[c-nsp] Policing on a 3560
Sigurbjörn Birkir Lárusson
sigurbjornl at vodafone.is
Tue Aug 4 17:00:19 EDT 2009
Why not use class-default?
Kind regards,
Sibbi
On 4.8.2009 20:36, "Walter Keen" <walter.keen at rainierconnect.net> wrote:
> While it may not be ideal, I've run into some cases where match any was
> not available and matching an access list(that matched anything) was my
> only viable option.
>
> Justin Shore wrote:
>> I'm having a little trouble doing something that should be simple.
>> I'm using a 3560 as a CPE to break up multiple services and bind them
>> to unique switchports. I don't normally use 3560s for this. The port
>> in question is for a 10Mbp PtP with no SLA across our backbone.
>>
>> What I currently have is apparently not doing anything and I fail to
>> see the flaw in my logic:
>>
>>
>> class-map match-all ALL
>> !
>> !
>> policy-map Re-color-BE
>> description Police to 10Mbps CIR - Re-color ALL to BE
>> class ALL
>> police 10000000 8000 exceed-action drop
>> set ip dscp default
>>
>>
>> This is my QoS trust boundary so I'm re-coloring to 0 and setting muy
>> CIR to 10Mbps. The switch wouldn't let me define 'match any' in the
>> class-map. I suspect that I'm not matching anything because of that.
>> I want to match anything coming in that interface and police it to the
>> CIR and drop everything else. I must be missing something but I'm not
>> sure what it is. Is there something unique about this platform? The
>> IOS is 12.2(50)SE1.
>>
>> Thanks
>> Justin
>>
>>
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list