IP Address Parameterization is a type of Action Parameterization service template in which classifiers may be dynamically
modified by adding more entries to ACLs. The entries to be added in an ACL are a list of IP addresses in a shell variable.
If you deactivate a template service, the system restores the previously active QoS policy. The QoS policy name may be different
but is structurally and functionally identical to the QoS policy active before the template service was activated.
Note
|
Classes must be predefined; they are not dynamically created.
|
OUT QoS policy active on the session:
policy-map output_parent
class class-default
shape average 10000000
service-policy output_child
policy-map output_child
class class-default
IN QoS policy active on the session:
policy-map input_parent
class class-default
police 10000000
service-policy input_child
policy-map input_child
class-default
! Base ACLs:
ip access-list extended IPOne-control-acl ! Base ACL locally pre-configured
permit ip any host 10.0.132.118
permit ip host 10.0.132.118 any
permit ip any host 10.1.245.122
permit ip host 10.1.245.122 any
ip access-list extended IPOne-combined-acl ! Base ACL pre-configured
permit ip any 10.0.132.0 0.0.0.127
permit ip 10.0.132.0 0.0.0.127 any
permit ip any 10.1.245.64 0.0.0.63
permit ip 10.1.245.64 0.0.0.63 any
! Base class-maps:
class-map match-any voice-control ! Base class map pre-configured
match access-list name IPOne-control-acl ! Match on the base ACL
class-map match-any voice ! base class-map pre-configured
match access-list name IPOne-combined-acl ! Match on the base ACL
! Service template:
shell map voice-toi prec_value=3 police_rate=100000 ip_list=10.2.1.0/28,10.2.1.0/29 in_h=class-default out_h=class-default
{
configure terminal
! Class-map templates:
classmap-template voice-control $ip_list
classmap-template voice $ip_list
! Service parameter templates:
policy-map $_outgoing
class voice-control-$ip_list ! class names MUST end with -$ip_list
police 112000 1000 0 conform-action transmit exceed-action drop violate-action drop
queue-limit 16 packets
set precedence 6
aaa-accounting group IPOne-aol
class voice-$ip_list
police $police_rate 60625 0 conform-action transmit exceed-action drop violate-action drop
priority level 1
queue-limit 8 packets
set precedence $prec_value
aaa-accounting group IPOne-aol
policy-map $_incoming
class voice-control-$ip_list
police 112000 21000 0 conform-action transmit exceed-action transmit violate-action drop
set precedence 7
aaa-accounting group IPOne-aol
class voice-$ip_list
police 200000 9216 0 conform-action transmit exceed-action transmit violate-action drop
set precedence $prec_value
aaa-accounting group IPOne-aol
After you activate voice-toi(ip_list=10.1.30.0/28,10.1.40.0/29) on the target session, this is the active OUT QoS policy
:
policy-map output_parent$class-default$ voice-toi>ip_list=10.1.30.0/28,10.1.40.0/29<_OUT$class-default
class class-default
shape average 10000000
service-policy output_child$voice-toi>ip_list=10.1.30.0/28,10.1.40.0/29<_OUT$class-default
policy-map output_child$voice-toi>ip_list=10.1.30.0/28,10.1.40.0/29<_OUT$class-default
class voice-control-10.1.30.0/28,10.1.40.0/29
police 112000 1000 0 conform-action transmit exceed-action drop violate-action drop
queue-limit 16 packets
set precedence 6
aaa-accounting group IPOne-aol
class voice-10.1.30.0/28,10.1.40.0/29
police 100000 60625 0 conform-action transmit exceed-action drop violate-action drop
priority level 1
queue-limit 8 packets
set precedence 3
aaa-accounting group IPOne-aol
class class-default
After you activate voice-toi(ip_list=10.1.30.0/28,10.1.40.0/29) on the target session, this is the active IN QoS policy :
policy-map input_parent$class-default$voice-toi>ip_list=10.1.30.0/28,10.1.40.0/29<_IN$class-default
class class-default
police cir 10000000 bc 312500 conform-action transmit exceed-action drop
service-policy input_child$voice-toi>ip_list=10.1.30.0/28,10.1.40.0/29<_IN$class-default
policy-map input_child$voice-toi>ip_list=10.1.30.0/28,10.1.40.0/29<_IN$class-default
class voice-control-10.1.30.0/28,10.1.40.0/29
police 112000 21000 0 conform-action transmit exceed-action transmit violate-action drop
set precedence 7
aaa-accounting group IPOne-aol
class voice-10.1.30.0/28,10.1.40.0/29
police 200000 9216 0 conform-action transmit exceed-action transmit violate-action drop
set precedence 3
aaa-accounting group IPOne-aol
class-default
Note
|
The following configurations are dynamically created.
|
! Internally created ACLs:
ip access-list extended IPOne-control-acl-10.1.30.0/28,10.1.40.0/29
permit ip any host 10.0.132.118
permit ip host 10.0.132.118 any
permit ip any host 10.1.245.122
permit ip host 10.1.245.122 any
permit ip 10.1.30.0 0.0.0.15 any ! ACEs derived from $ip_list
permit ip any 10.1.30.0 0.0.0.15
permit ip 10.1.40.0 0.0.0.7 any
permit ip any 10.1.40.0 0.0.0.7
ip access-list extended IPOne-combined-acl-10.1.30.0/28,10.1.40.0/29
permit ip any 10.0.132.0 0.0.0.127
permit ip 10.0.132.0 0.0.0.127 any
permit ip any 10.1.245.64 0.0.0.63
permit ip 10.1.245.64 0.0.0.63 any
permit ip 10.1.30.0 0.0.0.15 any ! ACEs derived from $ip_list
permit ip any 10.1.30.0 0.0.0.15
permit ip 10.1.40.0 0.0.0.7 any
permit ip any 0.0.0.7 10.1.40.0
! internally created class-maps:
class-map match-any voice-control-10.1.30.0/28,10.1.40.0/29
match access-group name IPOne-control-acl-10.1.30.0/28,10.1.40.0/29
class-map match-any voice-10.1.30.0/28,10.1.40.0/29
match access-group name IPOne-combined-acl-10.1.30.0/28,10.1.40.0/29