topic QoS Policing on a LAC in Network Security

QoS Policing on a LAC

j.dolphin — Fri, 21 Feb 2020 08:49:55 GMT

Hi all, I've configured lac shaping for upload on my 2811 (ios xxx124-7.bin) as per:

http://www.cisco.com/en/US/partner/products/ps6350/products_configuration_guide_chapter09186a0080455ade.html

However it's not working. I suspect IOS fault, just wanted to bounce it off someone else.... A "show policy-map session [uid]" gives me no output, eg:

=====================

rt2811_b101#show sss session

Current SSS Information: Total sessions 95

Uniq ID Type State Service Identifier Last Chg

899 PPPoE/PPP connected Forwarded x@x.x.x 11:53:01

rt2811_b101#

rt2811_b101#show policy-map session uid 899

rt2811_b101#

=====================

Relevant components of the router configuration are:

==========================================

subscriber profile Profile1

service relay pppoe vpdn group group_1

vpdn enable

vpdn source-ip x.x.x.x

vpdn-group User2-vpdn-group-domain

request-dialin

protocol l2tp

domain y.y.y.y

initiate-to ip z.z.z.z

source-ip x.x.x.x

local name aName

ip tos max-reliability

!arbitrary policing figure for testing purposes...

policy-map shape-128k

description Throttle to 128K

class class-default

police cir 128000 bc 50000 be 100000

conform-action transmit

exceed-action drop

bba-group pppoe global

ac name aName

bba-group pppoe group_1

virtual-template 1

service profile Profile1

sessions per-mac limit 2

sessions per-vlan limit 250

vpdn enable

int fa0/0.x

pppoe enable group group_1

interface Virtual-Template1

description PPPoE and L2TP

mtu 1492

ip unnumbered FastEthernet0/0.x

ppp authentication chap

ppp chap hostname aName

service-policy input shape-128k

==========================================

So, pppoe is WORKING, however upload policing isn't, which means I'm sending excess traffic across the WAN to be discarded at the LNS. Would be much nicer if it could be discarded at the LAC before uploading.

OH, and the Cisco feature navigator says LAC policing was implemented on IOS 12.3 for the Cisco 2811, so I don't think it's platform related....

Any help would be appreciated,

Cheers Muchly, Jerome

Re: QoS Policing on a LAC

wong34539 — Thu, 13 Apr 2006 16:25:27 GMT

Prerequisites for QoS: Classification, Policing, and Marking on LAC

Configure the Routers

You must configure the Client router, the LAC, and the LNS before applying the QoS policy map as described in the "Configuration Examples for QoS: Classification, Policing, and Marking on LAC" section.

Verify the State of the Subscriber Service Switch (SSS) Sessions

You must use the show sss session command to verify that the user sessions are enabled on the LAC.

Configure the Interface

You must configure the virtual-template interface before applying the policy map to the session.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ade.html#wp1055864

Re: QoS Policing on a LAC

globalnettech — Thu, 13 Apr 2006 20:45:40 GMT

Hello,

in addition to Phillip´s post, you might want to try and apply the service policy in the outbound direction as well.

Also, can you post the full configuration of your router ? Which feature set are you using (IP Base/Advanced etc.) ?

Regards,

GNT

Re: QoS Policing on a LAC

j.dolphin — Tue, 18 Apr 2006 00:06:36 GMT

Hi Phillip, thanks for the reply. I've already tried what you've outlined. If you take a look at the information posted about you'll see the SSS sessions and the configured interface. Cheers, Jerome

Re: QoS Policing on a LAC

j.dolphin — Tue, 18 Apr 2006 00:23:03 GMT

Hi GNT (no name on your profile)... Thanks for the response, appreciated..

Running IOS "c2800nm-spservicesk9-mz.124-7.bin", Software Advisor says it supports LAC policing....

In addition to the configuration originally posted I created the following....

========================

policy-map shape-2048k

description Throttle to 2048K

class class-default

police cir 2048000 bc 600000 be 1200000

conform-action transmit

exceed-action drop

interface Virtual-Template1

description PPPoE and L2TP

mtu 1492

ip unnumbered FastEthernet0/0.30

ppp authentication chap

ppp chap hostname User2-lac-domain

service-policy input shape-128k

service-policy output shape-2048k

========================

That config change unfortunately hasn't made a difference, the "show policy map session uid [uid]" is still not giving me any output.

I'm a little reluctant to post the full configuration, what I put in the original post was all the LAC related stuff. Is there anything in particular you're looking for? I'll post it if you think it's really neccessary....?

Cheers, Jerome