Hi,
Am classifying traffic on Core 6500 for a customer A by Extended
access-list.access-list 101 permit 10.10.10.1 0.0.0.7 host
10.30.30.1 ,Subnet configured on DS switch facing to customer A. Am calling
this access-list in class-map for classification of traffic and am doing
policing for traffic at 4MBps,at egreess interface on core facing to ISP
router. The connection to ISP is back to back VRF.i have created a virtual
interface on core for each customer and a layer 2 trunk is connected to ISP
router.
When i do a extended ping vrf for customer B from DS with source IP of
access-list configured i dont see any hit counts on access-list.
Secnario:
A---DS----CORE---ISP/PE--P----PE---B
CORE Configs
The configs are on Core.
Extended IP access list 101
10 permit ip 10.10.10.0 0.0.0.7 host 10.30.30.1
CORE#sh class-map test
Class Map match-all test (id 1)
Match access-group 101
Class Map match-any class-default (id 0)
Match any
CORE #sh policy-map 4MB
Policy Map 4MB
Class test
police cir 4000000 bc 125000 be 125000
conform-action transmit
exceed-action transmit
violate-action drop
CORE #sh run int vlan X
Building configuration...
Current configuration : 202 bytes
!
interface Vlan X
description connected to ISP for A
ip vrf forwarding A
ip address 10.X.X.X 255.255.255.254
ip flow ingress
service-policy output 4MB
end
DIST#sh run int gig3/1
Building configuration...
Current configuration : 174 bytes
!
interface GigabitEthernet3/1
description Connected to link customer A
ip vrf forwarding A
ip address 10.10.10.1 255.255.255.248
Thanks
Blogs and organic groups at http://www.ccie.net
Received on Mon Oct 26 2009 - 14:41:00 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:51:00 ART