ip access list extended EF deny ip 10.1.1.0 0.0.0.255 any dscp EF
<---known so bypass policer
ip access list EF permit ip any any dscp EF <--- unknown so police
class-map VOICE
match access-group EF
policy-map POLICE
class VOICE <Corrected
police 128 k 8000
On Wed, Feb 13, 2013 at 11:09 AM, marc edwards <renorider_at_gmail.com> wrote:
> BTW disappointed to find out 2960 doesn't have ingress queuing :( keep
> that in mind
>
> On Wed, Feb 13, 2013 at 11:08 AM, marc edwards <renorider_at_gmail.com> wrote:
>> Thanks Tom. I am looking for a way to trust known apps w/out policer
>> but trust unknown apps w/policer AKA
>>
>> ip access list extended EF deny ip 10.1.1.0 0.0.0.255 any dscp EF <---
>> known so bypass policer
>> ip access list EF permit ip any any dscp EF
>>
>> class-map VOICE
>> match access-group EF
>>
>> policy-map POLICE
>> class EF
>> police 128 k 8000
>>
>> Then trust all markings but have a policer to ward off any apps we
>> don't want hogging pipe. Does that make sense?
>>
>> Marc
>>
>> On Wed, Feb 13, 2013 at 10:37 AM, Tom Kacprzynski <tom.kac_at_gmail.com> wrote:
>>> I believe you'll be able to do that as long as your policy-map does not have
>>> any classification included. I think if it does, once you apply the
>>> policy-map it will remove the port trust.
>>> Can you send the policy-map?
>>>
>>> Thanks
>>>
>>>
>>> Tom Kacprzynski
>>>
>>>
>>> On Sat, Feb 9, 2013 at 8:40 PM, marc edwards <renorider_at_gmail.com> wrote:
>>>>
>>>> Can I trust and have service-policy policer work togethers?
>>>>
>>>> Is the following config kosher?
>>>>
>>>> !
>>>> interface GigabitEthernet1/0/1
>>>> switchport access vlan 7
>>>> srr-queue bandwidth share 10 10 60 20
>>>> priority-queue out
>>>> mls qos trust dscp
>>>> service-policy input INTOPORT
>>>> !
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 13 2013 - 11:10:38 ART
This archive was generated by hypermail 2.2.0 : Fri Mar 01 2013 - 07:57:58 ART