[c-nsp] Evaluation of Multiple Class in Policer

Ziv Leyes zivl at gilat.net
Wed Feb 20 03:02:54 EST 2008


Everything should be considered in logical order, because a lot of things in cisco works in that order, by indexing "position".
If you need to limit something to 1Mb or drop at all and all the rest to 50Mb, then I'd use the smaller acl number for the first (access-list 122 for TFTP 1Mb) and the higher for the one after it (access-list 123 for allIP 50Mb)
And then in the policy-map match them all from smaller to bigger, or from most specific to less specific. This is also for the human eye's sake, it's easier for a person to understand what is being done this way.

An example of what I'm saying would be something like this:

access-list 122 remark TFTP
access-list 122 permit udp any any eq 69

access-list 123 remark All IP
access-list 123 permit ip any any

class-map match-all TFTP
  match access-group 122
!
class-map match-all allIP
  match access-group 123
!
policy-map l2policer
  class TFTP
   police 1000000    conform-action drop     exceed-action drop
 class allIP
   police 50000000    conform-action transmit     exceed-action drop
!
interface GigabitEthernet3/6
 service-policy input l2policer



Hope this helps
Ziv


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of alaerte.vidali at nsn.com
Sent: Tuesday, February 19, 2008 9:32 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Evaluation of Multiple Class in Policer

 Hi,

Sometime ago I saw a document about how Policer evaluate multiple
statements. But could not found it. Any indication?

For example, how policer will evaluate a packet entering interface
gi3/6?
(it will be evaluated against class allIP and class TFTP in any case, or
depends if it matches class allIP?)

class-map match-all TFTP
  match access-group 123
!
class-map match-all allIP
  match access-group 122
!
policy-map l2policer
  class allIP
   police 50000000    conform-action transmit     exceed-action drop
  class TFTP
   police 1000000    conform-action drop     exceed-action drop
!
interface GigabitEthernet3/6
 service-policy input l2policer

Tks,
Alaerte
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************





 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




More information about the cisco-nsp mailing list