03-29-2025, 12:34 PM
(This post was last modified: 03-29-2025, 12:47 PM by yardbyrd.
Edit Reason: forgot something
)
In the initial configuration both class-maps are calling the same access-list. Thus with first in/first out rule all traffic matching acl 100 is policed by CM_ROUTING at 1Mbps and traffic matching acl 100 never gets to see Class-map CM-MGMT. We need to delete acl 100 and recreate with just the BGP and OSPF lines. We also need to create acl 101 to permit Telnet and SSH
Afterwards, we need to remove the "match access-group 100" from class-map CM-MGMT and add "match access-group 101"
Now class-map CM-MGMT is policing telnet and ssh at 500 kbps while CM-ROUTING is only policing BGP and OSPF at 1Mbps.
You also need to change the service policy from "output" to "input".
Thank you for your consideration,
yardbyrd
Afterwards, we need to remove the "match access-group 100" from class-map CM-MGMT and add "match access-group 101"
Now class-map CM-MGMT is policing telnet and ssh at 500 kbps while CM-ROUTING is only policing BGP and OSPF at 1Mbps.
You also need to change the service policy from "output" to "input".
Thank you for your consideration,
yardbyrd