05-09-2004 08:49 PM - edited 03-02-2019 03:34 PM
I have recently purchased a Catalyst 2950T 24 port switch in order to leaviate congestion issues on a remote site connected via a DSL connection. This remote site is also running a exchange server.
I need to prioritize TCP Port 3389 above POP3 & SMTP.
I have done this previously on a 3600 Router using priority listing:
priority-list 1 protocol ip high list 100
priority-list 1 protocol ip medium tcp 3389
priority-list 1 protocol ip normal tcp www
priority-list 1 protocol ip normal tcp ftp-data
priority-list 1 protocol ip normal tcp ftp
priority-list 1 protocol ip low tcp pop3
priority-list 1 protocol ip low tcp smtp
priority-list 1 protocol ip low
and priority grouping under the desired port (priority-group 1), though unfortunatly the "priority-group" command is not recognisd under the 2950T (Running IOS 12.1(14)EA1a)
Find detailed below current config of the 2950T. The current config doesnt appear to be performing.
If anyone can shed some light it would be greatly appreciated.
Current configuration : 2951 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cat-2950
!
enable secret xxxxx
!
wrr-queue bandwidth 10 20 40 80
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 3
wrr-queue cos-map 3 4
wrr-queue cos-map 4 5 6 7
!
class-map match-all class_smtp
match access-group name list_smtp
class-map match-all class_www
match access-group name list_www
class-map match-all class_pop3
match access-group name list_pop3
class-map match-all class_tcp-3389
match access-group name list_tcp-3389
!
!
policy-map policy1
class class_tcp-3389
set ip dscp 26
police 100000000 32768 exceed-action drop
class class_www
set ip dscp 18
police 100000000 32768 exceed-action drop
class class_pop3
set ip dscp 10
police 100000000 32768 exceed-action drop
class class_smtp
set ip dscp 10
police 100000000 32768 exceed-action drop
policy-map policy2
class class_tcp-3389
set ip dscp 26
police 100000000 32768 exceed-action drop
class class_www
set ip dscp 18
police 100000000 32768 exceed-action drop
class class_pop3
set ip dscp 10
police 100000000 32768 exceed-action drop
class class_smtp
set ip dscp 10
police 100000000 32768 exceed-action drop
!
mls qos map dscp-cos 0 to 0
mls qos map dscp-cos 16 to 1
mls qos map dscp-cos 24 to 2
mls qos map dscp-cos 32 to 3
mls qos map dscp-cos 40 to 4
mls qos map cos-dscp 0 10 18 26 34 46 48 56
ip subnet-zero
!
no ip domain-lookup
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/1
service-policy input policy1
!
interface FastEthernet0/2
service-policy input policy2
!
interface FastEthernet0/3 ..to.. 24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.60.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.60.1
ip http server
!
ip access-list extended list_pop3
permit tcp any eq pop3 any
ip access-list extended list_smtp
permit tcp any eq smtp any
ip access-list extended list_tcp-3389
permit tcp any eq 3389 any
ip access-list extended list_www
permit tcp any eq www any
!
!
line con 0
exec-timeout 0 0
line vty 0 4
password #####
login
line vty 5 15
password #####
login
!
end
05-10-2004 02:21 PM
Post a show policy-map policy1 and a show mls qos interface fastethernet 0/1 and 0/2; let's see what those commands show.
05-10-2004 05:09 PM
Cat-2950#show policy-map policy1
Policy Map policy1
class class_tcp-3389
set ip dscp 26
police 100000000 32768 exceed-action drop
class class_www
set ip dscp 18
police 100000000 32768 exceed-action drop
class class_pop3
set ip dscp 10
police 100000000 32768 exceed-action drop
class class_smtp
set ip dscp 10
police 100000000 32768 exceed-action drop
Cat-2950#show mls qos interface fastethernet0/1
FastEthernet0/1
Attached policy-map for Ingress: policy1
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
pass-through: none
trust device: none
Cat-2950#show mls qos interface fastethernet0/2
FastEthernet0/2
Attached policy-map for Ingress: policy2
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
pass-through: none
trust device: none
I look forward to your response / advice.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide