[c-nsp] Restricting access to QOS
mb2 at os.datafx.com.au
mb2 at os.datafx.com.au
Mon Jul 31 06:58:53 EDT 2006
We have "standard" GOLD,SILVER,BRONZE + default QOS on our MPLS links -
How do you restrict a client from classifying there egress traffic as
GOLD(When they haven't paid for GOLD access)?
Example - I was hoping I could restrict on input interface, but subints
are not allowed:
class-map match-any GOLD-MPLS-CUSTOMERS
match input-interface FastEthernet0/0.100
class-map match-any SILVER-MPLS-CUSTOMERS
class-map match-any BRONZE-MPLS-CUSTOMERS
class-map match-all GOLD-MPLS
match class-map GOLD-MPLS-CUSTOMERS
match ip precedence 5
class-map match-all SILVER-MPLS
match class-map SILVER-MPLS-CUSTOMERS
match ip precedence 4
class-map match-all BRONZE-MPLS
match class-map BRONZE-MPLS-CUSTOMERS
match ip precedence 3
policy-map MPLS-EGRESS
class GOLD-MPLS
priority percent 5
set mpls experimental topmost 5
set ip precedence 5
class SILVER-MPLS
bandwidth remaining percent 10
random-detect
set mpls experimental topmost 4
set ip precedence 4
class BRONZE-MPLS
bandwidth remaining percent 20
random-detect
set mpls experimental topmost 3
set ip precedence 3
class class-default
set mpls experimental topmost 0
set ip precedence 0
fair-queue
random-detect
interface fastethernet2/0
! This interface connects to the MPLS core
service-policy output MPLS-EGRESS
interface FastEthernet0/0.100
description CLIENTA_VRF
ip vrf forwarding CLIENTA
encapsulation dot1Q 100
ip address 192.168.1.0 255.255.255.0
no snmp trap link-status
So in theory, couldn't CE connected to CLIENTA_VRF on FE0/0.100 set
there precedence as 5 on egress, and our MPLS core would then match
that traffic?
Regards,
MB
-------------------------------------------------------------------------
This e-mail was sent via Data FX Online WebMail http://www.datafx.com.au/
More information about the cisco-nsp
mailing list