From: Venkataramanaiah.R (vramanaiah@gmail.com)
Date: Sun Sep 11 2005 - 08:51:45 GMT-3
Hi Jacky,
Your configuration will only apply to hosts in the
10.1.1.0<http://10.1.1.0>network, whereas the book configuration will
apply to all the traffic coming
into the interface. This exactly meets the requirement. Of course, to apply
to all traffic, you dont need need that access-list 10. But then the
requirement states, use one ACL, so i guess book solution would be more
appropriate.
-Venkat
On 9/11/05, jackyliu@cyberport.com.hk <jackyliu@cyberport.com.hk> wrote:
>
> Hi guys,
>
> A book's question request me to limit the incoming traffic
> with ip precedence marking 1, 5, 7 at 2mb or below from the
> LAN side and drop the exceeding packets. It also request me
> to create only a single access-list to finish the task.
>
> My approach:
> policy-map in-traffic
> police 2000000 5000 10000 conform-action transmit
> exceed-action drop violate-action drop
> !
> class-map match-all 1-5-7
> match ip precedence 1 5 7
> match access-group 10
> !
> access-list 10 permit 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>
> !
> interface e0
> service-policy input in-traffic
>
>
>
> The book's approach
>
> interface e0
> ip address 10.1.1.254 <http://10.1.1.254>
255.255.255.0<http://255.255.255.0>
> rate-limit 2000000 5000 10000 access-group 20 confrom-action
> transmit exceed-action drop
> !
> access-list 20 rate-limit mask A2
>
> Is my approach also can achieve the task? Just want to know
> the different there =)
>
> Cheers!
> Jacky
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3