That is odd I have previously used the mac addresss method on the 2960. Have you tried a differnt code rev?
Mack ----- Original Message ----- From: Vincent C Jones [mailto:[email protected]] Sent: Thursday, December 22, 2011 07:07 AM To: Mack McBride Cc: cisco-nsp <[email protected]> Subject: RE: [c-nsp] Switch support for IPv6 policing FWIW, while using "class-default" or a MAC filter would be logical ways to avoid IPv4 dependencies, neither seems to work, although both could be applied to an interface. This is unlike class-maps which reference IPv6 ACLs, which are accepted without errors, along with policy maps which reference them, but any service-policy statement on the interface is silently ignored and never shows up in the configuration. Test results: class-default throttles IPv4 but not IPv6. ANY-MAC does not throttle IPv4 or IPv6. cisco WS-C2960-24TT-L (PowerPC405) processor (revision D0) with 65536K bytes of memory. Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1) So I repeat the question... what is the cheapest Cisco switch with gig uplinks which supports IPv6 ingress filtering and policing, or, lacking a definitive answer, is there a feature to check for in the software advisor or other publicly available resource that reflects this critical functionality? Vince On Wed, 2011-12-21 at 14:01 -0800, Mack McBride wrote: > Use a mac access-list or class-default > > mac access-list extended ALL > permit any any > class-map match-all ANY-MAC > match access-group name MAC > policy-map 10M > class ANY-MAC > police 10000000 1000000 exceed-action drop > > or > > policy-map 10M > class class-default > police 10000000 1000000 exceed-action drop > > LR Mack McBride > Network Architect > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Vincent C Jones > Sent: Tuesday, December 20, 2011 6:28 PM > To: cisco-nsp > Subject: [c-nsp] Switch support for IPv6 policing > > Arrgh. Currently filtering and policing user traffic on Cisco 2960 switches > and discovered the hard way that the ingress policy ONLY applies itself to > IPv4 packets and only IPv4 access-groups can be applied to an interface. What > Cisco switches do I have to upgrade to in order to filter and police ALL > customer traffic and not just IPv4 traffic? > > Vince > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
