Hello, I have issue with our new Cisco ASR 1001-X.
Problem is in service-policy
Cisco IOS XE Software, Version 03.13.02.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(3)S2, RELEASE SOFTWARE (fc3)
System image file is "bootflash:/asr1001x-universalk9.03.13.02.S.154-3.S2-ext.SPA.bin»
License Level: ipbase
cisco ASR1001-X (1NG) processor (revision 1NG) with 3751704K/6147K bytes of memory.
Processor board ID FXS1909Q0GX
6 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
8388608K bytes of physical memory.
6688767K bytes of eUSB flash at boot flash:.
Configuration register is 0x2102
Basic configuration:
version 15.4
no service pad
clock timezone GMT 3 0
!
bridge irb
!
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
speed 1000
no negotiation auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
!
end
Problem description:
After Cisco starts service-policy shaper not loading and interfaces with policy not working (unreachable).
Workaround is:
interface Gi0/0/0
no service-policy input test
service-policy input test
After this commands interface is reachable.
When I add new host in access-list, service-policy for this host also not working. Workaround helps.
Example:
object-group network test
host 192.168.1.5
ip access-list extended test
permit ip object-group test any
permit ip any object-group test
class-map match-any test
match access-group name test
policy-map test
class test
police rate 2000000 conform-action transmit exceed-action drop violate-action drop
class class-default
police 8000 conform-action drop exceed-action drop violate-action drop
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
speed 1000
no negotiation auto
service-policy input test
service-policy output test
After this commands service-policy working for ip address 192.168.1.5.
Remove host from object-group test:
object-group network test
no host 192.168.1.5
Service policy still working!
interface GigabitEthernet0/0/0
no service-policy input test
no service-policy output test
service-policy input test
service-policy output test
After few commands, there is all right.
Tested firmware:
asr1001x-universalk9.03.13.02.S.154-3.S2-ext.SPA.bin
asr1001x-universalk9.03.14.00.S.155-1.S-std.SPA.bin
asr1001x-universalk9.03.15.00.S.155-2.S-std.SPA.bin
For the Cisco CSR1000V, everything working right, as expected:
Cisco IOS XE Software, Version 03.14.01.S - Standard Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(1)S1, RELEASE SOFTWARE (fc1)
Cisco working with applet, because sometimes service-policy not working again:
event manager applet periodic
event timer cron cron-entry "* * * * *"
action 1.0 cli command "enable"
action 1.1 cli command "config t"
action 1.2 cli command "interface GigabitEthernet0/0/0"
action 1.3 cli command "no service-policy input INET_SHAPER"
action 1.4 cli command "no service-policy output INET_SHAPER"
action 1.5 cli command "exit"
action 2.0 wait 1
action 2.1 cli command "interface GigabitEthernet0/0/0"
action 2.2 cli command "service-policy input INET_SHAPER"
action 2.3 cli command "service-policy output INET_SHAPER"
action 2.4 cli command "end"
action 2.5 cli command "exit"
action 3.0 syslog priority warnings msg "Service Policy restarted." facility "UPDOWN"
action 3.1 set _exit_status "0"
action 3.2 exit
