[c-nsp] Policing on a 3560

Walter Keen walter.keen at RainierConnect.net
Tue Aug 4 16:36:11 EDT 2009


While it may not be ideal, I've run into some cases where match any was 
not available and matching an access list(that matched anything) was my 
only viable option.

Justin Shore wrote:
> I'm having a little trouble doing something that should be simple.  
> I'm using a 3560 as a CPE to break up multiple services and bind them 
> to unique switchports.  I don't normally use 3560s for this.  The port 
> in question is for a 10Mbp PtP with no SLA across our backbone.
>
> What I currently have is apparently not doing anything and I fail to 
> see the flaw in my logic:
>
>
> class-map match-all ALL
> !
> !
> policy-map Re-color-BE
>  description Police to 10Mbps CIR - Re-color ALL to BE
>  class ALL
>   police 10000000 8000 exceed-action drop
>   set ip dscp default
>
>
> This is my QoS trust boundary so I'm re-coloring to 0 and setting muy 
> CIR to 10Mbps.  The switch wouldn't let me define 'match any' in the 
> class-map.  I suspect that I'm not matching anything because of that.  
> I want to match anything coming in that interface and police it to the 
> CIR and drop everything else.  I must be missing something but I'm not 
> sure what it is.  Is there something unique about this platform?  The 
> IOS is 12.2(50)SE1.
>
> Thanks
>  Justin
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 


Walter Keen
Network Technician
Rainier Connect
(o) 360-832-4024
(c) 253-302-0194



More information about the cisco-nsp mailing list