[c-nsp] One or two policy and class maps?

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Sat Oct 20 15:54:20 EDT 2007 

Frank,

according do http://tinyurl.com/yrk2al, you cannot perform egress
policing on a Vlan, we can only apply egress policers on the ports,
which will likely not achieve what you want.

	oli

Frank Bulk <> wrote on Saturday, October 20, 2007 9:09 PM:

> Anyone have any thoughts on this?  I also learned that my service
> policy is not working, either, so suggestions to rectify it would be
> helpful. 
> 
> I'm running c7600rsp72043-advipservicesk9-mz.122-33.SRB1
> 
> Regards,
> 
> Frank
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Frank Bulk
> Sent: Thursday, October 18, 2007 9:36 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] One or two policy and class maps?
> 
> I have a 7609-S with the RSP720 and PFC3C, which supports in and
> outbound QoS flows.
> 
> Should I be using one or two policy and class maps?  The first
> method, if I understand this correctly, has a single service policy
> in configuration that is moot because there will never be matches one
> direction.  The second one, while more complex, eliminates checking
> flow ACL matches that will never exist.
> 
> This:
> 
> class-map match-any test-networks
>   match access-group name test-policer-inbound
>   match access-group name test-policer-outbound
> 
> policy-map test-policer
>   class test-networks
>    police cir 2000000 pir 2000000    conform-action transmit
> exceed-action drop
> 
> interface Vlan203
>  ip address 167.a.b.c 255.255.255.252
>  service-policy input test-policer
>  service-policy output test-policer
> end
> 
> or this:
> 
> class-map match-any test-inbound-networks
>   match access-group name test-policer-inbound
> 
> class-map match-any test-outbound-networks
>   match access-group name test-policer-outbound
> 
> policy-map test-inbound-policer
>   class test-inbound-networks
>    police cir 2000000 pir 2000000    conform-action transmit
> exceed-action drop
> 
> policy-map test-outbound-policer
>   class test-outbound-networks
>    police cir 2000000 pir 2000000    conform-action transmit
> exceed-action drop
> 
> interface Vlan203
>  ip address 167.a.b.c 255.255.255.252
>  service-policy input test-inbound-policer
>  service-policy output test-outbound-policer
> end
> 
> The rest of the config can be found below.
> 
> Regards,
> 
> Frank
> =====================================================
> vlan 203
>  name Test
> 
> interface GigabitEthernet1/5
>  description Test
>  switchport
>  switchport access vlan 203
>  speed 100
>  duplex full
> 
> ip access-list extended test-policer_inbound
>  permit ip any d.e.f.0 0.0.0.255
> ip access-list extended test-policer_outbound
>  permit ip d.e.f.0 0.0.0.255 any
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list