BTW disappointed to find out 2960 doesn't have ingress queuing :( keep
that in mind
On Wed, Feb 13, 2013 at 11:08 AM, marc edwards <renorider_at_gmail.com> wrote:
> Thanks Tom. I am looking for a way to trust known apps w/out policer
> but trust unknown apps w/policer AKA
>
> ip access list extended EF deny ip 10.1.1.0 0.0.0.255 any dscp EF <---
> known so bypass policer
> ip access list EF permit ip any any dscp EF
>
> class-map VOICE
> match access-group EF
>
> policy-map POLICE
> class EF
> police 128 k 8000
>
> Then trust all markings but have a policer to ward off any apps we
> don't want hogging pipe. Does that make sense?
>
> Marc
>
> On Wed, Feb 13, 2013 at 10:37 AM, Tom Kacprzynski <tom.kac_at_gmail.com> wrote:
>> I believe you'll be able to do that as long as your policy-map does not have
>> any classification included. I think if it does, once you apply the
>> policy-map it will remove the port trust.
>> Can you send the policy-map?
>>
>> Thanks
>>
>>
>> Tom Kacprzynski
>>
>>
>> On Sat, Feb 9, 2013 at 8:40 PM, marc edwards <renorider_at_gmail.com> wrote:
>>>
>>> Can I trust and have service-policy policer work togethers?
>>>
>>> Is the following config kosher?
>>>
>>> !
>>> interface GigabitEthernet1/0/1
>>> switchport access vlan 7
>>> srr-queue bandwidth share 10 10 60 20
>>> priority-queue out
>>> mls qos trust dscp
>>> service-policy input INTOPORT
>>> !
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 13 2013 - 11:09:27 ART
This archive was generated by hypermail 2.2.0 : Fri Mar 01 2013 - 07:57:58 ART