access-list 102 deny ip 220.169.0.0 0.0.63.255 any
    access-list 102 deny ip 82.177.41.0 0.0.0.255 any
    access-list 102 deny ip 77.81.128.0 0.0.7.255 any
    access-list 102 deny ip 69.27.160.0 0.0.15.255 any
    access-list 102 deny ip 82.77.189.0 0.0.0.255 any
    access-list 102 deny ip 78.106.0.0 0.1.255.255 any
    access-list 102 deny ip 61.138.224.0 0.0.31.255 any
    access-list 102 deny ip 82.78.212.0 0.0.3.255 any
    access-list 102 deny ip 222.80.0.0 0.3.127.255 any
    access-list 102 deny ip 219.94.144.0 0.0.0.255 any
    access-list 102 deny ip 125.65.112.0 0.0.0.255 any
    access-list 102 deny ip 218.252.0.0 0.3.255.255 any
    access-list 102 deny ip 87.118.96.0 0.0.31.255 any
    access-list 102 deny ip 202.101.192.0 0.0.63.255 any
    access-list 102 deny ip 61.10.64.0 0.0.31.255 any
    access-list 102 deny ip 202.53.19.0 0.0.0.255 any
    access-list 102 deny ip 221.192.0.0 0.3.255.255 any
    access-list 102 deny ip 83.99.128.0 0.0.15.255 any
    access-list 102 deny ip 83.99.144.0 0.0.0.255 any
    access-list 102 deny ip 83.99.145.0 0.0.0.255 any
    access-list 102 deny ip 83.99.146.0 0.0.0.255 any
    access-list 102 deny ip 81.66.22.0 0.0.1.255 any
    access-list 102 deny ip 81.140.0.0 0.0.127.255 any
    access-list 102 deny ip 211.96.0.0 0.15.255.255 any
    access-list 102 deny ip 203.115.96.0 0.0.31.255 any
    access-list 102 deny ip 61.156.0.0 0.0.255.255 any
    access-list 102 deny ip 209.193.64.0 0.0.47.255 any
    access-list 102 deny ip 70.107.0.0 0.0.255.255 any
    access-list 102 deny ip 122.162.0.0 0.0.255.255 any
    access-list 102 deny ip 123.201.0.0 0.0.255.255 any
    access-list 102 deny ip 66.239.0.0 0.0.255.255 any
    access-list 102 deny ip 222.76.0.0 0.0.255.255 any
    access-list 102 deny ip 66.16.0.0 0.0.255.255 any
    access-list 102 deny ip 61.81.0.0 0.0.255.255 any
    access-list 102 deny ip 89.211.0.0 0.0.255.255 any
    access-list 102 deny ip 24.232.0.0 0.0.255.255 any
    access-list 102 deny ip 219.133.0.0 0.0.255.255 any
    access-list 102 deny ip 204.16.176.0 0.0.0.255 any
    access-list 102 deny ip 66.214.0.0 0.0.255.255 any
    access-list 102 deny ip 211.70.144.0 0.0.15.255 any
    access-list 102 deny ip 203.201.128.0 0.0.31.255 any
    access-list 102 deny ip 66.154.97.0 0.0.0.255 any
    access-list 102 deny ip 85.17.141.0 0.0.0.255 any
    access-list 102 deny ip 207.226.88.0 0.0.7.255 any
    access-list 102 deny ip 91.186.4.0 0.0.0.255 any
    access-list 102 deny tcp any host 204.209.81.1 eq 3306
    access-list 102 deny udp any host 204.209.81.1 eq 3306
    access-list 102 permit udp any eq 6277 any
    access-list 102 permit tcp any any eq 6277
    access-list 102 permit tcp any eq 6277 any gt 1023
    access-list 102 permit udp any any eq 6277
    access-list 102 permit tcp any any eq 2723
    access-list 102 permit tcp any any eq 32000
    access-list 102 permit tcp any any eq 8000
    access-list 102 permit tcp any any eq 143
    access-list 102 permit icmp any any echo-reply
    access-list 102 permit icmp any any echo
    access-list 102 permit icmp any any ttl-exceeded
    access-list 102 permit icmp any any administratively-prohibited
    access-list 102 permit icmp any any packet-too-big
    access-list 102 permit icmp any any traceroute
    access-list 102 permit icmp any any unreachable
    access-list 102 permit icmp any any source-quench
    access-list 102 permit icmp host 205.150.160.10 any
    access-list 102 permit tcp any any eq smtp
    access-list 102 permit udp any any eq 443
    access-list 102 permit tcp any any eq 66
    access-list 102 permit udp any any eq 20000
    access-list 102 permit udp any any eq 10000
    access-list 102 permit tcp any any eq nntp
    access-list 102 permit tcp any any eq 3389
    access-list 102 permit tcp any any eq pop3
    access-list 102 permit tcp any any eq www
    access-list 102 permit tcp any any eq 81
    access-list 102 permit tcp any any eq 366
    access-list 102 permit tcp any any eq 443
    access-list 102 permit tcp any any eq 465
    access-list 102 permit tcp any any eq 587
    access-list 102 permit tcp any any eq 995
