[c-nsp] One or two policy and class maps?

Frank Bulk frnkblk at iname.com
Sat Oct 20 15:08:40 EDT 2007 

Anyone have any thoughts on this?  I also learned that my service policy is
not working, either, so suggestions to rectify it would be helpful.

I'm running c7600rsp72043-advipservicesk9-mz.122-33.SRB1

Regards,

Frank 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Frank Bulk
Sent: Thursday, October 18, 2007 9:36 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] One or two policy and class maps?

I have a 7609-S with the RSP720 and PFC3C, which supports in and outbound
QoS flows.

Should I be using one or two policy and class maps?  The first method, if I
understand this correctly, has a single service policy in configuration that
is moot because there will never be matches one direction.  The second one,
while more complex, eliminates checking flow ACL matches that will never
exist.

This:

class-map match-any test-networks
  match access-group name test-policer-inbound
  match access-group name test-policer-outbound

policy-map test-policer
  class test-networks
   police cir 2000000 pir 2000000    conform-action transmit
exceed-action drop

interface Vlan203
 ip address 167.a.b.c 255.255.255.252
 service-policy input test-policer
 service-policy output test-policer
end

or this:

class-map match-any test-inbound-networks
  match access-group name test-policer-inbound

class-map match-any test-outbound-networks
  match access-group name test-policer-outbound

policy-map test-inbound-policer
  class test-inbound-networks
   police cir 2000000 pir 2000000    conform-action transmit
exceed-action drop

policy-map test-outbound-policer
  class test-outbound-networks
   police cir 2000000 pir 2000000    conform-action transmit
exceed-action drop

interface Vlan203
 ip address 167.a.b.c 255.255.255.252
 service-policy input test-inbound-policer
 service-policy output test-outbound-policer
end

The rest of the config can be found below.

Regards,

Frank
=====================================================
vlan 203
 name Test

interface GigabitEthernet1/5
 description Test
 switchport
 switchport access vlan 203
 speed 100
 duplex full

ip access-list extended test-policer_inbound
 permit ip any d.e.f.0 0.0.0.255
ip access-list extended test-policer_outbound
 permit ip d.e.f.0 0.0.0.255 any

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list