[c-nsp] Egress policing with a Sup2?

Matyas Koszik koszik at atw.hu
Sat Jul 29 10:56:10 EDT 2006



I'd like to do egress policing with a Sup2, but this is not supported on
the PFC2. I thought it will be easy to get around this restriction by
looping back the traffic to the switch, in a setup like this:

  1    2    3
-\     / - \
 [x]  [x]  [x]
 <vlan 2>  (routed port)

In words: the routed port is looped back to a switched port, which is in
the same vlan as the uplink port, where the traffic should flow. This
should let me do the policing of traffic leaving the routed port.
But the problem is that vlan2 has the same MAC address as the routed port,
so packets coming back will get silently dropped at the vlan2 interface.
(It is not possible to have different MAC addresses on the layer3
interfaces of a Sup2.)

So the question is: is it possible to make this work without adding a
second router to the setup?

(Maybe I should have an IP on the vlan interface after all, and get
the return traffic processed on it... But I'm not sure how good idea is
that.)





More information about the cisco-nsp mailing list