cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
612
Views
0
Helpful
3
Replies

Issue with QoS configuration on ASA?

rrivas
Level 1
Level 1

I have configured the policy-map on the interface inside of my ASA with conform action "transmit" and exceed action "drop". But when I execute the command "sh service-policy interface inside", I obtain the following:

Input police Interface inside:

cir 512000 bps, bc 16000 bytes
conformed 2562 packets, 521365 bytes; actions:  drop
exceeded 0 packets, 0 bytes; actions:  drop
conformed 0 bps, exceed 0 bps

The ASA is running 8.2(1).

Is it a known issue ?

1 Accepted Solution

Accepted Solutions

Hi,

Yes the action should be transmit.

I think you are running version 8.2(1). If yes, you are running into a bug. Bug ID is CSCta3309. You can logging using your CCO and read about the bug details.

The bug is resolved in the following releases :


8.2(4)
8.3(0.0)
8.1(2.30)
8.2(2.99)

Hope this answers your question

Cheers,

Manasi!!

View solution in original post

3 Replies 3

manasjai
Cisco Employee
Cisco Employee

Hi,

Could you paste the relevant configuration of the concerned class-map and policy-map ?

Cheers,

Manasi

Thank you for your response. Following the configuration and the show command output.

sh runn:
!
access-list LAN-SERVER-FLOW extended permit tcp 192.168.1.0 255.255.255.0 host 192.168.2.2 eq exec
access-list LAN-OTHERS-FLOW extended permit ip 192.168.1.0 255.255.255.0 any
access-list SERVER-LAN-FLOW extended permit tcp host 192.168.2.2 eq exec 192.168.1.0 255.255.255.0
access-list OTHERS-LAN-FLOW extended permit ip any 192.168.1.0 255.255.255.0
!
!
class-map LAN-SERVER-CMAP
match access-list LAN-SERVER-FLOW
class-map LAN-OTHERS-CMAP
match access-list LAN-OTHERS-FLOW
class-map SERVER-LAN-CMAP
match access-list SERVER-LAN-FLOW
class-map OTHERS-LAN-CMAP
match access-list OTHERS-LAN-FLOW
!
policy-map INSIDE-PMAP
class LAN-SERVER-CMAP
  police input 512000
class LAN-OTHERS-CMAP
  police input 512000 1500
class SERVER-LAN-CMAP
  police output 512000
class OTHERS-LAN-CMAP
  police output 512000 1500
!
service-policy INSIDE-PMAP interface inside
!

sh service-policy interface inside:
Interface inside:
  Service-policy: INSIDE-PMAP
    Class-map: LAN-SERVER-CMAP
      Input police Interface inside:
        cir 512000 bps, bc 16000 bytes
        conformed 2562 packets, 521365 bytes; actions:  drop
        exceeded 0 packets, 0 bytes; actions:  drop
        conformed 0 bps, exceed 0 bps
    Class-map: LAN-OTHERS-CMAP
      Input police Interface inside:
        cir 512000 bps, bc 1500 bytes
        conformed 118107 packets, 16854191 bytes; actions:  drop
        exceeded 16 packets, 21884 bytes; actions:  drop
        conformed 1128 bps, exceed 0 bps
    Class-map: SERVER-LAN-CMAP
      Output police Interface inside:
        cir 512000 bps, bc 16000 bytes
        conformed 1036 packets, 409939 bytes; actions:  drop
        exceeded 0 packets, 0 bytes; actions:  drop
        conformed 0 bps, exceed 0 bps
    Class-map: OTHERS-LAN-CMAP
      Output police Interface inside:
        cir 512000 bps, bc 1500 bytes
        conformed 127118 packets, 96002426 bytes; actions:  drop
        exceeded 4966 packets, 7005206 bytes; actions:  drop
        conformed 1096 bps, exceed 0 bps

Hi,

Yes the action should be transmit.

I think you are running version 8.2(1). If yes, you are running into a bug. Bug ID is CSCta3309. You can logging using your CCO and read about the bug details.

The bug is resolved in the following releases :


8.2(4)
8.3(0.0)
8.1(2.30)
8.2(2.99)

Hope this answers your question

Cheers,

Manasi!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: