In the last few days I have been trying to create two ACLs (QoS Policies), the first must limit the bandwidth of the traffic sent/received by VLAN and the second control the source IP of the received traffic (block all incoming traffic with source IP that has not been statically assigned to the client). The separate rules work perfectly, the issue is when I make them work together, some of them just don't work as they should.
I ask you, what am I doing wrong?
Code: Select all
interface 1/1/3 alias "TestClient"
service access port 1/1/3
service 11 sap port 1/1/3:111
! ACL-IP
policy network group AllClients_gIP 192.168.100.0/24 192.168.200.0/24
policy network group TestClient_gIP 192.168.100.10 192.168.100.11 192.168.100.12 192.168.100.13
policy condition TestClient_cTF source port 1/1/3 source vlan 111 source network group TestClient_gIP
policy condition TestClient_cTB source port 1/1/3 source vlan 111 source network group AllClients_gIP
policy action Traffic_Deny disposition deny
policy action Traffic_Accept
policy rule TestClient_rTF condition TestClient_cTF action Traffic_Accept precedence 500
policy rule TestClient_rTB condition TestClient_cTB action Traffic_Deny precedence 400
! ACL-BW
policy condition TestClient_cBWd destination port 1/1/3 source vlan 111
policy condition TestClient_cBWu source port 1/1/3 source vlan 111
policy action TestClient_BWd cir 50M
policy action TestClient_BWu cir 50M
policy rule TestClient_rBWd condition TestClient_cBWd action TestClient_BWd precedence 200
policy rule TestClient_rBWu condition TestClient_cBWu action TestClient_BWu precedence 100
qos apply
port-security sap port 1/1/3:111 maximum 16
I have tried to change the precedence of the rules, but in all the tests some of them do not work as they should.
Thank you very much,
Javier.