cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
865
Views
0
Helpful
1
Replies

Question about service policy- ACE

nygenxny123
Level 1
Level 1

I was under the impression that service policies had to be applied to an interface and that each interface could

have only one service poicy. But i found the following config in our ACE

service-policy input CUSTOMER-OUTBOUND-POLICY
service-policy input CUSTOMER2-OUTBOUND-POLICY

interface vlan 11
  description Web DMZ
  ip address 172.20.11.2 255.255.255.0
  alias 172.20.11.1 255.255.255.0
  peer ip address 172.20.11.3 255.255.255.0
  no normalization
  access-group input PERMIT_ALL
  nat-pool 2 172.20.11.121 172.20.110.121 netmask 255.255.255.0 pat
  service-policy input VIP
  service-policy input VIPS_POLICY
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  no shutdown

are the above global service policies on the ACE as in a FW?

What is the benefit of using a global policy over one applied to a specific vlan interface

1 Reply 1

litrenta
Level 3
Level 3

You can have multiple service policies on an interface and you can have global service policies.

Service policies are compiled when applied and merged into a single internal access-list structure.

As a best practice if you have many interfaces it is best to apply service polices on the appropriate interface since this would not waste the overhead into merging for all interfaces and possibly depleting acl resources.

Review Cisco Networking for a $25 gift card