cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2473
Views
0
Helpful
17
Replies

Marking FE traffic for QOS process

locus2007
Level 1
Level 1

Hallo,

I need mark traffic from specific FE switch port on C1802 when in goes thrue Dialer there is done some Qos process.

How can I do this on FE 8 if all ports are in BVI1?

I tryed IP based marking that is not good in case of DHCP clinets off course.

!

interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
!

!
interface Vlan1
  no ip address
  bridge-group 1
  !

interface BVI1

description $ES_LAN$$FW_INSIDE$

ip address 192.168.X.X 255.255.255.0

no ip redirects

no ip unreachables

ip nbar protocol-discovery

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly

zone-member security in-zone

ip tcp adjust-mss 1452

!

!
bridge 1 protocol ieee
bridge 1 route ip
!

Thanks,

Urbanek

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Mark,

you may only approximate this with an extended ACL that matches source ip address of device connected to Fas8 and then you apply a policy-map inbound on BVI interface

Hope to help

Giuseppe

View solution in original post

17 Replies 17

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Mark,

you may only approximate this with an extended ACL that matches source ip address of device connected to Fas8 and then you apply a policy-map inbound on BVI interface

Hope to help

Giuseppe

Thanks, I have on mind to mark all trafic from FE8 -> DSCP er, and then I will after NAT on Dialer make policy-map to search for DSCP er and give bulk.

Yes there is no posibility to mark Ethernet port as origin of traffic. So must be done on IP address or protocol.

You can create policy-map and attach this policy-map to the FE 8 interface

.

policy-map DSCP-EF

class class-default

set dscp ef

interface fastethernet 8

service-policy input DSCP-EF

You can change the DSCP marking to the intended one in your configuration.

Regards

Edison

Thanks I tryed this

look - I have it on FE6 now I know, for testing only on FE6 is my testing notebook that generate traffic

class-map match-any Dialer1_out
match  dscp ef

class-map match-any class_local_FE8_mark
match access-group name Rule_local_FE8_mark

policy-map CCP-QoS-Policy-1
class Dialer1_out
    priority percent 33

policy-map CCP-QoS-Policy-1
class Dialer1_out
    priority percent 33

policy-map policy_local_FE8_mark
class class_local_FE8_mark
  set dscp ef

!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
service-policy input policy_local_FE8_mark
!
interface FastEthernet7
!
!
interface FastEthernet8
!

interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
ip mtu 1492
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname X
ppp chap password 0 X
ppp pap sent-username X password 0 X
no cdp enable
!
service-policy output CCP-QoS-Policy-1

!

ip access-list extended Rule_local_FE8_mark
remark CCP_ACL Category=256
permit ip any any

but all trafic is in class-default and not in Dialer1_out class

If I understand you correctly, you want to mark all traffic entering switchport FE 8 to a certain DSCP value.

I recommended to use the class class-default on a policy-map but I don't see that in your configuration.

You are matching on ip protocol, this won't work.

Please try the config I posted before and once you do, generate traffic that enters FE 8 and post the show policy-map interface output.


Regards

Edison.

Yes based on your recomend now I got

policy-map DSCP_EF
class class-default
  set dscp ef

interface FastEthernet6
!
service-policy input DSCP_EF
service-policy output DSCP_EF
!

Router#show policy-map interface output
FastEthernet6

  Service-policy output: DSCP_EF

    Class-map: class-default (match-any)
      232 packets, 13920 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
      QoS Set
        dscp ef
          Packets marked 0

Now i get that packets on class-default on port FE6 there is ping command

Now are packets marked with ef?

So I can make other policy on dialer to look for EF and then make qos?

I recommend to mark on input, yet you applied the service-policy on input and output direction.

Your 'show policy-map interface' only includes the output from the 'service-policy output', I need to see the 'service-policy input' as well - that's where packets must be marked.

If you noticed in the output

QoS Set
        dscp ef
          Packets marked 0

No packets were marked while leaving the port, the intention is to mark packets as they enter the port.

What I need from you is to remove the 'service-policy output' from FE6 and post back with the 'show policy-map interface' with only the input policy-map applied.

Regards

Edison.

Thank you that you spend time with this.

policy-map DSCP_EF
class class-default
  set dscp ef

interface FastEthernet6
!
service-policy input DSCP_EF
!

ping command still goes and I tried also come TCP traffic (WWW browsing)

Router#show policy-map interface
FastEthernet6

  Service-policy input: DSCP_EF

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
      QoS Set
        dscp ef
          Packets marked 0

I noticed packets marked 0 after sending last reply.

And you are sure traffic is entering FE 6?

Clear the counters and post the output from typing 'show interface f6' and 'show policy-map interface'

Regards

Edison

I look at http://www.cisco.com/en/US/partner/docs/ios/qos/configuration/guide/mrkg_netwk_traffic_ps10591_TSD_Products_Configuration_Guide_Chapter.html

and didn't  found nothing wrong.

IOS 15.0.1M

Router#clear counters fastEthernet 6
Clear "show interface" counters on this interface [confirm]
Router#show interfaces fastEthernet 6
FastEthernet6 is up, line protocol is up
  Hardware is FastEthernet, address is 0021.5556.35d5 (bia 0021.5556.35d5)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:00:37
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1000 bits/sec, 2 packets/sec
  5 minute output rate 2000 bits/sec, 3 packets/sec
     75 packets input, 5836 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     111 packets output, 8830 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

And it increase.


Router#show interfaces fastEthernet 6
FastEthernet6 is up, line protocol is up
  Hardware is FastEthernet, address is 0021.5556.35d5 (bia 0021.5556.35d5)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:00:39
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1000 bits/sec, 2 packets/sec
  5 minute output rate 1000 bits/sec, 2 packets/sec
     79 packets input, 6148 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     116 packets output, 9206 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Router#

And still same.

Router#show policy-map interface
FastEthernet6

  Service-policy input: DSCP_EF

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
      QoS Set
        dscp ef
          Packets marked 0

Is not problem in BVI1 ?

Hello,

I think the problem is that Fas6 is a port of an etherswitch module in an ISR router.

Probably QoS features are not supported on Etherswitch ports.

let's see the restrictions section of the link you have provided:

Traffic marking can be configured on an interface, a subinterface, or an ATM permanent virtual circuit (PVC). Marking network traffic is not supported on the following interfaces:

Any interface that does not support CEF

ATM switched virtual circuit (SVC)

Fast EtherChannel

PRI

Tunnel

Fas6 should be a L2 only port  that does not support CEF.

Hope to help

Giuseppe

It looks real, all I can find is

10/100 LAN Switch

Eight 10/100BASE-T fully managed switch ports with 802.1Q VLAN and 802.3af PoE support

Review Cisco Networking for a $25 gift card