The class-map effectively applies the acl to the port and drops the not permitted traffic.
Lets say we want to apply a policy to a 1 host with ip 192.168.1.1
To reproduce the bug, use the following config:
----------
conf
ip access-list test
permit any 192.168.1.1 0.0.0.0 any
exit
class-map cl-test
match access-group test
exit
policy-map map-test
class cl-test
police 1000 10000 exceed-action drop
exit
exit
int e e13
service-policy input map-test
----------
The result is: all traffic except the 192.168.1.1 host is dropped on e13 port.
The expected result is: host 192.168.1.1 is policed, all other traffic is passed without
any change.
Switch software:
console# show ver
SW version 1.0.2 ( date 18-Nov-2008 time 12:38:16 )
Boot version 1.0.2 ( date 13-Nov-2007 time 14:11:51 )
Roman