cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1989
Views
0
Helpful
5
Replies

Applying route-map to 881 router interfaces

avisnyai
Level 1
Level 1

Good Day: Customer has three 881 routers.  FE0 connects to their WAN, FE4 connects to their LANs.  Two VLANs are configured on FE4.  Class-maps and Policy-map created to detect voice traffic:

===================

class-map match-any VoIP-RTP-Trust

match ip dscp ef

class-map match-any VoIP-Control-Trust

match ip dscp cs5

match ip dscp af31

!

!

policy-map VoIP-Trust

class VoIP-RTP-Trust

    priority percent 70

class VoIP-Control-Trust

    bandwidth percent 5

class class-default

    fair-queue

===================

Policy map applied to FE0 and FE4:

===================

interface FastEthernet0

description ** WAN

switchport access vlan 20

duplex full

speed 10

service-policy output VoIP-Trust

interface FastEthernet4

description ** To LAN

no ip address

duplex auto

speed auto

service-policy output VoIP-Trust

!

interface FastEthernet4.10

description ** DATA

encapsulation dot1Q 10

ip address x.x.x.x y.y.y.y

ip helper-address x.x.x.x

!

interface FastEthernet4.100

description ** VOICE

encapsulation dot1Q 100

ip address x.x.x.x y.y.y.y

!

===================

Policy map not working on FE0 (only shows traffic in class-default), but working fine on FE4 (detecting voice packets):

===================

rtr-key#sh policy-map int

FastEthernet0

  Service-policy output: VoIP-Trust

    queue stats for all priority classes:

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

    Class-map: VoIP-RTP-Trust (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: ip dscp ef (46)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Priority: 70% (7000 kbps), burst bytes 175000, b/w exceed drops: 0

    Class-map: VoIP-Control-Trust (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: ip dscp cs5 (40)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Match: ip dscp af31 (26)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      bandwidth 5% (500 kbps)

    Class-map: class-default (match-any)

      15744801 packets, 1038173964 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: any

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops/flowdrops) 0/0/0/0

      (pkts output/bytes output) 15744801/1038173964

      Fair-queue: per-flow queue limit 16

FastEthernet4

  Service-policy output: VoIP-Trust

    queue stats for all priority classes:

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 3006/655308

    Class-map: VoIP-RTP-Trust (match-any)

      3006 packets, 655308 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: ip dscp ef (46)

        3006 packets, 655308 bytes

        5 minute rate 0 bps

      Priority: 70% (70000 kbps), burst bytes 1750000, b/w exceed drops: 0

    Class-map: VoIP-Control-Trust (match-any)

      2984 packets, 1068438 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: ip dscp cs5 (40)

        4 packets, 408 bytes

        5 minute rate 0 bps

      Match: ip dscp af31 (26)

        2980 packets, 1068030 bytes

        5 minute rate 0 bps

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 2984/1068438

      bandwidth 5% (5000 kbps)

    Class-map: class-default (match-any)

      779609832 packets, 304290447160 bytes

      5 minute offered rate 549000 bps, drop rate 0 bps

      Match: any

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops/flowdrops) 0/0/0/0

      (pkts output/bytes output) 779546599/304956945492

      Fair-queue: per-flow queue limit 16

========================

Attempted to apply policy-map to int vlan 20, but received error "Configuration failed!"

Is there a way to apply this policy to FE0 and have it work?  I know that ports FE0-FE3 are, so-to-speak, "special", and perhaps that's one of the limitations of those ports.

Thank you.

5 Replies 5

ciscoamit_497
Level 1
Level 1

Hi Dear,

You should need a L3 port to configure the service policy over WAN...but if there is no availability of L3 port as u said..then I think you should use the L3 interface to do that....

John Blakley
VIP Alumni
VIP Alumni

My first thought is that the switch that these phones are connected to aren't trusting the marking that the phone is doing (they do mark their own?)

A test that you could do is create another policy specifying traffic from the voice subnet. Then set the tag that you want:

ip access-list ext InVoice

     permit ip any

class-map match-all InVoice

     match access-group name InVoice

policy-map InVoice

class InVoice

set dscp ef

interface FastEthernet4.100

service-policy input InVoice

You should start seeing matches on your outbound policy map...hopefully...

HTH,

John

*** Please rate useful posts ****

HTH, John *** Please rate all useful posts ***

Jeff Van Houten
Level 5
Level 5

There's no reason to apply the policy to fe4. I'm sure your LAN can handle whatever this router is able to forward.

Sent from Cisco Technical Support iPad App

ciscoamit_497
Level 1
Level 1

You can also use the access-list so, u can match the traffic--

for example,

ip access-list extended 101 permit ip any any dscp ef

ip access-list extended 101 permit ip any any dscp af41

ip access-list extended 101 permit ip any any dscp af31

ip access-list extended 101 permit ip any any dscp cs5

And put it under lan interface as out...

ip access-group 101 out....and check the hits of the traffic..

Regards,

Amit Kumar

******Please rate helpful posts********

avisnyai
Level 1
Level 1

I thank everyone for their input.  Here is where I am now:

I agree with Jeff that a policy-map is not needed for the LAN side of the router, so I removed it.

I created an access list as John and Amit suggested:

===========================================

ip access-list extended TestVoice

permit ip any any dscp ef

permit ip any any

===========================================

When I applied the ACL to outbound traffic on interface VLAN20 (which  is tied to FE0, the port used for WAN):

===========================================

interface FastEthernet0

description ** Metro-E connection (WIN)

switchport access vlan 20

service-policy output VoIP-Trust

interface Vlan20

description ** WAN

ip address x.x.x.x y.y.y.y

ip access-group TestVoice out

===========================================

No voice packets were being  matched:

===========================================

Extended IP access list TestVoice

    10 permit ip any any dscp ef

    20 permit ip any any (131901 matches)

===========================================

After that I inspected the config of the Ethernet switch at that site, and discovered that the ports were not configured to trust the DSCP markings of the traffic.  After I configured the switchports to trust the DSCP markings, I saw voice packet matches in the ACL:

===========================================

Extended IP access list TestVoice

    10 permit ip any any dscp ef (160156 matches)

    20 permit ip any any (262996 matches)

===========================================

However, I still saw no matches for voice traffic on the policy map:

===================

FastEthernet0

  Service-policy output: VoIP-Trust

    queue stats for all priority classes:

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

    Class-map: VoIP-RTP-Trust (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: ip dscp ef (46)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Priority: 70% (70000 kbps), burst bytes 1750000, b/w exceed drops: 0

    Class-map: VoIP-Control-Trust (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: ip dscp cs5 (40)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Match: ip dscp af31 (26)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      bandwidth 5% (5000 kbps)

    Class-map: class-default (match-any)

      137091 packets, 9689142 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: any

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops/flowdrops) 0/0/0/0

      (pkts output/bytes output) 137091/9689142

      Fair-queue: per-flow queue limit 16

===================

Perhaps policy-maps only work on routed interfaces?  If that's the case, I may be able to change the router config so that routed port FE4 faces to the WAN, configure one non-routed port carry the voice traffic from the switch, and configure another non-routed port to carry data traffic from the switch.

Any other ideas?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: