Just to clarify things a little more, if traffic is below the cir, the packets are allowed. If the packets are below the cir+burst, it is considered to conform. If it exceeds the cir + burst, then it is classified as exceed. So even if you have conform-action drop, it will only drop if exceeding the cir, and the burst rate will have no effect. Hope that helps
_____ From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Thursday, September 03, 2009 4:02 AM To: Dnyaneshwar Gore Cc: [email protected] Subject: Re: [OSL | CCIE_Security] ASA, Ver 8.0, QoS - Police query Hi D.M.Gore If the traffic is within the committed information rate (CIR), then the action configured for "conform-action" is taken and if it exceeds, the action configured for "exceed-action" is performed. The actions are transmit and drop. Burst is to buffer the traffic spikes. Lets consider the following configuration class-map test match any policy-map test class test police input 9000 1200 conform-action transmit exceed-action drop The traffic maximum limit is 10200 bytes, if it is below 10200 the traffic transmitted else dropped. With regards Kings On Thu, Sep 3, 2009 at 12:36 PM, Dnyaneshwar Gore <[email protected]> wrote: Hi ALL, I am not able to understand the difference between following commands: 1. police {inbound | outbound} CIR [Burst] 2. police {inbound | outbound} CIR [Burst] conform-action drop exceed-action drop 3. police {inbound | outbound} CIR [Burst] conform-action transmit exceed-action transmit I tested these commands in lab and found output same for all. I think conform-action and exceed-action does not work even if they are specified. Request your opinion. Regards, D.M.Gore _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
