[c-nsp] Policing Confusion
Aaron Riemer
ariemer at wesenergy.com.au
Mon Jan 5 01:45:52 EST 2009
Hi guys,
I am hoping you can help me out with some confusion I am having with
policing. I am testing policing at a remote site with a 512kb WAN
connection. What I am trying to achieve is to police virus updates from
our server so that this traffic can only obtain 128Kbps of the remote
sites bandwidth. I am policing in the outbound direction of the serial
WAN interface at the remote site. My question is how does this affect
traffic coming 'in' to the WAN interface from the outside? i.e. will
this configuration only police traffic going outbound rather than
inbound? It seems the policing isn't working as the virus updates are
still choking the link.
class-map match-all virus-traffic
match access-group 181
class-map match-any mission-critical
match access-group 180
!
policy-map mission-critical
class mission-critical
bandwidth 256
class virus-traffic
police cir 128000
conform-action transmit
exceed-action drop
violate-action drop
class class-default
fair-queue
random-detect
!
Interface Serial0/0
ip address x.x.x.x/x
service-policy output mission-critical
I hope this makes sense.
Thanks in advance.
Aaron.
LEGAL DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
More information about the cisco-nsp
mailing list