we are migrating our VPN Hub routers from ISR 3825 to ISR 4451-X. With the 4451-X everything works fine, except the per-tunnel qos. When a spoke is signaling its nhrp group, the hub returns this error message
%NHRP-3-QOS_POLICY_APPLY_FAILED: Failed to apply QoS policy SHAPE_BW2000 mapped to NHRP group BW2000 on interface Tunnel0, to tunnel x.x.x.x due to policy installation failure
The router installs the qos policy only when the policy is empty. So there is no action like "shape average" or a child policy.
This is an example of my qos configuration for one group:
Any suggestions? Are there any changes I have to do in the configuration? I've tried many variations without any success. Only a policy-map like this is acceppted:
But this policy is useless.
I've read about a bug, that there was a limitation to max. 8 spokes on the tunnel with ASR901 CSCts62082
Currently there are 82 spokes connected to this router.
Solved! Go to Solution.
What is the firmware version you are running?
Do you have license "appxk9" enabled?
What is the source interface for your tunnel?
im currently running Cisco IOS XE Software, Version 03.10.04.S, Version 15.3(3)S4
but I've already tried newer versions without success.
No, appxk9 is not enabled. Installed licences are: securityk9, ipbasek9, hseck9, throughput
The source interface of the tunnel is GigabitEthernet0/0/1
On the source interface is no qos policy applied (this is recommended in config guides)
I've tried this, activating the appxk9 eval licence. No change.
I'm only doing a normal QoS, no application routing or acceleration. So appx shouldn't matter.
Did you reload the router (after you enabled the license) and reapplied the policy after?
Could you provide "show lic" and "show ver".
after the reboot it acutally works! So you really need the appx license for qos!
Very very poor by cisco!!! There is no hint, neither in the documentation nor in the ordering guide.
Thanks for your help.
I know this issue has been resolved but maybe this link could help future comers. It is basically what has already been confirmed hear.
Per-Tunnel QoS for DMVPN
On ISR 4K series routers, you have to enable the appxk9 license for per-tunnel QOS feature. If you do not enable the appxk9 license, the commands are accepted but the QoS feature will not be enabled on tunnels.