09-09-2009 02:15 PM - edited 03-18-2019 10:33 AM
Looking for a sanity check. I was going to lab it up but decided to check here first.
On an inbound interface, I want to apply a "go-nogo" ACL filter, and then use a service -policy to modify the traffic that made it through the initial ACL.
For example: I want the inbound ACL to only permit traffic from 1.1.1.0/24 and deny all else. Then, I want the service-policy (using class maps and policy maps) to manipulate/modify the traffic before it hits the routing process. So, in this example, the only traffic that would hit the class map ACLs would be sourced from 1.1.1.0/24 - as all other traffic would have been denied by the inbound ACL.
Is this correct?
Jeff
Solved! Go to Solution.
09-09-2009 08:31 PM
Hi Jeff,
This link I think points you to your answer:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
Specifically, the first check in each of these operations is the input ACL, and the last is 'Queueing'. The outbound ACL is before Queueing in this as well.
The document was created for NAT, but I believe that by taking the NAT steps out you will see what the order of operation is here.
In short - you should be fine, and will queue only allowed traffic.
Hope this clarifies.
-nick
09-09-2009 08:31 PM
Hi Jeff,
This link I think points you to your answer:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
Specifically, the first check in each of these operations is the input ACL, and the last is 'Queueing'. The outbound ACL is before Queueing in this as well.
The document was created for NAT, but I believe that by taking the NAT steps out you will see what the order of operation is here.
In short - you should be fine, and will queue only allowed traffic.
Hope this clarifies.
-nick
09-10-2009 06:42 AM
Nick -
Thanks for the sanity check. Will lab it up now
Jeff
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide