Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Question about ACL building for QoS or Policing

Hi,

I would like to apply policing on a C3750 interface, for all trafic matching 10.0.0.0 / 8, except for subnet 10.0.0.0 / 24.

I plan to apply the following configuration, with an ACL that denies 10.0.0.0 / 24 then accept 10.0.0.0 / 8.

I quite sure of the answer but need a confirmation about the following configuration correct ? (10.0.0.0 / 24 will be not blocked, and no policing will be apply on it?)

ip access-list extended TEST

deny tcp 10.0.0.0 0.0.0.255 any eq 5000

permit tcp any 10.0.0.0 0.255.255.255 any eq 5000

!

class-map TEST

match access-group name TEST

!

policy-map TEST

class TEST

police 100000

!

interface f0/1

service-policy input TEST

Thanks by advance

P.

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Question about ACL building for QoS or Policing

Hello Paris,

your understanding is correct

10.0.0.0/24 will not be blocked (because the ACL is not applied at interface level)  and will not be policed because it is not part of traffic class TEST

Hope to help

Giuseppe

2 REPLIES
Hall of Fame Super Silver

Question about ACL building for QoS or Policing

Hello Paris,

your understanding is correct

10.0.0.0/24 will not be blocked (because the ACL is not applied at interface level)  and will not be policed because it is not part of traffic class TEST

Hope to help

Giuseppe

New Member

Question about ACL building for QoS or Policing

Hi Giuseppe.

ok, thanks

P

437
Views
0
Helpful
2
Replies