04-10-2013 08:03 AM - edited 03-04-2019 07:33 PM
i´m not able to test at the moment.
what does this command do
policy-map TEST
class TEST
set ip dscp ef
class-map match-all TEST
match access-group name TEST
ip access-list extended TEST
the ACL doesn´t have an entry. does the ACL hit every traffic meaning that every traffic is marked with EF? or isn´t there any hit at all?
04-10-2013 09:07 AM
Hi,
I believe if packet does not match to any defined class in policy-map it will match to class-default. In your situation it means that packets will not match to class TEST because there is no ACL configured and as result will not be marked with EF.
Hope it will help.
Best regards,
Abzal
04-10-2013 11:12 PM
hi,
but an ACL is configured. the only point is that this ACL is empty
04-10-2013 11:46 PM
Hello, I believe if an ACL has no entries, it's followed by the implicit deny, therefor none of the packets will be classed.
If you had a permit any any, this will class all packets and will be treated accordingly to the policy set.
Hope this helps
Sent from Cisco Technical Support iPhone App
04-10-2013 11:49 PM
this is not always true: having a route-map with an ACL which is empty allows everything.
04-11-2013 12:02 AM
My apologies, you are correct, at least 1 entry needs to be applied before implicit deny.
Tested on an interface and allowed all packets, however this won't work in the class-map since there is an undefined ACL with no entries to match packets with.
Sent from Cisco Technical Support iPhone App
04-11-2013 12:00 AM
Hi Heinz,
I believe that this also true for empty ACL configured under class-map. Actually I've tested it on a lab and I saw that all packets didn't match to above class. If your routers connected directly you can test by yourself just put on the interface connected to the above router policy-map:
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html#wp1036808
http://ieoc.com/forums/p/16348/135645.aspx
policy-map TEST
class TEST
set ip dscp ef
class-map match-all TEST
match ip dscp ef
Then verify:
sh service-policy interface x
Hope it will help.
Best regards,
Abzal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide