05-30-2007 11:48 AM - edited 03-03-2019 05:14 PM
Hi,
I am wondering if there is a bug in the latest cisco firmware for the 871 routers
c870-advipservicesk9-mz.124-11.T2 .
We noticed a major problem since upgrading from c870-advipservicesk9-mz.124-4.T3, in that it wont allow us to set a qos service policy on our vlan, which was working before.
The error we get when configuring is:
ROUTER(config-if)#service-policy output qos
Configuration failed!
We still have a router with the old firmware on it and it is fine and works.
Example (Router with old firmware):
interface Vlan2
description L2$FW_INSIDE$
bandwidth 10000
ip address 192.168.222.18 255.255.255.248
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip ospf message-digest-key 1 md5 xxxx
ip ospf network non-broadcast
ip ospf cost 10
service-policy output qos
where as the new router will throw the error on the last statement.
Anyone have any suggestions?
S.
05-30-2007 06:55 PM
Hello,
and what is the service policy that you was trying to apply?
It is quite possible that during testing has been found that QoS doesn't work on 87x VLAn interfaces so the command has been removed to prevent confusion. Note this is just an hypothesis on my side.
05-30-2007 08:04 PM
Let me clarify better what I mean with the above. Depending on what your service-policy 'qos 'does, it may or may not be applicable to a VLAN interface. And, the command has not been removed, but an error is generated when applied. That is similar to the QoS limitations for the etherswitch module, explained at:
Hope this helps, please rate post if it does!
05-30-2007 10:22 PM
It's weird, because as per old version the QOS was actually working. We have a few port defines, etc..
The problem with the old version was a bug in APPFW, that was the reason we upgraded.
So if cisco did any testing to decide to remove this, i am not sure why or what they tested, because our previous version worked just fine.
05-31-2007 09:04 AM
It seems as if Cisco has removed ALL QOS setting capabilities from 871's .. even when having the Advanced firmware.
WHY????
05-31-2007 05:09 PM
What are all the QoS capabilities been removed?
How your service-policy looks like?
If it falls in the types mentioned in the document linked above, it is an unsupported feature hence the "config fail" message.
05-31-2007 05:22 PM
The capabilities that where removed are any of the nbar settings. Basically one can't define custom nbar's anymore. The command is still there but it generates an error when trying to add a protocol to the list. Also 12.4-11.T2 has a bug in that it had removed all predefines like protocol h323 sip skinny, etc.. This part at least seems to have been rectified in 124-11.XW, except one can't define any nbar's. The other thing one was able to do is to set a service-policy on a Vlan (not just a tag). Here is a example of a config what it was in 12.4-4.T3 which worked perfectly for handling the QOS settings, but not anymore on any later versions.
ip nbar custom iax2 udp 4569 <--- not working any more
ip nbar custom RDP5 tcp 3389
class-map match-any Voice-Video_signaling
match protocol h323
match protocol sip
match protocol rtcp
match protocol mgcp
match protocol skinny
match protocol dns
class-map match-any Transactional_Data
match protocol exchange
match protocol sqlserver
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any Video_Payload
match protocol rtp video
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any Voice_Payload
match protocol iax2
match access-group name acl-voice-traffic
class-map match-any Best_Effort
match protocol icmp
match protocol http
match protocol secure-http
match protocol pop3
match protocol secure-pop3
match protocol smtp
match protocol ftp
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
class-map match-any Mission_Critical_Data
match protocol citrix
match protocol RDP5
match protocol kerberos
match protocol ldap
match protocol ntp
match protocol secure-ldap
match protocol ssh
match protocol syslog
match protocol icmp
class-map match-any Bulk_Data
match protocol netbios
match protocol printer
interface Vlan2
description L2$FW_INSIDE$
ip address 192.168.250.10 255.255.255.248
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip ospf network non-broadcast
ip ospf cost 10
service-policy output qos <-- not working any more but causing error.
05-31-2007 05:34 PM
Forgot to add the actual service policy map.
policy-map qos
class Voice_Payload
set dscp ef
bandwidth 1500
class Video_Payload
set dscp af41
class Voice-Video_signaling
set dscp cs3
bandwidth 64
class Mission_Critical_Data
set dscp af31
class Transactional_Data
set dscp af21
class Bulk_Data
set dscp af11
class Best_Effort
set dscp default
05-31-2007 06:09 PM
I do not see your config falling into the mentioned limitations so I suggest you open a case with the TAC for further investigation by cisco.
08-14-2007 04:31 AM
Hello,
can you tell me how you solved this problem?
Thank you,
Dan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: