取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

December 2020

8354
查看次数
10
有帮助
15
回复
CSCO11497141
Beginner

关于思科交换机限速的问题

关于思科交换机限速的问题
设备型号:
WS-C3750X-2412.2(58)SE2C3750E-UNIVERSALK9-M
WS-C2960S-48TS-L12.2(55)SE7C2960S-UNIVERSALK9-M
描述情况:
1C3750X-24作为外网出口,互联ISP
2C2960S-48TS-L上联是C3750X-24,下联是ServerGig 1/0/15);C2960S-48TS-LGig 1/0/46Gig 1/0/47Gig 1/0/48)与C3750X-24Gig 2/0/17Gig 1/0/17Gig 1/0/18)之间做的是Trunk以及二层的Port-channel
3、服务器的网关在C3750X-24上。
目的是:
限制服务器(61.147.x.x)的上行速度,为200M
C2960S-48TS-L上做配置:
access-list 1 permit 61.147.x.x
class-map match-all A
match access-group 1
policy-map A
class A
police 200000000 1000000 exceed-action drop
trust dscp
interface GigabitEthernet1/0/15
service-policy input A
2960S#show policy-mapinterface g1/0/15 input
GigabitEthernet1/0/15
Service-policy input: A
Class-map: A (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 1
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
C2960S-A6-5#show ipaccess-lists
Standard IP access list 1
10permit 61.147.x.x
这样做没成功,2960S#show policy-map interface g1/0/15 inputshow ip access-lists都没看到匹配的数据包。
或者在C3750X-24上做配置:
access-list 1 permit 61.147.x.x
class-map match-all A
match access-group 1
policy-map A
class A
police 200000000 1000000 exceed-action drop
trust dscp
interface GigabitEthernet1/0/17
service-policy input A
interface GigabitEthernet2/0/17
service-policy input A
interface GigabitEthernet1/0/18
service-policy input A
Core3750X-Stack#show policy-mapinterface g1/0/17 input
GigabitEthernet1/0/17
Service-policy input: A
Class-map: A (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 1
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Core3750X-Stack#showpolicy-map interface g1/0/18 input
GigabitEthernet1/0/18
Service-policy input: A
Class-map: A (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 1
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Core3750X-Stack#showpolicy-map interface g2/0/17 input
GigabitEthernet2/0/17
Service-policy input: A
Class-map: A (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 1
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Core3750X-Stack#show ipaccess-lists 1
Standard IP access list 1
10permit 61.147.x.x
这样做也没成功,3750X#show policy-map interface g1/0/17 inputshow policy-map interface g1/0/18 inputshow policy-map interface g2/0/17 input
show ip access-lists也都没看到匹配的数据包。
没成功的原因:
1、是不是交换机系统版本的问题
2、是不是配置的问题
3、是不是配置的方法不对

1 个已接受解答

已接受的解答
martinchow
Beginner

Hi Bruce,
acl is done by hardware on 2k/3k and that's why you didn't see any matched packets in the output of "show ip access-list". but if you add the "log" keyword in the ACE and it could cause packet punted to cpu then you can see matched packet counters from the output of "show ip access-list". just like you know, if the packet is huge, it may cause cpu high as well.
please confirm the acl you write is correct and can match the packet from server. does any abnormal log seen when apply this acl?
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swacl.html
Thanks, martin

在原帖中查看解决方案

15 条回复15
martinchow
Beginner

Hi Bruce,
acl is done by hardware on 2k/3k and that's why you didn't see any matched packets in the output of "show ip access-list". but if you add the "log" keyword in the ACE and it could cause packet punted to cpu then you can see matched packet counters from the output of "show ip access-list". just like you know, if the packet is huge, it may cause cpu high as well.
please confirm the acl you write is correct and can match the packet from server. does any abnormal log seen when apply this acl?
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swacl.html
Thanks, martin

在原帖中查看解决方案

martinchow
Beginner

Hello,
First, please make sure that you have enabled "mls qos" globally or per-port basis? Also please note that 3750/2960 implements the qos in hardware. can you collect the following commands output?
show mls qos
show mls qos inter gx/y stat
show mls qos ip gx/y
Thanks, martin
CSCO11497141
Beginner

