Solved: Re: Issue with QoS configuration on ASA?

rrivas · ‎12-24-2010

I have configured the policy-map on the interface inside of my ASA with conform action "transmit" and exceed action "drop". But when I execute the command "sh service-policy interface inside", I obtain the following:

Input police Interface inside:

cir 512000 bps, bc 16000 bytes
conformed 2562 packets, 521365 bytes; actions: drop
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps

The ASA is running 8.2(1).

Is it a known issue ?

manasjai · ‎12-25-2010

Hi,

Yes the action should be transmit.

I think you are running version 8.2(1). If yes, you are running into a bug. Bug ID is CSCta3309. You can logging using your CCO and read about the bug details.

The bug is resolved in the following releases :

8.2(4)
8.3(0.0)
8.1(2.30)
8.2(2.99)

Hope this answers your question

Cheers,

Manasi!!

View solution in original post

manasjai · ‎12-24-2010

Hi,

Could you paste the relevant configuration of the concerned class-map and policy-map ?

Cheers,

Manasi

rrivas · ‎12-25-2010

Thank you for your response. Following the configuration and the show command output.

sh runn:
!
access-list LAN-SERVER-FLOW extended permit tcp 192.168.1.0 255.255.255.0 host 192.168.2.2 eq exec
access-list LAN-OTHERS-FLOW extended permit ip 192.168.1.0 255.255.255.0 any
access-list SERVER-LAN-FLOW extended permit tcp host 192.168.2.2 eq exec 192.168.1.0 255.255.255.0
access-list OTHERS-LAN-FLOW extended permit ip any 192.168.1.0 255.255.255.0
!
!
class-map LAN-SERVER-CMAP
match access-list LAN-SERVER-FLOW
class-map LAN-OTHERS-CMAP
match access-list LAN-OTHERS-FLOW
class-map SERVER-LAN-CMAP
match access-list SERVER-LAN-FLOW
class-map OTHERS-LAN-CMAP
match access-list OTHERS-LAN-FLOW
!
policy-map INSIDE-PMAP
class LAN-SERVER-CMAP
police input 512000
class LAN-OTHERS-CMAP
police input 512000 1500
class SERVER-LAN-CMAP
police output 512000
class OTHERS-LAN-CMAP
police output 512000 1500
!
service-policy INSIDE-PMAP interface inside
!

sh service-policy interface inside:
Interface inside:
Service-policy: INSIDE-PMAP
    Class-map: LAN-SERVER-CMAP
      Input police Interface inside:
        cir 512000 bps, bc 16000 bytes
        conformed 2562 packets, 521365 bytes; actions: drop
        exceeded 0 packets, 0 bytes; actions: drop
        conformed 0 bps, exceed 0 bps
    Class-map: LAN-OTHERS-CMAP
      Input police Interface inside:
        cir 512000 bps, bc 1500 bytes
        conformed 118107 packets, 16854191 bytes; actions: drop
        exceeded 16 packets, 21884 bytes; actions: drop
        conformed 1128 bps, exceed 0 bps
    Class-map: SERVER-LAN-CMAP
      Output police Interface inside:
        cir 512000 bps, bc 16000 bytes
        conformed 1036 packets, 409939 bytes; actions: drop
        exceeded 0 packets, 0 bytes; actions: drop
        conformed 0 bps, exceed 0 bps
    Class-map: OTHERS-LAN-CMAP
      Output police Interface inside:
        cir 512000 bps, bc 1500 bytes
        conformed 127118 packets, 96002426 bytes; actions: drop
        exceeded 4966 packets, 7005206 bytes; actions: drop
        conformed 1096 bps, exceed 0 bps

manasjai · ‎12-25-2010

Hi,

Yes the action should be transmit.

I think you are running version 8.2(1). If yes, you are running into a bug. Bug ID is CSCta3309. You can logging using your CCO and read about the bug details.

The bug is resolved in the following releases :

8.2(4)
8.3(0.0)
8.1(2.30)
8.2(2.99)

Hope this answers your question

Cheers,

Manasi!!