02-21-2006 12:31 AM
Hi there,
I am attempting to apply a service policy to ether a dialer interface or a serial interface. From my testing it would appear that the "match protocol" command will not actually match any packets when the policy is applied to these interfaces.
the setup is below:-
!
!
class-map match-all telnet
match protocol telnet
class-map match-all citrix
match protocol citrix
class-map match-all Telnet
match protocol telnet
class-map match-all voice-signaling
match access-group 151
class-map match-all voice-traffic
match access-group 150
!
!
policy-map VOICE-POLICY
class voice-traffic
priority 96
class voice-signaling
bandwidth 8
class citrix
bandwidth 24
class telnet
class class-default
fair-queue
!
!
interface Dialer1
bandwidth 256
ip address negotiated
ip access-group inbound in
ip mtu 1458
ip nat outside
ip inspect myfw out
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password
ppp pap sent-username
ppp ipcp dns request
ppp ipcp wins request
crypto map vpnclient
service-policy output VOICE-POLICY
hold-queue 224 in
!
I have an access-list that matches my VoIP traffic no problem, but neither telnet or citrix traffic are matched when doing a "sh policy-map interface dialer1".
However running the SH IP NBAR PROTOCOL DISCOVERY INT DIALER 1 does indeed show the existance of these packets.
Will I be forced to match traffic to/from the citrix servers by an access-list or is there a way of doing it with MATCH PROTOCOL? It would seem the best way!
Thanks,
Peter.
02-21-2006 01:19 AM
Wheter the "match protocol" command is supported will depend on your hardware. It is for example not supported on a 7600 SIP-400. Can you please post the type of equipment that you are using?
Regards,
Leo
02-21-2006 01:32 AM
HI leo, the config is from a 1721. I have also tried on an 837, same result.
thanks,
Peter.
02-21-2006 01:50 AM
Hi Peter,
The 'match protocol' commands use NBAR which requires CEF to be enabled. Please enter in 'ip cef' and then re-do your tests.
Hope that helps - pls rate the post if it does.
Paresh
02-21-2006 02:29 AM
Hi there,
CEF is enabled!
Like I say it works on non WAN interfaces.. thanks,
peter
02-21-2006 02:56 AM
Hello Peter,
I looked up the command. Here's the URL:
Please also read the note that belongs to it:
Note This chapter lists some of the command options for the policy-map configuration mode. These command options are not limited to Release 12.2 and can vary among platforms and Cisco IOS releases. Because software is updated frequently, this list of commands might not represent the most updated software command options. For the most current command options for your Cisco IOS software, see the New Feature Documentation index for your particular Cisco IOS software release on Cisco.com.
Regards,
Leo
02-21-2006 04:19 AM
Nope, it doesn't mention any restrictions at all. Can anyone confirm if they have this command working on a wan interface?
I have it working just now by matching TCP traffic to/from citrix servers instead of match protocol, but this is not ideal.
Thanks!
03-01-2006 06:59 AM
Hi I don't know why it doesn't work, but you mention that it is not ideal to work not with "match protocol". I don't think thats true, because every packet that passes trough this policy-map has to be inspected by the CPU. NBAR (match protocol) can not be performed by hardware on any platform, so be carefull to not slow down the router with such tasks. If you can perfom the same thing with ACL's do it better that way because that can be done without interrupting the CPU.
Simon
03-01-2006 07:05 AM
Thanks Simon, I now have it working using access-lists and am quite happy with it, however I noticed that the queueing is simply not working on the dialer interface, I have just posted about it.
It looks as though you cannot do CBWFQ or LLQ on a dialer interface used for ADSL. But there must be thousands of people who want to do this!!
cheers,
Peter.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide