Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1645
Views
2
Helpful
21
Replies

policy-map drop

Go to solution
cesarvelandia51
Level 1
Level 1

‎11-27-2023 07:53 AM - last edited on ‎11-29-2023 09:57 AM by Community Manager

Hello, I have the configuration below on an old Router IOS 12.x and I want to migrate it to an IOS 17.x, but the

drop

action at the end is not accepted as a command on this IOS. I have seen that I can use the

police cir 8000 bc 1500 be 1500 conform-action drop exceed-action drop violate-action drop

command, but I am not sure if there is another way to do it or if this way will be working as expected and if the values I am using here are the right ones.

class-map match-all DROP
  match any
class-map match-all ISAKMP
  match protocol isakmp
class-map match-all IPSEC
  match protocol ipsec
...
!
policy-map NBAR2
  class ISAKMP
  class IPSEC
  class protocolos
  class DROP
    drop
!

 

Labels:
21 Replies 21

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to cesarvelandia51

‎11-27-2023 12:21 PM

read the above document which was suggested (any one read it ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎11-27-2023 03:06 PM - last edited on ‎11-29-2023 10:16 AM by Community Manager

"(any one read it ?)"

I did, and their example shows drop being used for a policy map class action.

Issue, though, command not present.

I asked about licensing of features because in the (distant) past I have seen some QoS features missing in some IOS feature sets.

BTW, I did use Cisco feature navigator, and did see feature differences per license for that platform and IOS train, but didn't notice one specific to a policy map class

drop

command.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to cesarvelandia51

‎11-27-2023 03:54 PM

It's lowest rate, so it won't fully accomplish your goals.

I assume you don't have a Cisco support contract?  They would be the best source to quickly explain why this command isn't present when documentation like @balaji.bandi's reference shows it being used.

0 Helpful

Go to solution
cesarvelandia51
Level 1
Level 1
In response to MHM Cisco World

‎11-28-2023 06:49 AM - edited ‎11-28-2023 06:50 AM

Hello, I tested this solution on my customer's Router and worked well. They tested some kind of things that they needed to drop and everything was ok. Thank you very much for your help!!!

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to cesarvelandia51

‎11-28-2023 07:25 AM

The "solution" does allow 8k not to be dropped?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to cesarvelandia51

‎11-28-2023 08:26 AM

Glad that was working - as asked is that working Cat8K ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
cesarvelandia51
Level 1
Level 1
In response to balaji.bandi

‎11-28-2023 08:38 AM

Yes, it is working on the CAT8K, if you want I can share the show version and show license as well.
My customer made a test with SSH and that connection was dropped as expected and the ISAKMP, IPSEC and other services were not affected.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card