Try putting the ACL on the interface instead of in the class-map. I don't
know if you see ACL hits if it's used within a class-map.
If you issue the 'show policy-map interface' you should see traffic being
matched by that class. Which is another way of seeing if the traffic really
hits your QoS policy.
And a ACL that matches IP traffic also matches ICMP traffic, so no need for
changing that :-)
--
Regards,
Rick Mur
CCIE2 #21946 (R&S / Service Provider)
Sr. Support Engineer � IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Oct 26, 2009 at 1:31 PM, Iwan Hoogendoorn <iwan_at_ipexpert.com> wrote:
> Mike,
>
> If you want to count ping packets you should create an ACL that
> matches ICMP and not IP.
>
> --
> Regards,
>
> Iwan Hoogendoorn
> CCIE #13084 (R&S / Security / SP)
> Sr. Support Engineer IPexpert, Inc.
> URL: http://www.IPexpert.com
>
> On Mon, Oct 26, 2009 at 11:41 AM, mike arnold <haynessmith70_at_gmail.com>
> wrote:
> > Hi,
> >
> > Am classifying traffic on Core 6500 for a customer A by Extended
> > access-list.access-list 101 permit 10.10.10.1 0.0.0.7 host
> > 10.30.30.1 ,Subnet configured on DS switch facing to customer A. Am
> calling
> > this access-list in class-map for classification of traffic and am doing
> > policing for traffic at 4MBps,at egreess interface on core facing to ISP
> > router. The connection to ISP is back to back VRF.i have created a
> virtual
> > interface on core for each customer and a layer 2 trunk is connected to
> ISP
> > router.
> >
> > When i do a extended ping vrf for customer B from DS with source IP of
> > access-list configured i dont see any hit counts on access-list.
> >
> > Secnario:
> >
> > A---DS----CORE---ISP/PE--P----PE---B
> >
> > CORE Configs
> >
> > The configs are on Core.
> >
> > Extended IP access list 101
> > 10 permit ip 10.10.10.0 0.0.0.7 host 10.30.30.1
> >
> > CORE#sh class-map test
> > Class Map match-all test (id 1)
> > Match access-group 101
> > Class Map match-any class-default (id 0)
> > Match any
> >
> > CORE #sh policy-map 4MB
> > Policy Map 4MB
> > Class test
> > police cir 4000000 bc 125000 be 125000
> > conform-action transmit
> > exceed-action transmit
> > violate-action drop
> >
> > CORE #sh run int vlan X
> > Building configuration...
> > Current configuration : 202 bytes
> > !
> > interface Vlan X
> > description connected to ISP for A
> > ip vrf forwarding A
> > ip address 10.X.X.X 255.255.255.254
> > ip flow ingress
> > service-policy output 4MB
> > end
> >
> > DIST#sh run int gig3/1
> > Building configuration...
> > Current configuration : 174 bytes
> > !
> > interface GigabitEthernet3/1
> > description Connected to link customer A
> > ip vrf forwarding A
> > ip address 10.10.10.1 255.255.255.248
> >
> > Thanks
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
> --
> Regards,
>
> Iwan Hoogendoorn
> CCIE #13084 (R&S / Security / SP)
> Sr. Support Engineer IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Oct 26 2009 - 14:22:54 ART