Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
995
Views
0
Helpful
2
Replies

Class-map matching issues

michaelterrero
Level 1
Level 1

‎11-13-2019 07:12 AM

Hi all,

 

Something is not making sense to me.

I have a catch all ACL against my class-map but some traffic seems to be matching against the default class-map

this is on a ASR router running Version 03.13.10.S

 

ip access-list extended VOICE
permit ip any any dscp ef
!
ip access-list extended ALL
permit ip any any
!
class-map match-all ALL
match access-group name ALL
!
class-map match-all VOICE
match access-group name VOICE
!
policy-map CLASS-INBOUND
class VOICE
set dscp ef
class ALL
set dscp af41
!

show policy-map inter xxxxx

Service-policy input: CLASS-INBOUND

Class-map: VOICE (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICE
QoS Set
dscp ef
Marker statistics: Disabled

Class-map: ALL (match-all)
45976 packets, 21451076 bytes
5 minute offered rate 330000 bps, drop rate 0000 bps
Match: access-group name ALL
QoS Set
dscp af41
Marker statistics: Disabled

Class-map: class-default (match-any)
6 packets, 384 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps

!

so the counters are not residual information, the counter does keep increasing on the default class-map albeit at a slow pace. 

i am just confused how some packets are slipping past the catch all ACL.

 

i realize the match dscp ef then set ef clause wouldnt make sense at first. its like a catch 22 at first glance.  There is a node downstream already setting voice packets with EF, i just dont know of a way to say "match packets with dscp ef and do nothing"

like if the policy-map statement was just blank versus "set dscp ef" if that would do the trick.

Labels:
0 Helpful
2 Replies 2

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎11-13-2019 08:39 AM - edited ‎11-13-2019 09:05 AM

This might be a TAC question, but assuming it's not some bug, perhaps those default packets are not IP, like CDP?

BTW, if there's a node "downstream" marking EF, then your policy would not see the EF markings, correct? If you meant to say "upstream", you could:

ip access-list extended VOICE
permit ip any any dscp ef
!
ip access-list extended ALL
deny ip any any dscp ef

permit ip any any
!
class-map match-all ALL
match access-group name ALL
!
class-map match-all VOICE
match access-group name VOICE
!
policy-map CLASS-INBOUND
class VOICE
set dscp ef
class ALL
set dscp af41

 

The EF marked packets would then hit class-default, and pass without remarking.  It's also possible to do away with the ACLs, like:

 

class-map match-all ALL

match not dscp ef

 

 

0 Helpful

michaelterrero
Level 1
Level 1
In response to Joseph W. Doherty

‎11-13-2019 09:58 AM

oh i like that. your config is much cleaner.

 

Yeah i feel silly not noticing i am matching IP packets and to check for non-IP packets. I did additional match statements for other non-IP flows but i am still seeing matches against the default class-map. (CDP is disabled globally in my case)

What i meant to say about upstream/downstream is that i have a node that physically hangs off of my interface. That node is the gateway for the LAN that hangs off of it and it sets voice packets to EF, no idea what it marks everything else. But the idea was to increase the priority of the data packets w/o decreasing the priority of voice packets. which my config would do just fine, but your config is cleaner so i will move to that.

 

0 Helpful
Customers Also Viewed These Support Documents