cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
690
Views
0
Helpful
2
Replies

Question about ACL building for QoS or Policing

parisdooz12
Level 1
Level 1

Hi,

I would like to apply policing on a C3750 interface, for all trafic matching 10.0.0.0 / 8, except for subnet 10.0.0.0 / 24.

I plan to apply the following configuration, with an ACL that denies 10.0.0.0 / 24 then accept 10.0.0.0 / 8.

I quite sure of the answer but need a confirmation about the following configuration correct ? (10.0.0.0 / 24 will be not blocked, and no policing will be apply on it?)

ip access-list extended TEST

deny tcp 10.0.0.0 0.0.0.255 any eq 5000

permit tcp any 10.0.0.0 0.255.255.255 any eq 5000

!

class-map TEST

match access-group name TEST

!

policy-map TEST

class TEST

police 100000

!

interface f0/1

service-policy input TEST

Thanks by advance

P.

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Paris,

your understanding is correct

10.0.0.0/24 will not be blocked (because the ACL is not applied at interface level)  and will not be policed because it is not part of traffic class TEST

Hope to help

Giuseppe

View solution in original post

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Paris,

your understanding is correct

10.0.0.0/24 will not be blocked (because the ACL is not applied at interface level)  and will not be policed because it is not part of traffic class TEST

Hope to help

Giuseppe

Hi Giuseppe.

ok, thanks

P

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco