cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

XOS 15.3.1.4 - policy and meter question

XOS 15.3.1.4 - policy and meter question

Dawid_Chrzan
New Contributor
Hi,
i am wondering how to catch multiple vlan id's in one if.
Is it possible to do sth like -> ACL-P4-IN

entry POLICE-TEST {
if match any {
vlan-id 1007
vlan-id 1008;
}
then {
permit ;
meter p4-TEST;
}
}

Trying to apply i get
# configure access-list ACL-P4-IN ports 4Error: Policy ACL-P4-IN has syntax errors
Line 4 : Failed argument value vlan is invalid

Second question - if i have one meter called p4-TEST - and it has Committed Rate(Kbps) = 10000
and i use this meter in one entry (src address) and then in second entry (vlan id) of policy.

And lets suppose that traffic caught using src address is 7mbps . Does it mean that there is 3mbps left for traffic caught using vlan id. ?

Does multiple entries using common meter - share it ?
10 REPLIES 10

Sergio_Diaz
New Contributor
Hello Paul,

Thank you all for this informative thread.
I was also wondering if the configuration will use the same meter.
Have you been able to find out about this?

Kind regards,

Sergio

Paul_Russo
Extreme Employee
Hey David

Yep understand if there are two entries looking at the VLAN-ID will they use the same meter. That is what I posed internally to verify. I believe the answer will be yes as they are using the slice in the ACL. I will let you know when I hear the final answer.
P

Dawid_Chrzan
New Contributor
Hi Paul
i see now the point with single vlan-id used in "if". Thanks.

But im looking for answer if -> using two "if" statements with two vlan-id's and one meter - results with sharing this 10mbps over these 2 vlans ?

ps. Example with acls using source and vlan id was not so good.

Thanks...

Paul_Russo
Extreme Employee
Hello Dave

I believe the issues is that in the IF statement you have two VLAN-ID. Anything in the If section of the entry is considered an "and" statement so for this to match a packet would have to have both VLAN-IDs.

The best approach would break this into two entries one for each VLAN-ID.

As for your second statement the meter can be used over many entries. Meters are done on a per chip per slice so if there are different slices to the rule for example one looking at IP and one looking at L2 those should be different. I will check.

One thing to remember is that once traffic his an entry it exists the ACL so in your example when it hits src address it will never make it to VLAN-ID as it will exit the policy.

I hope that helps. I will check on the meter per slice and let you know

Thanks
P

Dawid_Chrzan
New Contributor
Hi Ron,
this is a mistake pasting to extremenetworks.com. Ofcourse there is ";"
and the error is
configure access-list ACL-P4-IN ports 4Error: Policy ACL-P4-IN has syntax errors
Line 4 : Attribute vlan-id already exists as a match statement in Acl entry POLICE-TEST.

GTM-P2G8KFN