03-21-2016 12:26 AM - edited 03-18-2019 11:52 AM
Hi,
I have a 7600 Series router with a trunk switchport on it. The trunk port has a bunch of vlans allowed and a service-policy on it. Here is the config:
interface GigabitEthernet1/1
description -- Voice --
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100-200,500
switchport mode trunk
switchport nonegotiate
load-interval 30
speed 1000
duplex full
no wrr-queue random-detect 2
no wrr-queue random-detect 3
wrr-queue cos-map 3 1 4
wrr-queue cos-map 3 2 6 7
priority-queue cos-map 1 3 5
storm-control broadcast level 10.00
storm-control multicast level 10.00
no cdp enable
service-policy input mark-SIP
end
I added a new vlan 500 interface and need to mark inbound SIP and RTP traffic on it. The config is below:
interface Vlan500
description -- TEST --
ip vrf forwarding TEST_VRF
ip address 192.168.1.1 255.255.255.0
service-policy input mark-SIP-and-RTP
end
The problem is that on the other end of the link I see only SIP marked packets but not RTP. It seems that service-policy on Vlan interface does not work properly.
Could there be some conflict between service-policy on the physical interface and the "child" policy on Vlan interface? Is there any dependence between them? Could you advise any materials to read to solve this question?
Thanks!
03-21-2016 04:47 PM
Dude,
can you tell us how you are matching traffic to fall under the "service-policy input mark-SIP"? what ACL's/dscp matching have you got?
cheers
03-21-2016 10:55 PM
Here is the config for this policy:
ip access-list extended mark-SIP
permit udp any eq 5060 any
permit udp any any eq 5060
class-map match-all mark-SIP
match access-group name mark-SIP
policy-map mark-SIP
class mark-SIP
set dscp cs3
05-06-2016 06:30 AM
Guys,
thanks for your replies.
Actually it apeared the only solution for this case. Since every VLAN is by definition a separate ip subnet, then in the provided ACL I should permit traffic from this subnet (not permit any, but, e.g.
permit udp 192.168.1.0 0.0.0.255 eq 5060 any
and so on). Then everithing works as expected.
The rest of provided config is fine.
04-22-2016 03:05 AM
Folks, are there some ideas regarding this issue?
04-22-2016 04:15 AM
Can u share full config?
04-25-2016 10:34 PM
Hi Mohammed,
I can't share another parts of the config right now. Anyway I suppose that there is no use of it. I'll try to clarify the initial question:
We have a trunk switchport with configured service-policy input command (as shown above). How can I configure another service-policy which will work on a single vlan from that trunk?
04-22-2016 04:15 AM
Can u share full config?
04-22-2016 04:15 AM
Can u share full config?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide