From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Sun Apr 22 2007 - 12:59:17 ART
You should be able to match on the source mac-address. Look at
the "show arp" output of ROUTER1 and find the MAC addresses of ROUTER2
and ROUTER3. Then in your policy say:
class-map match-all FROM_ROUTER2
match source-address mac 2222.2222.2222
!
class-map match-all FROM_ROUTER3
match source-address mac 3333.3333.3333
!
policy-map TO_R2_AND_R3
class FROM_ROUTER2
drop
class FROM_ROUTER3
drop
!
interface FastEthernet0/1
service-policy output TO_R2_AND_R3
If the router doesn't retain the MAC info as it comes in and
goes back out you can match traffic from ROUTER2 and ROUTER3 and then
set them in a locally significant QoS-group. Then outbound match the
QoS-group and it will represent traffic from that MAC address.
HTH,
Brian McGahan, CCIE #8593 (R&S/SP)
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sydney Hawke
Sent: Sunday, April 22, 2007 3:02 AM
To: Maxim Kurushkin; ccielab@groupstudy.com
Subject: Re: QoS and the match input-interface
Hi,
Thanks but the point is to match on the physical interface as that will
detect any incoming traffic and then use it as an outgoing policy per
subinterface as that is possible.
The question remains if you can use the FastEthernet interface to match
on incoming and then use it per subinterface as an outgoing policy?
Best Regards,
Sydney
----- Original Message ----
From: Maxim Kurushkin <m.kurushkin@orange-ftgroup.ru>
To: Sydney Hawke <sydneyhawke@yahoo.com>
Sent: Sunday, April 22, 2007 11:15:07 AM
Subject: Re: QoS and the match input-interface
You can't match Ethernet sub-interfaces with command "input-interface"
!!!
When you write "match input-interface FastEthernet0/1.3", router puts
FA0/1 "match input-interface FastEthernet0/1", not FA 0/1.3 in config!!!
Try to use another methods - like ACL or etc...
WBR,
Maxim
Sydney Hawke wrote:
> Hi All,
>
> I am testing a QoS solution with one physical interface that have two
subinterfaces configured to connect to two routers.
>
> The goal is to match on the interface and then prevent them from being
able to communicate with each other ie this router will not act as a
transit router under no circumastances.
>
> Config in ROUTER1:
>
> class-map match-all FROM_ROUTER3
> match input-interface FastEthernet0/1
> class-map match-all FROM_ROUTER2
> match input-interface FastEthernet0/1
> !
> policy-map TO_ROUTER2
> class FROM_ROUTER3
> drop
> policy-map TO_ROUTER3
> class FROM_ROUTER2
> drop
> interface FastEthernet0/1.3
> service-policy output TO_ROUTER3
> interface FastEthernet0/1.2
> service-policy output TO_ROUTER2
>
>
> I have not been able to get this to work because I can still ping
between ROUTER2 and ROUTER3 and perhaps this is not a workable solution,
can anyone help me to understand if this should work or perhaps you
cannot match on an interface and then use it as an outgoing policy?
>
> It works if I put it on another interface on the router ie two
separate interfaces.
>
> Best Regards,
>
> Sydney
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
>
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:36 ART