From: Chris Lewis (chrlewiscsco@gmail.com)
Date: Thu Dec 15 2005 - 16:54:27 GMT-3
I don't think so. The ACL denies everything, so nothing will get classified
in to the ICMP class, so it will drop to the class-default and be passed.
The better approach is to always classify the things in to a class first,
then define the ation within the policy-map, so in this case you would have
the ACL permit all ICMP, then in the policy map use the drop command as the
action.
Chris
On 12/15/05, Chad Hintz <ccie_2b2004@yahoo.com> wrote:
>
> Hi All,
>
> I have a question on denying traffic within MQC.
> For instance I want to permit http and give 200k allow ftp and give
> 100k. Then I want to deny icmp and allow all other traffic. How would I
do
> this within MQC? I know how to setup the class map to allow and and give
> bandwidth. I think the correct answer would be:
>
> ip cef
> class-map http
> match protocol http
> class-map ftp
> match protocol ftp
> class-map icmp
> match access-group icmp
>
> ip access-list ext icmp
> deny icmp any any
>
> policy-map MQC
> class http
> bandwidth 200
> class ftp
> bandwidth 100
> class icmp
> class class-default
> fair-queue
>
> int s0/0
> service-policy output MQC
>
>
> Is this correct?
>
>
> TIA,
>
> Chad
>
>
>
> ---------------------------------
> Yahoo! Shopping
> Find Great Deals on Holiday Gifts at Yahoo! Shopping
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:51 GMT-3