    access-list 102 permit udp any any eq domain
    access-list 102 permit tcp any any eq ftp
    access-list 102 permit tcp any host 204.209.81.2 eq telnet
    access-list 102 permit tcp any host 204.209.81.4 eq telnet
    access-list 102 deny tcp any host 204.209.81.19 eq telnet
    access-list 102 permit tcp any any eq 42
    access-list 102 permit tcp any any eq 5432
    access-list 102 permit udp any any eq 1645
    access-list 102 permit udp any any eq 1646
    access-list 102 permit tcp any any eq 123
    access-list 102 permit tcp any any eq 22
    access-list 102 permit tcp any any eq 5631
    access-list 102 permit tcp any any eq 5632
    access-list 102 permit udp any any eq 5632
    access-list 102 permit tcp any any eq 8080
    access-list 102 permit tcp any any eq 6699
    access-list 102 permit udp any any eq 6257
    access-list 102 permit tcp any any eq 1080
    access-list 102 permit tcp any any eq 1863
    access-list 102 permit tcp any any eq domain
    access-list 102 permit tcp any any eq ftp-data
    access-list 102 permit tcp any any range 6891 6901
    access-list 102 permit udp any any range 3782 3783
    access-list 102 permit tcp any any eq 3784
    access-list 102 permit tcp any any eq 3690
    access-list 102 permit udp any any eq 5190
    access-list 102 permit udp any any eq 6901
    access-list 102 permit udp any any range 10000 20000
    access-list 102 permit tcp any any eq 6502
    access-list 102 permit udp any any eq isakmp
    access-list 102 permit udp any any eq non500-isakmp
    access-list 102 permit udp any any eq 3388
    access-list 102 permit tcp any any eq 3388
    access-list 102 permit esp any any
    access-list 102 permit tcp any any eq 6667
    access-list 102 permit udp any any eq 6667
    access-list 102 permit tcp any any eq 3783
    access-list 102 permit udp any any eq 3783
    access-list 102 permit tcp any any eq 27900
    access-list 102 permit udp any any eq 27900
    access-list 102 permit tcp any any eq 28900
    access-list 102 permit udp any any eq 28900
    access-list 102 permit tcp any any eq 29900
    access-list 102 permit udp any any eq 29900
    access-list 102 permit tcp any any eq 29901
    access-list 102 permit udp any any eq 29901
    access-list 102 permit tcp any any eq 13139
    access-list 102 permit udp any any eq 13139
    access-list 102 permit tcp any any eq 6515
    access-list 102 permit udp any any eq 6515
    access-list 102 permit tcp any any eq 6500
    access-list 102 permit udp any any eq 6500
    access-list 102 permit udp any any eq 6502
    access-list 102 permit ip any any
    access-list 103 permit ip 24.87.0.0 0.0.255.255 any
    access-list 103 permit ip 61.156.0.0 0.0.255.255 any
    access-list 103 permit ip 61.186.104.0 0.0.6.255 any
    access-list 103 permit ip 69.27.160.0 0.0.15.255 any
    access-list 103 permit ip 69.41.171.0 0.0.0.255 any
    access-list 103 permit ip 69.50.160.0 0.0.0.255 any
    access-list 103 permit ip 70.89.112.0 0.0.15.255 any
    access-list 103 permit ip 70.107.0.0 0.0.255.255 any
    access-list 103 permit ip 70.131.64.0 0.0.7.255 any
    access-list 103 permit ip 71.6.0.0 0.0.255.255 any
    access-list 103 permit ip 71.64.0.0 0.3.255.255 any
    access-list 103 permit ip 72.55.128.0 0.0.127.255 any
    access-list 103 permit ip 75.46.64.0 0.0.15.255 any
    access-list 103 permit ip 76.0.0.0 0.7.255.255 any
    access-list 103 permit ip 77.34.0.0 0.1.255.255 any
    access-list 103 permit ip 77.81.128.0 0.0.7.255 any
    access-list 103 permit ip 124.116.0.0 0.0.255.255 any
    access-list 103 permit ip 125.40.0.0 0.7.255.255 any
    access-list 103 permit ip 125.65.112.0 0.0.0.255 any
    access-list 103 permit ip 211.96.0.0 0.15.255.255 any
    access-list 103 permit ip 213.168.192.0 0.0.0.255 any
    access-list 103 permit ip 216.20.0.0 0.0.127.255 any
    access-list 103 permit ip 217.16.18.0 0.0.0.255 any
    access-list 103 permit ip 217.147.41.0 0.0.0.255 any
    access-list 103 permit ip 218.56.175.0 0.0.0.255 any
    access-list 103 permit ip 78.106.0.0 0.1.255.255 any
    access-list 103 permit ip 80.249.64.0 0.0.15.255 any
    access-list 103 permit ip 218.66.0.0 0.1.127.255 any
