Re: Service policy or acces-list for the traffic control ?

From: Bob Sinclair (bsin@cox.net)
Date: Wed Oct 20 2004 - 07:08:19 GMT-3

• Next message: ccie2be: "Re: Correction to DHCP Ip Address Negotiated....."
• Previous message: Carlos G Mendioroz: "Re: Service policy or acces-list for the traffic control ?"
• Maybe in reply to: Cisco Net: "Service policy or acces-list for the traffic control ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Carlos,

Policy-maps can be applied both inbound and outbound using the
service-policy command. I know you are a clueful guy, so we'll overlook it
this time :)

Bob Sinclair
CCIE #10427, CISSP, MCSE
www.netmasterclass.net

----- Original Message -----
From: "Carlos G Mendioroz" <tron@huapi.ba.ar>
To: "Bob Sinclair" <bsin@cox.net>
Cc: "Cisco Net" <network.cisco@gmail.com>; "Group Study"
<ccielab@groupstudy.com>
Sent: Wednesday, October 20, 2004 5:46 AM
Subject: Re: Service policy or acces-list for the traffic control ?

>I may be sleepy (well, I'm certainly am) but isn't service policy an
>outbound traffic related config ?
>
> Bob Sinclair wrote:
>> Cert,
>>
>> If you have this configured, then please do "show access-lists" and "show
>> policy-map interface". The output should answer your question, and
>> perhaps you would share it with us. The docs say that "common
>> classification" occurs befor acls. See link here:
>>
>> http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml
>> Bob Sinclair
>> CCIE #10427, CISSP, MCSE
>> www.netmasterclass.net
>>
>> ----- Original Message ----- From: "Cisco Net" <network.cisco@gmail.com>
>> To: "Group Study" <ccielab@groupstudy.com>
>> Sent: Tuesday, October 19, 2004 6:47 PM
>> Subject: Service policy or acces-list for the traffic control ?
>>
>>
>>> Hi
>>> I have a service policy defined on the interface to match all the
>>> incoming http packets and drop.
>>>
>>> At the same time i have an ACL specified on the same interface
>>> (incoming) as to deny all the http packets.
>>>
>>> Which one of this action will be taken first ? ACL or service policy.?
>>>
>>> So if i have the following to be denyed,
>>> Incoming http, ftp, smtp , telnet. Also the question says to not use any
>>> acls
>>> for smtp/telnet traffic control and should use acl for ftp/smtp. Then
>>> can i use the following,
>>> 1- http/ftp with acl (IN)
>>> 2- smtp/telnet with service policy (IN) with match protocol and drop
>>> Regards
>>> Cert
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
> --
> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

• Next message: ccie2be: "Re: Correction to DHCP Ip Address Negotiated....."
• Previous message: Carlos G Mendioroz: "Re: Service policy or acces-list for the traffic control ?"
• Maybe in reply to: Cisco Net: "Service policy or acces-list for the traffic control ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:50 GMT-3