From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Aug 19 2005 - 18:15:49 GMT-3
Hi guys,
I want to drop all traffic coming from int X except for some other traffic
also from int X as it leaves int Y.
My thought was to create a class for ping traffic but don't specify any
policy-map action. As long as this class is before the other class, this
should work.
But, will this work?
I wasn't sure at first because I didn't know if I could have a class which
didn't have an associated action.
So, I ran a test where I created an acl which permitted pings called
DONT-DO-ANYTHING.
class-map match-all DROP
match input-interface X
class-map match-all DONT-DO-ANYTHING
match access-group name DONT-DO-ANYTHING
!
!
policy-map WILL-THIS-WORK
class DONT-DO-ANYTHING <--- notice: no action is specified
class DROP
drop
int Y
service-policy output WILL-THIS-WORK
Here are the results:
R2#sh policy in e0/0
Ethernet0/0
Service-policy output: WILL-THIS-WORK
Class-map: DONT-DO-ANYTHING (match-all)
50 packets, 5700 bytes
5 minute offered rate 2000 bps
Match: access-group name DONT-DO-ANYTHING
Class-map: DROP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: input-interface Multilink1
drop
Class-map: class-default (match-any)
20 packets, 1661 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
The pings came arrived on interface Multilink 1 but didn't get dropped.
I thought some might like seeing this.
Tim
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3