Solved: Re: Multiple "service-policy" on a single interface

gdelarosa · ‎10-11-2005

I have created a class-map, a policy-map and a service-policy on the interface gig0/0 to block msn-messenger.

I’m going to be creating more class-map’s, to block the other applications (peer-to peer programs, and some web pages) but I’m not sure how to configure them into the interface that I want…

Should I configure the new class-maps’s that I’m going to define into the same policy-map I already have defined?

Does a single interface support multiple service-policy’s commands?

Laters!

-Gabriel

attrgautam · ‎10-11-2005

You can have one input and one out put Service policy per interface. So the best thing is to define multiple class maps in the same policy

View solution in original post

attrgautam · ‎10-11-2005

You can have one input and one out put Service policy per interface. So the best thing is to define multiple class maps in the same policy

Vusal Aliyev · ‎11-05-2013

if I have multiple policy-maps with different types, what i have to do?

Will it work if I nest one policy-map into anoher type of policy-map?

Will it work if I nest one class-map into anoher type of class-map?

why router sends only one log and not repeatedly? for multiple ping router send only one syslog message

CCNP, CCNA Security

Joseph W. Doherty · ‎11-05-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Does a single interface support multiple service-policy’s commands?

Yes, two; an in and out policy.

Should I configure the new class-maps’s that I’m going to define into the same policy-map I already have defined?

Yes, you might. You might also define multiple match statements within the same class-map. Or, if a match statement is invoking an ACL, that ACL could have multiple statements. It all depends on what you're match requirements are.

Remember within the policy map, class maps are processed sequentially until a class is matched. Within a class map, match statements are also processed sequentially, but whether the process stops on an individual match statement depends on whether the class-map is using match-any or match-all.

Also keep in mind, depending on your platform, class map match statements might allow NBAR matching which can examine packets beyond just port numbers. For example, TCP port 80 is normally used by HTTP, but the port might be used for something else or HTTP might use a different port number. "Match protocol http", I believe, should look for HTTP statements within the packet, i.e. it should match (or not) regardless of the port being used.