Hello All. I have the below ACL applied inbound on a vlan interface, int vlan 808. I would like to match against this ACL in a class-map and then apply it to a policy-map that'll set the dscp 10 for ssh and tacacs traffic. All other traffic I do not want to change. The service policy will then be applied to int vlan 808 as "service-policy input MGMT-TRAFFIC-POLICY". And then I'd like to remove the "ip access-group MGMT_TRAFFIC in" from the int vlan 808.
Is it possible to do so without creating two separate ACLs...if so how? If I did have to use two separate ACLs how would I configure the class-map and/or policy-map to not change the other traffic. Thanks.
ip access-list extended MGMT_TRAFFIC permit udp any eq snmp any permit icmp any any permit udp any gt 0 any eq 1645 1646 log permit udp any gt 0 any eq 1812 1813 permit udp any eq tftp any permit udp any eq ntp any permit udp any gt 0 any eq syslog permit udp any eq snmptrap any permit tcp any eq 443 any permit udp any gt 0 any lt 65534 permit igmp any any permit tcp any gt 0 any eq tacacs log permit tcp any eq 22 any gt 0 log deny ip any any log
In scaled EVPN deployments it can be wise to name ESI that way to represent the site/physical port/etc it is attached to. Thus on some remote location you can easily verify where particular route/MAC is coming from. Similar to phone numbers, where...
Want to enable Feature EPFT with “routing-protocols-enable”. However ,it is throwing an error and ask to configure the following command: “non-subscriber-interfaces mac” which once enabled drops the traffic without any penalty.
XR-vm - CLI's
look for any process crash, review time stamp[if it is too old, then no immediate action needed]
verify if standby state is Ready and NSR-Ready
show proc cpu | exclude " 0%"
It's been a long standing ask for XR to support conditional route advertisements in BGP.
The expected option of using the
option in RPL currently can only be used at the default-inf...
On IOS-XR, Quality of Service has an extension to WRED (Weighted Random Early Detection) called Explicit Congestion Notification (ECN). ECN will mark packets instead of dropping them when the average queue length exceeds a specific threshold value. When c...