[c-nsp] 3750 and L3 service policies
Christopher J. Wargaski
wargo1 at gmail.com
Fri Jul 30 00:18:29 EDT 2010
Dzień dobry Pshem--
I have not used service policies on routing switches, however, I do
frequently on routers. A common suggestion is that you do not use
"any" in your ACL. Try using a subnet for matching.
cjw
> Date: Fri, 30 Jul 2010 11:21:12 +1200
> From: Pshem Kowalczyk <pshem.k at gmail.com>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] 3750 and L3 service policies
> Message-ID:
> <AANLkTinkAuzxJkpKG-suZHXjYoDNnjsF2cbzKZchOLSa at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Hi,
>
> We had to deploy some L3 service policies on a WS-C3750E-24TD. After
> the config was put in place we could see it working on the interface,
> but according the the statistics on the input route-map - there was
> nothing matching at all.
> Is that expected? The switch runs only as a L2 switch, except for that
> single access list.
>
> software: 12.2(44)SE1
>
> class-map match-all CLASS_SLAP
> match access-group name ACL_SLAP
>
> policy-map POLICY_SLAP
> class CLASS_SLAP
> police 80000000 128000 exceed-action drop
>
> ip access-list extended ACL_SLAP
> deny tcp any eq www any
> permit ip any any
>
> kind regards
> pshem
More information about the cisco-nsp
mailing list