    access-list 103 permit ip 218.66.0.0 0.1.255.255 any
    access-list 103 permit ip 218.84.0.0 0.1.255.255 any
    access-list 105 deny ip 81.57.24.0 0.0.1.255 any
    access-list 105 deny ip 89.223.32.0 0.0.0.255 any
    access-list 105 deny ip 125.40.0.0 0.7.255.255 any
    access-list 105 deny ip 77.34.0.0 0.1.255.255 any
    access-list 105 deny ip 222.173.0.0 0.2.255.255 any
    access-list 105 deny ip 86.86.0.0 0.0.255.255 any
    access-list 105 deny ip 71.64.0.0 0.3.255.255 any
    access-list 105 deny ip 64.72.118.0 0.0.0.255 any
    access-list 105 deny ip 64.237.63.0 0.0.0.255 any
    access-list 105 deny ip 64.72.124.0 0.0.0.255 any
    access-list 105 deny udp any any eq 51760
    access-list 105 deny udp any eq 51760 any
    access-list 105 deny udp any any eq 44676
    access-list 105 deny udp any eq netbios-ns any
    access-list 105 permit tcp any host 204.209.81.29 gt 0
    access-list 105 permit tcp any host 204.209.81.30 gt 0
    access-list 105 permit tcp any host 204.209.81.26 gt 0
    access-list 105 permit tcp any host 204.209.81.27 gt 0
    access-list 105 permit tcp any host 204.209.81.28 gt 0
    access-list 105 permit udp any host 204.209.81.29 gt 0
    access-list 105 permit udp any host 204.209.81.30 gt 0
    access-list 105 permit udp any host 204.209.81.26 gt 0
    access-list 105 permit udp any host 204.209.81.27 gt 0
    access-list 105 permit udp any host 204.209.81.28 gt 0
    access-list 105 permit tcp host 204.209.81.29 gt 0 any
    access-list 105 permit tcp host 204.209.81.30 gt 0 any
    access-list 105 permit udp host 204.209.81.27 gt 0 any
    access-list 105 permit udp host 204.209.81.28 gt 0 any
    access-list 105 permit udp any any eq isakmp
    access-list 105 permit udp any any eq non500-isakmp
    access-list 105 permit tcp any any eq 1723
    access-list 105 permit tcp any any eq 3306
    access-list 105 permit esp any any
    access-list 105 permit gre any any
    access-list 105 permit tcp host 200.9.49.66 host 204.209.81.2 eq 22
    access-list 105 permit tcp host 200.9.49.66 host 204.209.81.2 eq telnet
    access-list 105 permit udp any any eq 6277
    access-list 105 deny ip 198.168.0.0 0.3.255.255 any
    access-list 105 deny ip 200.149.77.0 0.0.0.255 any
    access-list 105 deny ip 66.45.224.0 0.0.15.255 any
    access-list 105 deny ip 174.36.0.0 0.1.255.255 any
    access-list 105 deny ip 222.124.224.0 0.0.0.255 any
    access-list 105 deny ip 124.40.0.0 0.0.63.255 any
    access-list 105 deny udp any eq 44676 any
    access-list 105 permit tcp host 204.209.81.26 gt 0 any
    access-list 105 permit tcp host 204.209.81.27 gt 0 any
    access-list 105 permit tcp host 204.209.81.28 gt 0 any
    access-list 105 permit tcp any any eq 6277
    access-list 105 permit tcp any eq 6277 any
    access-list 105 permit udp any eq 6277 any
    access-list 105 deny ip any any dscp 1
    access-list 105 permit ip any any
    access-list 110 permit tcp any host 204.209.81.12 eq 3310
    access-list 110 permit udp any host 204.209.81.12 eq 3310
    access-list 110 permit ip any any
    access-list 166 permit ip host 204.209.81.1 any
    access-list 170 permit tcp any any syn
    access-list 170 permit tcp any any fin
    access-list 170 permit tcp host 204.209.81.1 any ack log
    access-list 170 permit tcp any host 204.209.81.1 ack log
    access-list 170 permit tcp any any ack log
    access-list 170 permit tcp any any eq www
    access-list 170 permit tcp any any eq nntp
    access-list 170 permit tcp any any
    access-list 170 permit ip any any
    access-list 170 permit icmp any any
    access-list 170 permit udp any any
    access-list 171 permit tcp any any ack log
    access-list 175 permit ip any host 205.150.160.10
    access-list 176 permit ip any any
    snmp-server community CommunityName RO
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    no cdp run
    !
    !
    !
    route-map nonat permit 10
    match ip address 188
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    banner exec ^C
    % Password expiration warning.
    -----------------------------------------------------------------------

