[c-nsp] Per port per vlan policing on ME-6524
Lobo
lobotiger at gmail.com
Fri Mar 4 15:52:45 EST 2011
Hey everyone. I've been trying to replicate the per-port per vlan
policing that we do on our C3750s on an ME-6524 we have in our lab but
I'm coming across a rejection by the router/switch whenever I attempt to
apply the policy-map to the SVI.
This is the configuration I'm using:
mac access-list extended AnyMac
permit any any
!
access-list 101 permit ip any any
!
class-map match-all L2-Traffic
match access-group name AnyMac
class-map match-all IP-Traffic
match access-group 101
class-map match-any ALL-TRAFFIC-G1/22
match input-interface GigabitEthernet1/22
class-map match-any ALL-TRAFFIC-G1/31
match input-interface GigabitEthernet1/31
!
policy-map VLAN888_CHILD
class ALL-TRAFFIC-G1/22
police 3000000 conform-action transmit exceed-action drop
class ALL-TRAFFIC-G1/31
police 3000000 conform-action transmit exceed-action drop
!
policy-map VLAN888_PARENT
class L2-Traffic
trust dscp
service-policy VLAN888_CHILD
class IP-Traffic
trust dscp
service-policy VLAN888_CHILD
!
Applying the "parent" policy-map on SVI 888 results in this:
PE03(config-if)#int vl 888
PE03(config-if)#service-policy input VLAN888_PARENT
Match input interface is not supported for this interface
PE03(config-if)#
I've configured "mls qos vlan-based" on the two physical interfaces just
like we do on our 3750s. ME-6524 is running 12.2(33)SXH6 Advanced IP
Services. Not sure what else I can do considering that the specs state
that this feature is support on this platform.
Thanks for any tips.
Jose
More information about the cisco-nsp
mailing list