From: Sydney Hawke (sydneyhawke@yahoo.com)
Date: Sun Apr 22 2007 - 06:07:03 ART
Hi All,
I am testing a QoS solution with one physical interface that have two subinterfaces configured to connect to two routers.
The goal is to match on the interface and then prevent them from being able to communicate with each other ie this router will not act as a transit router under no circumastances.
Config in ROUTER1:
class-map match-all FROM_ROUTER3
match input-interface FastEthernet0/1
class-map match-all FROM_ROUTER2
match input-interface FastEthernet0/1
!
policy-map TO_ROUTER2
class FROM_ROUTER3
drop
policy-map TO_ROUTER3
class FROM_ROUTER2
drop
interface FastEthernet0/1.3
service-policy output TO_ROUTER3
interface FastEthernet0/1.2
service-policy output TO_ROUTER2
I have not been able to get this to work because I can still ping between ROUTER2 and ROUTER3 and perhaps this is not a workable solution, can anyone help me to understand if this should work or perhaps you cannot match on an interface and then use it as an outgoing policy?
It works if I put it on another interface on the router ie two separate interfaces.
Best Regards,
Sydney
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:36 ART