The "vrf-also" at the end of access-class will allow you to telnet/ssh in or out sourcing the VRF configured on the router. In other words if you did not have vrf-also at the end of the statement you can only telnet/ssh to the stuff on the global routing table. vrf-also allows you to ssh/telnet to hosts in vrf such as "#telnet 172.22.251.20 /vrf YYY"
hope this helps.
... View more
Hi everyone, I'm working on building a Policing policy on our 6509-VSS (soon to be 6880-X VSS) because we are hosting a lot of customers environment and we want to throttle their bandwidth down, based on customers' SVI Below is just a "paper" config that I came up with while reading the Release Note for iOS 15-1SY on SUP2T. Can you let me know if this will work? Unfortunately for us, we do not have a test environment to test this config, so I have to ensure that this config is OK before starting to apply it. Also, for a Service Provider type, would you recommend Policing or Shaping? Router(config)# platform qos police distributed strict Router(config)#class-map Class_25Mbps Router(config-cmap)#match vlan 2245 !- assuming this is customer A Router(config-cmap)#match vlan 2246 !- this is customer B, who bought the same bandwidth Router(config-cmap)#end Router(config)#policy-map Policy_25Mbps Router(config-pmap)#class Class_25Mbps Router(config-pmap-c)#police aggregate Aggr_25Mbps Router(config-pmap-c)# police 25000000 pir 35000000 conform-action transmit exceed-action drop Router(config)#interface vlan 10 Router(config-if)#service-policy input Policy_25Mbps Router(config-if)#service-policy output Policy_25Mbps Router(config-if)#end
... View more