cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
347
Views
0
Helpful
2
Replies

Implementing an ACL and a Service-Policy on same interface

jeffrey.girard
Level 1
Level 1

Looking for a sanity check. I was going to lab it up but decided to check here first.

On an inbound interface, I want to apply a "go-nogo" ACL filter, and then use a service -policy to modify the traffic that made it through the initial ACL.

For example: I want the inbound ACL to only permit traffic from 1.1.1.0/24 and deny all else. Then, I want the service-policy (using class maps and policy maps) to manipulate/modify the traffic before it hits the routing process. So, in this example, the only traffic that would hit the class map ACLs would be sourced from 1.1.1.0/24 - as all other traffic would have been denied by the inbound ACL.

Is this correct?

Jeff

1 Accepted Solution

Accepted Solutions

Hi Jeff,

This link I think points you to your answer:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Specifically, the first check in each of these operations is the input ACL, and the last is 'Queueing'. The outbound ACL is before Queueing in this as well.

The document was created for NAT, but I believe that by taking the NAT steps out you will see what the order of operation is here.

In short - you should be fine, and will queue only allowed traffic.

Hope this clarifies.

-nick

View solution in original post

2 Replies 2

Hi Jeff,

This link I think points you to your answer:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Specifically, the first check in each of these operations is the input ACL, and the last is 'Queueing'. The outbound ACL is before Queueing in this as well.

The document was created for NAT, but I believe that by taking the NAT steps out you will see what the order of operation is here.

In short - you should be fine, and will queue only allowed traffic.

Hope this clarifies.

-nick

Nick -

Thanks for the sanity check. Will lab it up now

Jeff

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: