class-list (for IP limiting)

Description                                                    Configure an IP class list for use with the IP limiting feature.

Syntax                                                                  [no] class-list list-name 
  [
ac | dns | ipv4 | ipv6 | string | string-case-insensitive]
  [
file filename]

Parameter

Description

list-name

Adds the list to the running-config.

ac

Identifies this as an Aho-Corasick class list.

dns

Identifies this as a DNS class list.

ipv4 | ipv6

Identifies this as an IPv4 or IPv6 class list.

string

Identifies this as a string class list.

string-case-insensitive

Identifies this as a case-insensitive string class list.

file filename

Saves the list to a standalone file on the ACOS device.

NOTE:                                                                   A class list can be exported only if you use the file option.

This command changes the CLI to the configuration level for the specified class list, where the following command is available:

(The other commands are common to all CLI configuration levels. See Config Commands: Global.)

[no] {ipaddr/network-mask | ipv6-addr/prefix-length}
[
glid num | lid num]

This command adds an entry to the class list.

Parameter

Description

ipaddr /network-mask

Specifies the IPv4 host or subnet address of the client. The network-mask specifies the network mask.

To configure a wildcard IP address, specify 0.0.0.0 /0. The wildcard address matches on all addresses that do not match any entry in the class list.

ipv6-addr/subnet-length

Specifies the IPv6 host or network address of the client.

glid num | lid num

Specifies the ID of the IP limiting rule to use for matching clients. You can use a sys­tem-wide (global) IP limiting rule or an IP limiting rule configured in a PBSLB policy template.

  To use an IP limiting rule configured at the Configuration mode level, use the glid num option.

  To use an IP limiting rule configured at the same level (in the same PBSLB policy template) as the class list, use the lid num option.

To exclude a host or subnet from being limited, do not specify an IP limiting rule.

Default                                                                None

Mode                                                                   Configuration mode

Usage                                                                  Configure the GLIDs or LIDs before configuring the class list entries. To configure a GLID or LID for IP limiting, see glid or “slb template policy” in the Command Line Inter­face Reference for ADC.

As an alternative to configuring class entries on the ACOS device, you can configure the class list using a text editor on another device, then import the class list onto the ACOS device. To import a class list, see import.

NOTE:                                                                   If you use a class-list file that is periodically re-imported, the age for class-list entries added to the system from the file does not reset when the class-list file is re-imported. Instead, the entries are allowed to continue aging normally. This is by design.

For more information about IP limiting, see the DDoS Mitigation Guide (for ADC).

If you delete a file-based class list (no class-list list-name), save the configuration (write memory) to complete the deletion.

Request Limiting and Request-Rate Limiting in Class Lists

If a LID or GLID in a class list contains settings for request limiting or request-rate limiting, the settings apply only if the following conditions are true:

1. The LID or GLID is used within a policy template.

2. The policy template is bound to a virtual port.

In this case, the settings apply only to the virtual port. The settings do not apply in any of the following cases:

     The policy template is applied to the virtual server, instead of the virtual port.

     The settings are in a system-wide GLID.

     The settings are in a system-wide policy template.

NOTE:                                                                   This limitation does not apply to connection limiting or connection-rate limiting. Those settings are valid in all the cases listed above.

Example                                                            The following commands configure class list “global”, which matches on all clients, and uses IP limiting rule 1:

ACOS(config)#class-list global

ACOS(config-class list)#0.0.0.0/0 glid 1

Table of Contents

Index

Glossary

-Search-

Back