Hi.
Have you tried applying it to the control-plane?
I don't think NBAR protocol matching is supported on the control-plane.
Router(config)#do sh run class-map
Building configuration...
Current configuration : 56 bytes
!
class-map match-all ICMP
match protocol icmp
!
end
Router(config)#do sh run policy-map
Building configuration...
Current configuration : 57 bytes
!
policy-map PM_ICMP
class ICMP
police 8000
!
end
Router(config)#control-plane
Router(config-cp)#service-policy in PM_ICMP
Unsupported protocol in 'match protocol'
Unsupported protocol in 'match protocol'
error: failed to install policy map PM_ICMP
HTH
A.
On 6/8/2012 6:11 AM, Don Rajaratne wrote:
> Hi People,
>
> Will be the output same or differ?? Question says limit the outgoing icmp
> messages on control plane policing.
>
> ip access-list ex ICMP
> permit icmp any any
>
> class-map ICMP
> match access-group name ICMP
>
> OR
>
> class-map ICMP
> match protocol icmp
>
> Thanks in advance..
>
> Don
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jun 08 2012 - 06:35:42 ART
This archive was generated by hypermail 2.2.0 : Sun Jul 01 2012 - 10:39:52 ART