Skip to main content
Network Engineering

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

9
  • Depending on your equipment, i only think you can have one match statement per class-map. Commented Apr 1, 2019 at 13:44
  • I seem to remember than within a class-map, it's match <protocol> XOR match access-group <someACL>. You can have multiple statements (else match-any wouldn't be very useful) of either but not both. On the other hand, nothing stops you from defining two class-maps (one matching on protocol, the other matching on ACL), and then making use of both in the policy map, applying the same set of actions to them. Commented Apr 1, 2019 at 13:53
  • 1
    Oh.. and a word of caution. Your example policy-map mixes two things I wouldn't do in the same PM. Marking traffic (set dscp 32) is typically something done on the ingress interface (service policy input ..) of a device, while applying something from the shaping/policing/queuing toolset (bandwidth percent 50) is meant for an egress interface of a device (service policy output ...). Many devices/Platforms won't even let you rewrite DSCP on the egress side. Commented Apr 1, 2019 at 14:02
  • @Cown I can match for DSCP and an ACL in the same class map (at least on a C3850 that is). You can only assign one ACL per class-map, though. Commented Apr 1, 2019 at 15:19
  • @Marc'netztier'Luethi I know about the policy-map at ingress, but I want to keep the configuration short. Thats why I try to catch everything (DSCP32 and protocol) with one class-map. Additionally, if i catch them in different class-maps, and assign bandwidth 25 to each of them, it is not the same as assigning bandwidth 50 to one class. Commented Apr 1, 2019 at 15:19