Hi Everyone, Hardware: cisco ASR1002-X (2RU-X) processor (revision 2KP) with 1066632K/6147K bytes of memory. Cisco IOS XE Software, Version 03.16.04a.S - Extended Support Release Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4a, RELEASE SOFTWARE (fc1)
10G interface: interface TenGigabitEthernet0/3/0 description "10G Uplink" no ip address service-policy input bwlimit service-policy output bwlimit service instance 1 ethernet encapsulation dot1q 301 bridge-domain 301 ! Policy map: policy-map bwlimit description "Policy for BW limit" class fuckup police cir 8000 class fuckup-5mbps police cir 5000000 class fuckup-1mbps police cir 1000000 class class-default police cir 9000000000 bc 200000000 ! end Classes: class-map match-all fuckup description "ClassMap for BW limit (0 mbps)" match access-group name BWLIMIT class-map match-all fuckup-5mbps description "ClassMap for BW limit (5 mbps) match access-group name BWLIMIT_5MBPS class-map match-all fuckup-1mbps description "ClassMap for BW limit (1 mbps) match access-group name BWLIMIT_1MBPS Access Lists: ip access-list extended BWLIMIT permit ip any host x.x.x.x ip access-list extended BWLIMIT_1MBPS permit ip any host y.y.y.y ip access-list extended BWLIMIT_5MBPS permit ip any host z.z.z.z So, this is my current configuration for cap bandwidth, when i add IP like "x.x.x.x" into access list cisco cap this IP. My question is: How i can manage ACL's remotely, i need dynamicly add/remove ips from list, for example customer pay for 5mb/s i need move his ip to 5MBS list. This is TPIA service, so i don't see any MAC's and i have just once interface with ALL customers (around 3k users there). I already have quagga peered with my cisco for turn off customers who 'non pay' for example, i just announce from quagga needed ips, then route them to Null0, or nullroute yet. I want find some way like this for put needed ips into needed access-lists. I can announce from quagga ips with needed BGP community (for example) but can't find how to match community in my access-lists or policy lists, looks like this work only for route-maps. I need something like this: class-map match-all fuckup description "ClassMap for BW limit (0 mbps)" match community AS:NN Or maybe someone know any other way, any opinions are welcome. Thank you guys! -- С уважением, Sheremet mailto:[email protected] _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
