Rate limiting based on IP addresses does not take effect on an AR

7

Verify that the interface to which rate limiting is applied is the router's interface connecting to intranet users or the interface does not have NAT configured. If the interface has NAT configured, ensure that it can match source and destination IP addresses correctly. For the intranet, inbound and outbound in the command indicate the source and destination IP addresses respectively.

Other related questions:
Does an AR support rate limiting based on an individual IP address
In V200R002C00 and later versions, you can run the qos car command to configure rate limiting based on an individual IP address.

Why does the CPCAR rate limit configuration not take effect
The CPU committed access rate (CPCAR) is configured in the attack defense policy view. The CPCAR takes effect only when the attack defense policy is applied on the main control board or interface board on the local area network (LAN) side.

Configure rate limiting based on IP addresses
You can run the qos car command in the interface view to configure rate limiting based on IP addresses.

Do S series switches support rate limiting based on IP addresses
S series switches (except S1700 switches) do not support rate limiting based on IP addresses.

An error occurs when excluded-ip-address is executed
The solution to solving errors of IP addresses that cannot be dynamically assigned is as follows:
1. Check whether the dhcp select global command is configured on the VLANIF interface. This command can be used only after the address pool is configured. If the address pool has been configured, run the undo dhcp select global command to delete the configuration.
2. Check whether the range of IP addresses that cannot be dynamically assigned is large, attempt to exclude one IP address and check whether the fault persists. If the fault is rectified, the range of IP addresses that cannot be dynamically assigned is large. Reduce the range.
3. Run the display ip pool command to check whether the IP address status is conflict, expired, or used. If the IP address status is conflict, expired, or used, reclaim the IP address and reconfigure the IP address that cannot be dynamically assigned.
4. Check whether the number of addresses in the address pool exceeds the specifications. You can check the device specification list. If the number of addresses in the address pool exceeds the specifications, delete the address pool and re-create a new address pool.
The device configuration is not performed through command lines. After vrpcfg.zip is exported, batch modify the configuration, and import the configuration to the flash memory. In this case, the system does not display an error message when the number of addresses in the address pool exceeds the specifications.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top