% match access-group is not allowed in class tietong on GigabitEthernet1/0
I used to apply the policy-map on interface POS 4/0 on CISCO 12008 。POS4/0 is a uplink interface 。But when I changed the policy-map to G1/0 .(interface G1/0 is connect to MAN) ，I got a message “% match access-group is not allowed in class tietong on GigabitEthernet1/0”
I want to konw in what condition does the message appear ？
police 8500000 265625 265625 conform-action transmit exceed-action drop
I was not able to get "ip access-list extended" to work with class-maps in IOS 15.1(4)M4. You may get around that issue by using the access-list numbering instead of names like "ip access-list extended myacl164"
As a work around, I used the following for something like you want to do:
access-list 2164 permit ip any 126.96.36.199 0.0.15.255
access-list 2164 permit ip 188.8.131.52 0.0.15.255 any
class-map match-all tietong
match access-group 2164
If you type "access-list ?" at the IOS command prompt, it will tell you the extended access-list number ranges. The extended range for extended access-lists is 2000-2699. For class-map match access-group statements, I am not able to use "ip access-list" names; so I just use "access-list" numbers for class-maps. Named access lists would be great to use in class-maps when the feature is implemented there. After all, it works in my route-maps.
Nov 27, 2012: I found an example for using the named access-list in class-maps in a Cisco ZBF Configuration Example document. I haven't tested it, but it probably will work. For example:
The following documents are reviewed on the Ask The Experts Session titled: Use Case Overview and Planning: Cisco DNA Center Project Planning.
Here you can find editable versions of the
Solution Requirements Document UCOP_CiscoDNACenterProjectPlann...
If so, we’d like to speak with you to understand you and your team’s process on how you monitor and troubleshoot network traffic.
We ask that you complete our brief survey: https://ciscoux.az1.qualtrics.com/jfe/form/SV_d4LYJ5oWqWj9CCy Based on your ...
Listen: https://smarturl.it/CCRS8E38 Follow us: twitter.com/CiscoChampionAdding learning capabilities to the internet will increase the overall network SLO and application experience. Real data driven experiments have shown that such an approach...
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...