我有路由器 Cisco ASR 903 ( IOS XE V3.18 )

  ip access-list extended ip-google-traffic
 permit ip 8.8.4.0 0.0.0.255 any
 permit ip 8.8.8.0 0.0.0.255 any
 permit ip 8.34.208.0 0.0.15.255 any
 permit ip 8.35.192.0 0.0.15.255 any
 permit ip 23.236.48.0 0.0.15.255 any
 permit ip 23.251.128.0 0.0.31.255 any
 permit ip 35.184.0.0 0.7.255.255 any
 permit ip 35.192.0.0 0.7.255.255 any
 permit ip 35.200.0.0 0.3.255.255 any
 permit ip 35.204.0.0 0.1.255.255 any
 permit ip 35.224.0.0 0.15.255.255 any
 permit ip 35.240.0.0 0.7.255.255 any
 permit ip 64.9.224.0 0.0.1.255 any
 permit ip 64.9.228.0 0.0.1.255 any
 permit ip 64.15.112.0 0.0.15.255 any
 permit ip 64.233.160.0 0.0.31.255 any
 permit ip 66.102.0.0 0.0.15.255 any
 permit ip 66.249.64.0 0.0.31.255 any

** 我将 vlan 2528 上的所有流量与 ACL IP-GOOGLE-TRAFFIC 匹配

 class-map match-all google
 match access-group name ip-google-traffic



  policy-map google-cap
     class google
     set cos 3


interface Port-channel2
 description To-MTS-BE02
 mtu 9000
 no ip address
 service instance 2528 ethernet
  encapsulation dot1q 2528
  rewrite ingress tag pop 1 symmetric
  service-policy input google-cap
  bridge-domain 2528
 !
 service instance 2529 ethernet
 !
!

** 现在我在接口 0/0/2 上有实例 955 的 CUST，我需要限制谷歌和默认的流量

 class-map match-all GGC-OUT
   match cos  3
   !


policy-map Cust1
 class GGC-OUT
  police cir 5000000000
 class class-default
  police cir 1750000000
!
!

** 现在将策略应用于 Cust1 实例

#interface ten 0/0/6
#service instance 955 ethernet 
serivce-policy output Cust1

我收到此 msg 错误 Match cos is not supported for this interface in the output direction。 或者，如果我使用 DSCP，我会收到此 msg Match DSCP in IPv4/IPv6 数据包不支持此接口

所以任何想法都可以限制 ASR 903 上我的客户的谷歌和默认流量