I was reviewing the mail and saw the formatting was off. So I edited it and
resent it. Hope it comes out right now.
Sameer,
Port 1521 is basically a listening port but some applications like SQLnet
use it. From the below Class-map, you match the SQLnet and go about
dropping it.
MATCH ANY PROTOCOL UNDER HERE (WHICH INCLUDES sqlnet)
class-map match-any CRITICAL
match protocol ldap
match protocol sqlnet
LIMIT WHAT HAVE MATCHED IN CLASS "CRITICAL" TO 512000 BITS, MARK IT AS AF21
AND DROP IT.
policy-map BRANCH-LAN
class CRITICAL
set ip dscp af21
police cir 512000
conform-action drop
To permit "SQLNET" but still limit (Police) the bandwidth available for that
traffic, change your "conform-action" command to transmit.
policy-map BRANCH-LAN
class CRITICAL
set ip dscp af21
police cir 512000
conform-action ? (Transmit/permit) Am typing from memory but the "?" will
tell you.
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
sameer inam
Sent: Wednesday, August 18, 2010 4:38 AM
To: ccielab_at_groupstudy.com
Subject: QOS help
Guys ,
I need your help I need to allow the 1521 port on the below configuration ,I
tried couple of things but it didnt work.. the below configuration is remote
side router configuration and applied this configuration on DMVPn Tunnel ,,
we have same configuration on DMVPN hub side as well pleae advice ?
class-map match-all BM-Critical
match access-group name MC-SERVER
class-map match-any CRITICAL
match protocol ldap
match protocol sqlnet
!
!
policy-map BRANCH-LAN
class CRITICAL
set ip dscp af21
police cir 512000
conform-action drop
class BM-Critical
set ip dscp 25
!
!
ip access-list extended MC-SERVER
permit ip any 10.0.1.0 0.0.0.255
Blogs and organic groups at http://www.ccie.net
Received on Wed Aug 18 2010 - 07:40:57 ART
This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART