An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands.
A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.Ī vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. The vulnerability is due to insufficient input validation by the system CLI. If you want to see a complete summary for this CPE, please contact us.Ī vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information on using the srr-queue bandwidth command, see Cisco's command reference or configuration guide.This CPE have more than 25 Relations. No matter how difficult or simple the task, knowing the right command is usually the key to getting the task completed when working with the Cisco IOS. Whether it's inbound or outbound, being able to control bandwidth on a Cisco switch or router port is a very valuable skill. While there are several different QoS options that might accomplish the same thing, a common method that I've used is the rate-limit command.įor example, on a Cisco router when in Interface Mode, you could limit outbound bandwidth to 1 Mb using the following command: Router(config-if)# rate-limit output 10000000 2000 2000 conform-action continue exceed-action drop Summary What if you're working with a Cisco router instead of a switch? Cisco routers don't support the srr-queue command. What if you want a port speed that's less than 10 Mb? You could limit the port speed to 10 Mb and then use the srr-queue bandwidth limit 90 command to limit the outbound speed of the port to only 1 Mb. However, you probably won't get the same level of performance from the 10-Mb Ethernet port.
But if you want to hard-code the port speed on the Ethernet port to 10 Mb, you could also limit the customer to only 10 Mb of bandwidth using the speed 10 command.
One way would be to manipulate the port speed. Variations on bandwidth limitingĪs with just about everything in the Cisco IOS, there are multiple ways to accomplish the same thing.
Since this is a 100-Mb port, this should limit the outbound traffic from the port to 10 Mb. The 90 sets the outbound bandwidth limit on the port to 90 percent of the port speed. Switch(config-if)# srr-queue bandwidth limit 90 Here's an example: Switch(config)# interface FastEthernet 0/1 To do so, go to Interface Configuration Mode on the switch port, and apply the srr-queue bandwidth limit command.
Obviously, you want to limit the outbound bandwidth on the port to 10 Mb instead of the full 100 Mb. You're selling the bandwidth on the port, and a customer has bought 10 Mb of bandwidth. While we'll focus on the limit option this time, keep in mind that you can also use the srr-queue bandwidth command to shape and share bandwidth.įor example, let's say you have a 100-Mb Ethernet port on a Catalyst switch. Shape Configure shaping on transmit queuesĪs you can see, the command options are limit, shape, and share. Limit Configure bandwidth-limit for this interface For these examples, I'm using a Cisco Catalyst 2960 switch.Įntering the command appended with a question mark will display the command options. This command has been around since IOS 12.2(25). More specifically, the command is srr-queue bandwidth. In the Cisco IOS on a Catalyst switch ( not on a router), there's an Interface Mode command called shape round-robin queue bandwidth.