Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

access-list

Hi,

It is a carrier spportin carrier topology

A---DS----CORE---ISP/PE--P----PE---B

Am classifying traffic on core for a particular customer A by standard access-list.access-list 10 permit 10.10.10.1 0.0.0.7 This is the IP address configured on DS switch facing to customer A.

Am calling this access-list in class-map for classification of traffic and am doing policing for traffic at 2 MBps,at egreess interface on core facing to ISP router.

The connection to ISP is back to back VRF.i have created a virtual interface on core for each customer and a layer 2 trunk is connected to ISP router.

WHen i do a extended ping vrf for customer B from DS with source IP of access-list configured i dont see any hit counts on access-list.

Can any body help.

3 REPLIES
Bronze

Re: access-list

Hi there Adam,

Can you post the config?

Brad

Hall of Fame Super Bronze

Re: access-list

If you are dealing with a Catalyst switch, you won't see any counters on the 'policy-map interface' output as those counters are software counters and QoS is done in hardware.

You must use the 'show mls qos' command

http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_s4.html#wp1084023

"The output does not display policed-counter information; 0 is displayed in its place (for example, 0 packets, 0 bytes). To display dropped and forwarded policed-counter information, enter the show mls qos command. "

Regards

Edison

New Member

Re: access-list

Hi

The configs are on Core.

Extended IP access list 101

10 permit ip 10.10.10.0 0.0.0.7 host 10.30.30.1

CORE#sh class-map test

Class Map match-all test (id 1)

Match access-group 101

Class Map match-any class-default (id 0)

Match any

CORE #sh policy-map 4MB

Policy Map 4MB

Class test

police cir 4000000 bc 125000 be 125000

conform-action transmit

exceed-action transmit

violate-action drop

CORE #sh run int vlan X

Building configuration...

Current configuration : 202 bytes

!

interface Vlan X

description connected to ISP for A

ip vrf forwarding A

ip address 10.X.X.X 255.255.255.254

ip flow ingress

service-policy output 4MB

end

DIST#sh run int gig3/1

Building configuration...

Current configuration : 174 bytes

!

interface GigabitEthernet3/1

description Connected to link customer A

ip vrf forwarding A

ip address 10.10.10.1 255.255.255.248

Thanks

108
Views
5
Helpful
3
Replies
CreatePlease to create content