Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
739
Views
5
Helpful
3
Replies

Urgent query for Aggregate-Policer on c7600

Go to solution
zhiyyao
Cisco Employee
Cisco Employee

‎11-10-2020 02:38 AM - edited ‎11-10-2020 05:19 PM

Hi,

I would like to add 129.20.199.0/24 and 130.20.199.0/24 to the policer in the aggregate-policer ap-lala-d on c7600 that i have set now.
After consulting the documentation, I found the following three solutions. Please help me to see if it is feasible and are there any concerns?

 

■ Current settings
--------------
ip access-list extended smart-lala-src
permit ip 58.191.129.0 0.0.0.255 any

class-map match-any cmap-smart-lala-10g-d
match access-group name smart-lala-src

mls qos aggregate-policer ap-lala-d 134224000 16778000 16778000
conform-action transmit exceed-action drop
mls qos aggregate-policer ap-d 2550136000 31250000 31250000
conform-action transmit exceed-action drop

policy-map smartphone-vlan-d
class cmap-smart-lala-10g-d
police aggregate ap-lala-d
class class-default
police aggregate ap-d

interface Vlan100
service-policy input smartphone-vlan-d
--------------


■ Setting plan
1. Add to class-map
⇒ There was a description that the previous one was overwritten by the last match command.
If the contents are not duplicated, will it work as expected?
--------------
ip access-list extended mgmt-dst
permit ip any 129.20.199.0 0.0.0.255
permit ip any 130.20.199.0 0.0.0.255

class-map match-any cmap-smart-lala-10g-d
match access-group name mgmt-dst
match access-group name smart-lala-src
--------------


2. Add to policy-map
⇒ Will the policy move in order from the top of the policy-map, and will the bandwidth of police aggregate ap-lala-d be consumed in order from the top?
--------------
ip access-list extended mgmt-dst
permit ip any 129.20.199.0 0.0.0.255
permit ip any 130.20.199.0 0.0.0.255

class-map match-any cmap-mgmt-10g-d
match access-group name mgmt-dst

policy-map smartphone-vlan-d
class cmap-mgmt-10g-d
police aggregate ap-lala-d
class cmap-smart-lala-10g-d
police aggregate ap-lala-d
class class-default
police aggregate ap-d
--------------

 

3.Add to ACL
⇒ Is the following acl feasible?
--------------
ip access-list extended smart-lala-src
permit ip 58.191.129.0 0.0.0.255 any
permit ip any 129.20.199.0 0.0.0.255
permit ip any 130.20.199.0 0.0.0.255
--------------


Hope to get your support.
Best regards,
Zhiyang

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to zhiyyao

‎11-10-2020 03:43 AM

Hello,

 

2 would work, too, it will be processed top down, as you said.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Georg Pauwen
VIP
VIP

‎11-10-2020 03:25 AM

Hello,

 

#3 is the fastest and easiest way to accomplish this. Just add the two new networks to the existing access list. By doing that, you don't need to change anything else.

 

ip access-list extended smart-lala-src
permit ip 58.191.129.0 0.0.0.255 any
permit ip any 129.20.199.0 0.0.0.255
permit ip any 130.20.199.0 0.0.0.255

0 Helpful

Go to solution
zhiyyao
Cisco Employee
Cisco Employee
In response to Georg Pauwen

‎11-10-2020 03:29 AM

Hi

 

Thank you, my friend.

So the best way here should the plan 3, right?

 

And about plan 2, do you know about this question?

=>Will the policy move in order from the top of the policy-map, and will the bandwidth of police aggregate ap-lala-d be consumed in order from the top?

 

Thanks,

Zhiyang

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to zhiyyao

‎11-10-2020 03:43 AM

Hello,

 

2 would work, too, it will be processed top down, as you said.

0 Helpful
Customers Also Viewed These Support Documents