Hello,
Core3750X-Stack#show mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
Core3750X-Stack#show mls qos inter g1/0/17 stat
GigabitEthernet1/0/17 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 716119613 0 8838362 1 468898
5 - 9 : 0 0 0 2 0
10 - 14 : 53 0 11 0 0
15 - 19 : 0 6357 0 0 0
20 - 24 : 0 0 0 0 6
25 - 29 : 0 0 0 0 9
30 - 34 : 0 0 0 0 4
35 - 39 : 0 0 0 0 0
40 - 44 : 1 0 0 0 0
45 - 49 : 0 5 0 47197 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 2051527611 3357628 369694 3799 57839
5 - 9 : 152421 3873 782578 265398 380031
10 - 14 : 2025753 28 129 0 2263577
15 - 19 : 351 145577 0 503558 8
20 - 24 : 134615 0 0 0 11
25 - 29 : 0 1875 0 241667 9766
30 - 34 : 1 0 972291 98 517485
35 - 39 : 0 234664 69 297890 0
40 - 44 : 30092 0 0 0 4
45 - 49 : 0 2902785 0 1326369 0
50 - 54 : 0 87 0 5059 0
55 - 59 : 0 2469 0 0 527
60 - 64 : 31 0 0 160
cos: incoming
-------------------------------

0 - 4 : 1278253059 7 76 0 27
5 - 7 : 2 45469 1358
cos: outgoing
-------------------------------
0 - 4 : 2023944426 67 555 44 639
5 - 7 : 715 62 42708948
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 2 0 0
queue 1: 1763172871 5335058 54771133
queue 2: 0 0 0
queue 3: 0 0 243376537
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 42356 3 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
Core3750X-Stack#show mls qos inter g1/0/18 stat
GigabitEthernet1/0/18 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 458923644 106 386599338 87 2329459
5 - 9 : 0 0 0 0 0
10 - 14 : 8 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 18
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 3540 18
50 - 54 : 53 1 0 0 1
55 - 59 : 5 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 144933053 0 70977 160 8
5 - 9 : 0 0 5321 10022 0
10 - 14 : 20396 679 4434 0 0
15 - 19 : 0 38212 0 0 0
20 - 24 : 2198 0 0 0 511
25 - 29 : 0 1543 0 1367 13208
30 - 34 : 0 0 14924 0 5366
35 - 39 : 0 8 0 0 0
40 - 44 : 5788 0 0 0 0
45 - 49 : 0 2064 0 45205 0
50 - 54 : 0 0 0 102 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------

0 - 4 : 1642561755 0 2 1 4
5 - 7 : 0 0 19
cos: outgoing
-------------------------------
0 - 4 : 1757977273 19 244 63 185
5 - 7 : 38 42622 42577379
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 2 0 0
queue 1: 1216570646 9045314 42801234
queue 2: 0 0 0
queue 3: 0 0 532180745
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 10070 4 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
Core3750X-Stack#show mls qos inter g2/0/17 stat
GigabitEthernet2/0/17 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 805176082 0 1632555 0 1634655
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 458470313 127040 325082 840 408
5 - 9 : 12890 0 215149 1463432 0
10 - 14 : 999416 0 239151 0 17
15 - 19 : 0 37184 0 387 0
20 - 24 : 466 0 0 0 62498
25 - 29 : 0 242 5 24188 0
30 - 34 : 5 0 1190108 0 393786
35 - 39 : 0 5 0 5 0
40 - 44 : 386733 0 0 0 0
45 - 49 : 0 15092 0 20867 0
50 - 54 : 6 0 4 0 0
55 - 59 : 0 20252 0 5 0
60 - 64 : 0 0 0 10892
cos: incoming
-------------------------------

