Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
0
Helpful
2
Replies

% match access-group is not allowed in class tietong on GigabitEthernet1/0

Go to solution
liuluht
Level 1
Level 1

‎11-19-2012 11:43 PM - edited ‎03-04-2019 06:11 PM

I used to apply the policy-map on interface POS 4/0 on CISCO 12008 。POS4/0 is a uplink interface 。But when I changed the policy-map to G1/0 .(interface  G1/0 is connect to MAN) ,I got a message  “% match access-group is not allowed in class tietong on GigabitEthernet1/0”

I want to konw in what condition does the message appear ?

Policy-Map limit-campus

    Class tietong

      police   8500000 265625 265625 conform-action transmit  exceed-action drop  

Class Map match-all  tietong (id 10)

   Match access-group 164

Extended IP access list 164

    permit ip any 210.45.192.0 0.0.15.255

    permit ip 210.45.192.0 0.0.15.255 any (1 match)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-20-2012 01:21 AM

Hello Liuluht@163.com,

with C12000 the features that are available are highly dependent on the type of linecard involved.

What type of linecard is in slot 1?

For example 3 GE engine2 linecards miss many edge features and are good for backbone links.

4GE engine3 linecards have much more features and can be used on edge.

The POS port may be part of a linecard with a different engine model, so this may explain what you see.

Hope to help

Giuseppe

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-20-2012 01:21 AM

Hello Liuluht@163.com,

with C12000 the features that are available are highly dependent on the type of linecard involved.

What type of linecard is in slot 1?

For example 3 GE engine2 linecards miss many edge features and are good for backbone links.

4GE engine3 linecards have much more features and can be used on edge.

The POS port may be part of a linecard with a different engine model, so this may explain what you see.

Hope to help

Giuseppe

0 Helpful

Go to solution
ajstadlin
Level 1
Level 1

‎11-20-2012 02:09 PM

I was not able to get "ip access-list extended" to work with class-maps in IOS 15.1(4)M4.  You may get around that issue by using the access-list numbering instead of names like "ip access-list extended myacl164"

As a work  around, I used the following for something like you want to do:

access-list 2164 permit ip any 210.45.192.0 0.0.15.255

access-list 2164 permit ip 210.45.192.0 0.0.15.255 any

class-map match-all tietong

match access-group 2164

exit

If you type "access-list ?" at the IOS command prompt, it will tell you the extended access-list number ranges.  The extended range for extended access-lists is 2000-2699.  For class-map match access-group statements, I am not able to use "ip access-list" names; so I just use "access-list" numbers for class-maps.  Named access lists would be great to use in class-maps when the feature is implemented there.  After all, it works in my route-maps.

REVISED

Nov 27, 2012:   I found an example for using the named access-list in class-maps in a Cisco ZBF Configuration Example document.  I haven't tested it, but it probably will work.  For example:

class-map match-all tietong

match access-group name myacl164

exit

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card