Use the procedure in this section to configure ACL-based fixed rate limiting.

1. Enter global configuration mode.

   
   device# configure terminal
   

2. Create a traffic policy and set parameters.

   • Create a policy that drops packets or bytes that exceed the CIR (committed information rate) limit. The following examples use a packet-based fixed CIR.

     
     device(config)# traffic-policy TPDF1 rate-limit packet-based fixed cir 10000 exceed-action drop count
     

   • Create a policy that permits packets or bytes that exceed the CIR limit.

     
     device(config)# traffic-policy TPDF1 rate-limit packet-based fixed cir 10000 exceed-action permit-at-low-pri count
     

   The command sets the fragment threshold at 10,000 packets per second. If the port receives more than 10,000 packets in a one-second interval, the device takes the specified action. If the port receives additional bits during a given one-second interval, the port either drops all packets on the port until the next one-second interval starts or permits packets that exceed the limit.
   Use the keyword byte-based if you want to specify a CIR based on byte count rather than a packet count.
3. Create an extended ACL entry or modify an existing extended ACL entry that references the traffic policy.

   
   device(config)# ip access-list extended 101 
   device(config-ext-ipacl-101)# permit ip host 10.10.12.2 any traffic-policy TPDF1
   

4. Bind the ACL to an interface.
   1. Enter interface configuration mode.

      
      device(config-ext-ipacl-101)# interface ethernet 1/1/5
      

   2. Bind the ACL to the interface.

      
      device(config-if-e1000-1/1/5)# ip access-group 101 in
      

   3. Exit interface configuration mode.

      
      device(config-if-e1000-1/1/5)# exit
      

   These commands allow port 1/1/5 to receive a maximum traffic rate of 100 kbps. If the port receives additional bits during a given one-second interval, the port drops the additional inbound packets that are received within that one-second interval.

   The software allows you to add a reference to a non-existent TPD in an ACL statement and to bind that ACL to an interface. The software does not issue a warning or error message for non-existent TPDs.

5. Verify the configuration.

   
   device(config)# show traffic-policy TPDF1
   Traffic Policy - TPDF1:
   Metering Enabled, Parameters:
        Mode: Fixed Rate-Limiting
         cir: 100 kbps, cbs: 2000 bytes, pir: 200 kbps, pbs: 4000 bytes
   Counting Not Enabled
   Number of References/Bindings:1
   

6. View the ACL and rate limit counters.

   
   device(config)# show access-list accounting ethernet 1/1/5 in
   MAC Filters Accounting Information
       0: DA ANY SA 0000.0000.0001 - MASK FFFF.FFFF.FFFF
          action to take : DENY
        Hit Count:   (1Min)       			0    (5Sec)                  0
                     (PktCnt)    			 0  (ByteCnt)                 0
       --------------------------------------------------------------
   65535: Implicit Rule deny any any
        Hit Count:   (1Min)         5028   (5Sec)               2129
                     (PktCnt)       5028 (ByteCnt)             643584
       --------------------------------------------------------------
   

7. Clear the ACL and rate limit counters.
   1. Clear the ACL counters.

      
      device(config)# clear access-list accounting all
      

   2. Clear the rate limit counters.

      
      device(config)# clear statistics traffic-policy TPDF1 
      

device# configure terminal
device(config)# traffic-policy TPDF1 rate-limit fixed packet-based cir 10000 exceed-action drop
device(config)# ip access-list extended 101 
device(config-ext-ipacl-101)# permit ip host 10.10.12.2 any traffic-policy TPDF1
device(config-ext-ipacl-101)# interface ethernet 1/1/5
device(config-if-e1000-1/1/5)# ip access-group 101 in
device(config-if-e1000-1/1/5)# exit
device(config)# show traffic-policy TPDF1
device(config)# clear access-list accounting all
device(config)# clear statistics traffic-policy TPDF1