0 - 4 : 751363873 14 270 0 261
5 - 7 : 2 0 411
cos: outgoing
-------------------------------
0 - 4 : 1430504693 52 91 1 116
5 - 7 : 33 274 1006734
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 2 0 0
queue 1: 2363487014 5241098 1039976
queue 2: 0 0 0
queue 3: 0 0 3356834911
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 14719 0 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
Core3750X-Stack#show mls qos interface g1/0/17
GigabitEthernet1/0/17
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
Core3750X-Stack#show mls qos interface g1/0/18
GigabitEthernet1/0/18
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
Core3750X-Stack#show mls qos interface g2/0/17
GigabitEthernet2/0/17
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
C2960S#show mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
C2960S#show mls qos inter g1/0/15 stat
GigabitEthernet1/0/15 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 1288551097 0 4491589 0 301892
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 3189 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 3816037204 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 1293348019 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
-------------------------------
0 - 4 : 1741107322 1 0 0 1
5 - 7 : 0 0 3121945
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 356014728 16075 3122790
queue 2: 0 0 0
queue 3: 0 0 1385092590
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
C2960S#show mls qos inter g1/0/15
GigabitEthernet1/0/15
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
Thanks, bruce
martinchow
Beginner

Hi Bruce,
thanks. we can see the qos is enabled on both devices and the qos mode is port-based. from the "qos stats" output, i didn't see any non-zero counters hit the profile even inprofile. it means your classification was failure and there is no any packets match your acl. please check if your acl configuration is correct.
// Policer: Inprofile: 0 OutofProfile: 0 <<<<< inprofile: confirm outofprofile: exceed
Thanks, martin
CSCO11497141
Beginner

martinchow 发表于 2014-11-25 00:51 back.gif
Hi Bruce,
thanks. we can see the qos is enabled on both devices and the qos mode is port-based. f ...

Hi Martin,
thanks. I was configuration the C3750X and C2960S acl is
access-list 1 permit 61.147.X.X
CSCO11497141
Beginner

martinchow 发表于 2014-11-25 16:33 back.gif
Hi Bruce,
acl is done by hardware on 2k/3k and that's why you didn't see any matched packets in ...

Hi, Martin
I delete the acl、class-map、police-map(configuration QOS) in 2960S
configuration QOS in 3750X,
C3750X:
mls qos
access-list 106 permit ip host 61.147.X.X any
class-map match-all A
match access-group 1
policy-map A
class A
police 200000000 1000000 exceed-action drop
trust dscp
interface GigabitEthernet1/0/17
service-policy input A
interface GigabitEthernet2/0/17
service-policy input A
interface GigabitEthernet1/0/18
service-policy input A
Core3750X-Stack#show ip access-lists 106
Extended IP access list 106
10 permit ip host 61.147.x.x any
show ip access-list are no match packet , I don't know how to confuiguration,can you help me?
Thanks, bruce.
martinchow
Beginner

Hi bruce,
Maybe it's a typo issue?
class-map match-all A
match access-group 1 <<<<<
Thanks, martin
lihuadingcisco
Beginner

access-list 1 permit 61.147.x.x 0.0.0.0 把反掩码加上试试
CSCO11497141
Beginner

lihuadingcisco 发表于 2014-12-22 09:39 back.gif
access-list 1 permit 61.147.x.x 0.0.0.0 把反掩码加上试试

反掩码已经已加,现在抓了整个网段
blgao
Cisco Employee

CSCO11497141 发表于 2014-12-24 09:29 back.gif
反掩码已经已加,现在抓了整个网段

DSBU的MQC是看不到匹配的counter的
blgao
Cisco Employee

CSCO11497141 发表于 2014-12-24 09:29 back.gif
反掩码已经已加,现在抓了整个网段

show policy-map [policy-map-name [class class-map-name]]
Display QoS policy maps, which define classification criteria for incoming traffic.
Note Do not use the show policy-map interface privileged EXEC command to display classification information for incoming traffic. The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored.
Yanli Sun
Community Manager

您好,不知您的问题是否已经得到满意答复,如果是请您选择“已解决”,感谢您的支持~~~
CSCO11497141
Beginner

CSC_小M 发表于 2015-3-17 16:05 back.gif
您好,不知您的问题是否已经得到满意答复,如果是请您选择“已解决”,感谢您的支持~~~

没有解决,发了case,也没解决
ellisbao
Beginner

CSCO11497141 发表于 2014-12-24 09:29 back.gif
反掩码已经已加,现在抓了整个网段

加了反掩码就可以了?
Content for Community-Ad


不能显示该小部件。