From: gladston@br.ibm.com
Date: Thu Sep 02 2004 - 10:59:02 GMT-3
Thanks. It works is "set ip dscp" instead of "police 1000000 1000000 1000000 conform-action set-dscp-transmit 50 exceed-action drop"
RT#sh access-list 190
Extended IP access list 190
permit ip any any dscp 50 (54 matches)
permit ip any any (219696 matches)
As you can see on my second post, I configure policy input on the vlanXX and applied access-list output on the ATM.
The only thing that changed now is that instead of police with "police...set-dscp-transmit 50..." it is used "set ip dscp 50".
Is it the normal behavior? Or the box should transmit and mark with DSCP 50 with the previous command but is has some bug?
RT#sh run | b Not-Authorized-Traffic
class-map match-any Not-Authorized-Traffic
match protocol kazaa2
match protocol fasttrack
match protocol napster
match protocol gnutella
match protocol http url "*worm*"
match protocol http url "*trojan*"
match protocol http url "*code-red*"
!
policy-map Not-Authorized-Traffic
class Not-Authorized-Traffic
set ip dscp 50
RT#sh run | b Vlanxx
interface Vlanxx
service-policy input Not-Authorized-Traffic
RT#sh run | b ATM0/0/0.500
ip access-group 190 out
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:34 GMT-3