Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2076
Views
0
Helpful
8
Replies

QoS - Match Protocol on WAN Interface not working

peter.rowe
Level 1
Level 1

‎02-21-2006 12:31 AM

Hi there,

I am attempting to apply a service policy to ether a dialer interface or a serial interface. From my testing it would appear that the "match protocol" command will not actually match any packets when the policy is applied to these interfaces.

the setup is below:-

!

!

class-map match-all telnet

match protocol telnet

class-map match-all citrix

match protocol citrix

class-map match-all Telnet

match protocol telnet

class-map match-all voice-signaling

match access-group 151

class-map match-all voice-traffic

match access-group 150

!

!

policy-map VOICE-POLICY

class voice-traffic

priority 96

class voice-signaling

bandwidth 8

class citrix

bandwidth 24

class telnet

class class-default

fair-queue

!

!

interface Dialer1

bandwidth 256

ip address negotiated

ip access-group inbound in

ip mtu 1458

ip nat outside

ip inspect myfw out

encapsulation ppp

load-interval 30

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname

ppp chap password

ppp pap sent-username

ppp ipcp dns request

ppp ipcp wins request

crypto map vpnclient

service-policy output VOICE-POLICY

hold-queue 224 in

!

I have an access-list that matches my VoIP traffic no problem, but neither telnet or citrix traffic are matched when doing a "sh policy-map interface dialer1".

However running the SH IP NBAR PROTOCOL DISCOVERY INT DIALER 1 does indeed show the existance of these packets.

Will I be forced to match traffic to/from the citrix servers by an access-list or is there a way of doing it with MATCH PROTOCOL? It would seem the best way!

Thanks,

Peter.

Labels:
0 Helpful
8 Replies 8

lgijssel
Level 9
Level 9

‎02-21-2006 01:19 AM

Wheter the "match protocol" command is supported will depend on your hardware. It is for example not supported on a 7600 SIP-400. Can you please post the type of equipment that you are using?

Regards,

Leo

0 Helpful

peter.rowe
Level 1
Level 1
In response to lgijssel

‎02-21-2006 01:32 AM

HI leo, the config is from a 1721. I have also tried on an 837, same result.

thanks,

Peter.

0 Helpful

pkhatri
Level 11
Level 11
In response to peter.rowe

‎02-21-2006 01:50 AM

Hi Peter,

The 'match protocol' commands use NBAR which requires CEF to be enabled. Please enter in 'ip cef' and then re-do your tests.

Hope that helps - pls rate the post if it does.

Paresh

0 Helpful

peter.rowe
Level 1
Level 1
In response to pkhatri

‎02-21-2006 02:29 AM

Hi there,

CEF is enabled!

Like I say it works on non WAN interfaces.. thanks,

peter

0 Helpful

lgijssel
Level 9
Level 9
In response to peter.rowe

‎02-21-2006 02:56 AM

Hello Peter,

I looked up the command. Here's the URL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800bd909.html#89799

Please also read the note that belongs to it:

Note This chapter lists some of the command options for the policy-map configuration mode. These command options are not limited to Release 12.2 and can vary among platforms and Cisco IOS releases. Because software is updated frequently, this list of commands might not represent the most updated software command options. For the most current command options for your Cisco IOS software, see the New Feature Documentation index for your particular Cisco IOS software release on Cisco.com.

Regards,

Leo

0 Helpful

peter.rowe
Level 1
Level 1
In response to lgijssel

‎02-21-2006 04:19 AM

Nope, it doesn't mention any restrictions at all. Can anyone confirm if they have this command working on a wan interface?

I have it working just now by matching TCP traffic to/from citrix servers instead of match protocol, but this is not ideal.

Thanks!

0 Helpful

simonstoll
Level 1
Level 1
In response to peter.rowe

‎03-01-2006 06:59 AM

Hi I don't know why it doesn't work, but you mention that it is not ideal to work not with "match protocol". I don't think thats true, because every packet that passes trough this policy-map has to be inspected by the CPU. NBAR (match protocol) can not be performed by hardware on any platform, so be carefull to not slow down the router with such tasks. If you can perfom the same thing with ACL's do it better that way because that can be done without interrupting the CPU.

Simon

0 Helpful

peter.rowe
Level 1
Level 1
In response to simonstoll

‎03-01-2006 07:05 AM

Thanks Simon, I now have it working using access-lists and am quite happy with it, however I noticed that the queueing is simply not working on the dialer interface, I have just posted about it.

It looks as though you cannot do CBWFQ or LLQ on a dialer interface used for ADSL. But there must be thousands of people who want to do this!!

cheers,

Peter.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card