    Cisco Router and Security Device Manager (SDM) is installed on this device and
    it provides the default username "cisco" for one-time use. If you have already
    used the username "cisco" to login to the router and your IOS image supports the
    "one-time" user option, then this username has already expired. You will not be
    able to login to the router with this username after you exit this session.

    It is strongly suggested that you create a new username with a privilege level
    of 15 using the following command.

    username <myuser> privilege 15 secret 0 <mypassword>

    Replace <myuser> and <mypassword> with the username and password you want to
    use.

    -----------------------------------------------------------------------
    ^C
    banner login ^CCCCCCOnly authorized users allowed^C
    !
    line con 0
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input pad telnet rlogin udptn v120 ssh
    line vty 5 15
    access-class 23 in
    privilege level 15
    login
    transport input none
    !
    scheduler allocate 20000 1000
    ntp clock-period 17207801
    ntp source GigabitEthernet0/0
    ntp server 204.209.81.1
    !
    end


    What am I not doing right?
    --
    Member - Liberal International This is Ici
    God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
    http://twitter.com/rootnl2k http://www.myspace.com/502748630
    Merry Christmas 2009 and Happy New Year 2010
     
    The Doctor, Nov 22, 2009
    #1
    1. Advertising

  2. The Doctor

    klaus zerwes Guest

    The Doctor wrote:
    > I have a customer that is doing heavy MySQL duplication
    > and I am trying to rate limit to10Mbps but
    > this customer is still doing 100Mpbs.
    >
    > Attaching show run


    [...]

    will not read all your running-config ...

    create a access-list:
    (conf)# access-list NR permit tcp host IP-of-MYSQL-Server eq 3306 any
    on the interface:
    (conf-if)# rate-limit input access-group NR rate burst-normal burst-max
    conform-action transmit exceed-action drop

    where

    rate = average rate, in bits per second (bps). The value must be in
    increments of 8 kbps

    burst-normal = normal burst size, in bytes. The minimum value is rate
    divided by 2000; calculate: rate*(1/8)bytes*1.5

    burst-max = excess burst size, in bytes; calculate: burst-normal*2


    Klaus



    --
    Klaus Zerwes
    http://www.zero-sys.net
     
    klaus zerwes, Nov 23, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Craig Whitmore

    Rate Limiting on a 3550/2950 combo

    Craig Whitmore, Jul 20, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,773
    Craig Whitmore
    Jul 20, 2003
  2. raptor
    Replies:
    3
    Views:
    5,023
    Walter Roberson
    Oct 27, 2004
  3. Patrick Cervicek
    Replies:
    0
    Views:
    815
    Patrick Cervicek
    Aug 7, 2007
  4. DavidB

    HP photosmart 3310

    DavidB, Mar 25, 2008, in forum: Digital Photography
    Replies:
    0
    Views:
    353
    DavidB
    Mar 25, 2008
  5. Steve Pfister

    Rack mounting an MSE 3310

    Steve Pfister, Feb 25, 2013, in forum: Cisco
    Replies:
    0
    Views:
    508
    Steve Pfister
    Feb 25, 2013
Loading...

Share This Page