RE: Policing on 3550 switch

From: Ahmed Ossama (ahmed_ossama@rayatelecom.net)
Date: Wed Sep 14 2005 - 18:49:23 GMT-3

yep,
I can see that also it is not support in egress of the interface ? , so could this task be accomplished or it will be impossible to do it,
 
thanks

        -----Original Message-----
        From: Jens Petter Eikeland [mailto:jenseike@start.no]
        Sent: X'YX'X1X(X9X'X! 14/09/2005 09:49 Y
        To: Ahmed Ossama; ccielab@groupstudy.com
        Cc:
        Subject: SV: Policing on 3550 switch
        
        

        Hi ,
        
        Policer can only be configured on physical interfaces and not SVI interfaces
        
        Jens Petter Eikeland
        
        -----Opprinnelig melding-----
        Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] PC% vegne av Ahmed
        Ossama
        Sendt: 14. september 2005 22:27
        Til: ccielab@groupstudy.com
        Emne: Policing on 3550 switch
        
                Dear All,
                is there is any way to police icmp traffic on a switch out of
        certain interface or ingress on a vlan ?
                if I had a server that launch icmp attack and I want to limit it on
        vlan x , I didnt know the location of the server but I know the output
        interface of the vlan. so there is two possible solution, police the traffic
        out the interface or policy it ingress to the vlan.
                
                as far as I know that we cant apply policing on SVIs or on the
        egress of the interface. also I tried to configure it and also gives me an
        error as shown below :
                
                Switch(config-if)#service-policy out testi
                Switch(config-if)#
                2d23h: %QM-4-CLASS_NOT_SUPPORTED: Classification is not supported in
        classmap testi
                2d23h: %QM-4-CLASS_NOT_SUPPORTED: Classification is not supported in
        classmap testi
                Switch(config-if)#
                Switch(config-if)#
                
                also in interface vlan
                
                Switch(config-if)#service-policy out testi
                Switch(config-if)#
                2d23h: %QM-4-CLASS_NOT_SUPPORTED: Classification is not supported in
        classmap testi
                2d23h: %QM-4-CLASS_NOT_SUPPORTED: Classification is not supported in
        classmap testi
                Switch(config-if)#
                
                I configure the policy map as mentioned below
                
                
                Switch#show policy-map testi
                 Policy Map testi
                  class testi
                   police 8000 8000 exceed-action drop
                Switch#show cl
                Switch#show cla
                Switch#show class-map testi
                 Class Map match-all testi (id 4)
                   Match access-group 101
                !
                Switch#show access-lists 101
                Extended IP access list 101
                    permit icmp any any
                !
                
                Switch(config-if)#service-policy out testi
                Switch(config-if)#
                2d23h: %QM-4-CLASS_NOT_SUPPORTED: Classification is not supported in
        classmap testi
                2d23h: %QM-4-CLASS_NOT_SUPPORTED: Classification is not supported in
        classmap testi
                Switch(config-if)#
                Switch(config-if)#
                
                
                Thanks in advance,
        
        _______________________________________________________________________
        Subscription information may be found at:
        http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3