From: maureen schaar (maureen.schaar@gmail.com)
Date: Mon Apr 23 2007 - 04:23:34 ART
Even if we match on the incoming mac-address, I don't think locally
generated router traffic will be filtered (but maybe this is no
requirement of your question). Try pinging to one subinterface while
sourcing the ping from the other.
Maureen
On 4/22/07, Leo Lin <linyileo@gmail.com> wrote:
> It look strange, you want match packet incoming the interface, and now it
> match, it pass through the interface and arrive the process, the process
> handle it finally. But how come it go out the interface?? So, you suspect
> detecting incoming traffic and apply outgoing policy will not work, I think.
>
> Best regards,
>
> Leo
>
> -----SJ<~T-<~-----
> 7"<~HK: nobody@groupstudy.com [mailto:nobody@groupstudy.com] 4z1m Sydney
> Hawke
> 7"KMJ1<d: 2007Dj4TB22HU 3:02
> JU<~HK: Maxim Kurushkin; ccielab@groupstudy.com
> VwLb: Re: QoS and the match input-interface
>
> Hi,
>
> Thanks but the point is to match on the physical interface as that will
> detect any incoming traffic and then use it as an outgoing policy per
> subinterface as that is possible.
>
> The question remains if you can use the FastEthernet interface to match on
> incoming and then use it per subinterface as an outgoing policy?
>
> Best Regards,
>
> Sydney
>
>
>
> ----- Original Message ----
> From: Maxim Kurushkin <m.kurushkin@orange-ftgroup.ru>
> To: Sydney Hawke <sydneyhawke@yahoo.com>
> Sent: Sunday, April 22, 2007 11:15:07 AM
> Subject: Re: QoS and the match input-interface
>
>
> You can't match Ethernet sub-interfaces with command "input-interface" !!!
> When you write "match input-interface FastEthernet0/1.3", router puts
> FA0/1 "match input-interface FastEthernet0/1", not FA 0/1.3 in config!!!
> Try to use another methods - like ACL or etc...
>
>
> WBR,
> Maxim
>
>
> Sydney Hawke wrote:
> > Hi All,
> >
> > I am testing a QoS solution with one physical interface that have two
> subinterfaces configured to connect to two routers.
> >
> > The goal is to match on the interface and then prevent them from being
> able to communicate with each other ie this router will not act as a transit
> router under no circumastances.
> >
> > Config in ROUTER1:
> >
> > class-map match-all FROM_ROUTER3
> > match input-interface FastEthernet0/1
> > class-map match-all FROM_ROUTER2
> > match input-interface FastEthernet0/1
> > !
> > policy-map TO_ROUTER2
> > class FROM_ROUTER3
> > drop
> > policy-map TO_ROUTER3
> > class FROM_ROUTER2
> > drop
> > interface FastEthernet0/1.3
> > service-policy output TO_ROUTER3
> > interface FastEthernet0/1.2
> > service-policy output TO_ROUTER2
> >
> >
> > I have not been able to get this to work because I can still ping between
> ROUTER2 and ROUTER3 and perhaps this is not a workable solution, can anyone
> help me to understand if this should work or perhaps you cannot match on an
> interface and then use it as an outgoing policy?
> >
> > It works if I put it on another interface on the router ie two separate
> interfaces.
> >
> > Best Regards,
> >
> > Sydney
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:37 ART