[c-nsp] Evaluation of Multiple Class in Policer
Ziv Leyes
zivl at gilat.net
Wed Feb 20 03:02:54 EST 2008
Everything should be considered in logical order, because a lot of things in cisco works in that order, by indexing "position".
If you need to limit something to 1Mb or drop at all and all the rest to 50Mb, then I'd use the smaller acl number for the first (access-list 122 for TFTP 1Mb) and the higher for the one after it (access-list 123 for allIP 50Mb)
And then in the policy-map match them all from smaller to bigger, or from most specific to less specific. This is also for the human eye's sake, it's easier for a person to understand what is being done this way.
An example of what I'm saying would be something like this:
access-list 122 remark TFTP
access-list 122 permit udp any any eq 69
access-list 123 remark All IP
access-list 123 permit ip any any
class-map match-all TFTP
match access-group 122
!
class-map match-all allIP
match access-group 123
!
policy-map l2policer
class TFTP
police 1000000 conform-action drop exceed-action drop
class allIP
police 50000000 conform-action transmit exceed-action drop
!
interface GigabitEthernet3/6
service-policy input l2policer
Hope this helps
Ziv
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of alaerte.vidali at nsn.com
Sent: Tuesday, February 19, 2008 9:32 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Evaluation of Multiple Class in Policer
Hi,
Sometime ago I saw a document about how Policer evaluate multiple
statements. But could not found it. Any indication?
For example, how policer will evaluate a packet entering interface
gi3/6?
(it will be evaluated against class allIP and class TFTP in any case, or
depends if it matches class allIP?)
class-map match-all TFTP
match access-group 123
!
class-map match-all allIP
match access-group 122
!
policy-map l2policer
class allIP
police 50000000 conform-action transmit exceed-action drop
class TFTP
police 1000000 conform-action drop exceed-action drop
!
interface GigabitEthernet3/6
service-policy input l2policer
Tks,
Alaerte
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
More information about the cisco-nsp
mailing list