Thanks Tom. I am looking for a way to trust known apps w/out policer
but trust unknown apps w/policer AKA
ip access list extended EF deny ip 10.1.1.0 0.0.0.255 any dscp EF <---
known so bypass policer
ip access list EF permit ip any any dscp EF
class-map VOICE
match access-group EF
policy-map POLICE
class EF
police 128 k 8000
Then trust all markings but have a policer to ward off any apps we
don't want hogging pipe. Does that make sense?
Marc
On Wed, Feb 13, 2013 at 10:37 AM, Tom Kacprzynski <tom.kac_at_gmail.com> wrote:
> I believe you'll be able to do that as long as your policy-map does not have
> any classification included. I think if it does, once you apply the
> policy-map it will remove the port trust.
> Can you send the policy-map?
>
> Thanks
>
>
> Tom Kacprzynski
>
>
> On Sat, Feb 9, 2013 at 8:40 PM, marc edwards <renorider_at_gmail.com> wrote:
>>
>> Can I trust and have service-policy policer work togethers?
>>
>> Is the following config kosher?
>>
>> !
>> interface GigabitEthernet1/0/1
>> switchport access vlan 7
>> srr-queue bandwidth share 10 10 60 20
>> priority-queue out
>> mls qos trust dscp
>> service-policy input INTOPORT
>> !
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 13 2013 - 11:08:26 ART
This archive was generated by hypermail 2.2.0 : Fri Mar 01 2013 - 07:57:58 ART