From: Derek Pocoroba (dpocoroba@gmail.com)
Date: Fri Oct 05 2007 - 13:07:56 ART
Nice to see you spell Derek properly :-)
As for the difference, the second example would be useful if you have more
then 1x port in a VLAN. When you use "mls qos vlan-based" it will basically
bind the policy on the SVI to that port in question.
I guess it would depend on how the question is asked or stated.
HTH
On 10/4/07, Derek Chan <derekc@mad.scientist.com> wrote:
>
> Can someone tell me the difference of the following two configurations on
> CAT3560:
>
> * Task police the all IP traffic from VLAN 10 to 64 kbps with burst
> of
> 2 Kb and drop the exceed packets.
> * Vlan 10 is on interface FA0/10 of the CAT 3560.
>
> Configuration 1:
>
> Interface FastEthernet 0/10
> Switchport access vlan 10
> Switchport mode access
> Service-policy input VLAN10-LIMIT
> !
> Access-list 100 permit ip any any
> !
> Class-map match-all ALL-TRAFFIC
> Match access-group 100
> !
> Policy-map VLAN10-LIMIT
> Class ALL-TRAFFIC
> Police 64000 2000 exceed-action drop
> !
>
> Configuration 2:
>
> Interface FastEthernet 0/10
> Switchport access vlan 10
> Switchport mode access
> Mls qos vlan-based
> Access-list 100 permit ip any any
> !
> Class-map match-all ALL-TRAFFIC
> Match access-group 100
> !
> Policy-map VLAN10-LIMIT
> Class ALL-TRAFFIC
> Police 64000 2000 exceed-action drop
> !
> Interface VLAN 10
> No ip address
> Service-policy input VLAN10-LIMIT
> !
>
> To me, those two configurations do the same job and confirm with the task
> requirement. Why would one will use one configure over the other?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Derek Pocoroba CCIE #18559
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART