access-list

Unanswered Question
Oct 25th, 2009
User Badges:

Hi,

It is a carrier spportin carrier topology


A---DS----CORE---ISP/PE--P----PE---B


Am classifying traffic on core for a particular customer A by standard access-list.access-list 10 permit 10.10.10.1 0.0.0.7 This is the IP address configured on DS switch facing to customer A.


Am calling this access-list in class-map for classification of traffic and am doing policing for traffic at 2 MBps,at egreess interface on core facing to ISP router.


The connection to ISP is back to back VRF.i have created a virtual interface on core for each customer and a layer 2 trunk is connected to ISP router.


WHen i do a extended ping vrf for customer B from DS with source IP of access-list configured i dont see any hit counts on access-list.


Can any body help.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
bmcginn Sun, 10/25/2009 - 18:21
User Badges:
  • Bronze, 100 points or more

Hi there Adam,


Can you post the config?


Brad

Edison Ortiz Sun, 10/25/2009 - 19:40
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

If you are dealing with a Catalyst switch, you won't see any counters on the 'policy-map interface' output as those counters are software counters and QoS is done in hardware.


You must use the 'show mls qos' command


http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_s4.html#wp1084023


"The output does not display policed-counter information; 0 is displayed in its place (for example, 0 packets, 0 bytes). To display dropped and forwarded policed-counter information, enter the show mls qos command. "


Regards


Edison

adamgibs7 Mon, 10/26/2009 - 03:23
User Badges:

Hi


The configs are on Core.


Extended IP access list 101

10 permit ip 10.10.10.0 0.0.0.7 host 10.30.30.1


CORE#sh class-map test

Class Map match-all test (id 1)

Match access-group 101

Class Map match-any class-default (id 0)

Match any

CORE #sh policy-map 4MB

Policy Map 4MB

Class test

police cir 4000000 bc 125000 be 125000

conform-action transmit

exceed-action transmit

violate-action drop

CORE #sh run int vlan X

Building configuration...

Current configuration : 202 bytes

!

interface Vlan X

description connected to ISP for A

ip vrf forwarding A

ip address 10.X.X.X 255.255.255.254

ip flow ingress

service-policy output 4MB

end

DIST#sh run int gig3/1

Building configuration...

Current configuration : 174 bytes

!

interface GigabitEthernet3/1

description Connected to link customer A

ip vrf forwarding A

ip address 10.10.10.1 255.255.255.248


Thanks

Actions

This Discussion