my service-policy is not working on inbound. it works on outbound, but I need to apply it on IN as well.
please check what I am doing wrong. thank you in advance.
ip access-list extended ACL-TEST-LIMIT50
permit ip any any
class-map match-all CLASS-TEST-LIMIT50
match access-group name ACL-TEST-LIMIT50
police 50000000 40000 conform-action drop exceed-action drop violate-action drop
int vlan 103
service-policy input MAP-TEST-LIMIT50
with traffic up to 100mb/s, I almost don't see the matches:
sh ip access-lists ACL-TEST-LIMIT50
Extended IP access list ACL-TEST-LIMIT50
10 permit ip any any (1 match)
c7600 / Version 12.2(33)SRE2
Have a nice day,
You said " when I put it on the interface it blocked all traffic to host"
That is exactly what is going to happen, because of Your policy.
The policy states " conform-action drop"
do we have 'mls qos vlan-based' configured on the physical port through which the traffic is ingressing.