From: Popgeorgiev Nikolay (nikolay.popgeorgiev@siemens.com)
Date: Wed Jun 21 2006 - 03:43:17 ART
Hello guys,
Petr can you tell me what will be the problem if we use a class map matching only http and onother matching tcp without http
Access-list 101 permit tcp any any eq www
Access-list 102 deny tcp any any eq www
Access-list 102 permit tcp any any
Class-map www
Match acess-group 101
Class-map tcp
Match access-group 102
Policy-map pm
class www
police x
class tcp
police y
Interface ser0/0/0
service policy output pm
It will match the one needed to be policed and that's it ?
Best,
Nick
-----Original Message-----
From: Petr Lapukhov [mailto:petr@internetworkexpert.com]
Sent: Tuesday, June 20, 2006 5:43 PM
To: Stavros Filargyropoulos
Cc: ccielab@groupstudy.com
Subject: Re: Access-list / Police / MQC
Hm,
since HTTP is TCP traffic too, maybe you should use
nested policers?
Like that (typing out of my head, prone to typos ;)
---access-list 100 permit tcp any any access-list 101 permit tcp any any eq www
class-map TCP match access-group 100
class-map WWW match access-group 101
policy-map POLICE_WWW class WWW police 3000000
policy-map POLICE_TCP class TCP police 5000000 service-policy POLICE_WWW
HTH
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.com
Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:33 ART