policy-map with set ip dscp not working

c4xadministrator · ‎02-12-2014

Hello everyone,

I currently have the following configuration setup on a Cisco 2901 router. However, the configuration isn't work as expected. The expected outcome is for the dscp values to be assigned as they leave the WAN interface. However, the values aren't being set (verified with tcp dump). Any help would be greatly

appreciated.

class-map match-all VIDEO-TCP

match access-group name VIDEO-TCP

class-map match-all VIDEO-UDP

match access-group name VIDEO-UDP

policy-map WAN_PM

class VIDEO-TCP

set ip dscp cs3

class VIDEO-UDP

set ip dscp af41

interface GigabitEthernet0/0

service-policy output WAN_PM

ip access-list extended VIDEO-TCP

permit tcp xxx.xxx.xxx.16 0.0.0.7 any

permit tcp any xxx.xxx.xxx.16 0.0.0.7

ip access-list extended VIDEO-UDP

permit udp xxx.xxx.xxx.16 0.0.0.7 any

permit udp any xxx.xxx.xxx.16 0.0.0.7

paul driver · ‎02-12-2014

Hello

Try to apply your dscp marking ingress on the LAN interface of your router and amend your acl's

ip access-list extended VIDEO-TCP
permit tcp x.x.x.x y.y.y.y 16.0.0.0

ip access-list extended VIDEO-UDP
permit UDP x.x.x.x y.y.y.y 16.0.0.0

Int xx(LAN interface)
Service-policy input policy-map

Res
Paul

Sent from Cisco Technical Support iPad App

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

c4xadministrator · ‎02-13-2014

I'm not tracking. I need it to apply as it leaves the outbound interface.

John Blakley · ‎02-13-2014

Can you post "show policy-map interface"?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

c4xadministrator · ‎02-13-2014

show policy-map yields no results (e.g. no counter increases)

Class-map: VIDEO-TCP (match-all)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: access-group name VIDEO-TCP

QoS Set

dscp cs3

Packets marked 0

Class-map: VIDEO-UDP (match-all)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: access-group name VIDEO-UDP

QoS Set

dscp af41

Packets marked 0

Class-map: class-default (match-any)

9484 packets, 1961637 bytes

5 minute of

paul driver · ‎02-13-2014

Hello

Dont understand what you mean by tracking - if you mark the traffic as in enters your wan router from you lan then as it egresses out of the wan interface it will have it defined traffic marked with the the dscp.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

c4xadministrator · ‎02-13-2014

Same result even if on the LAN

Jon Marshall · ‎02-13-2014

Aaron

It sounds like you may not be matching on the correct IPs which we can't verify because you haven't posted them.

Also is NAT involved anywhere ?

Perhaps if you could you provide a few more details.

In addition what is the IOS version ?

Jon

John Blakley · ‎02-13-2014

This definitely should work. I agree with Jon about not matching the correct addresses. Is there a way that you could post your complete interface config? This works fine on 12.4 in GNS, and I have sites running 15.2 that it works well on as well.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

paul driver · ‎02-13-2014

Hello

Looks possibly like you acl's are incorrect

I have just tested this and it works for me.

ip access-list extended UDP

permit udp any host 3.3.3.3 eq tftp

ip access-list extended icmp

permit icmp host 111.111.111.111 host 133.133.133.33 echo

permit icmp host 133.133.133.33 host 111.111.111.111 echo-reply

ip access-list extended tcp

permit tcp host 1.1.1.1 host 3.3.3.3 eq telnet

class-map match-all ICMP

match access-group name icmp

match input-interface FastEthernet0/0

class-map match-all UDP

match access-group name UDP

match input-interface FastEthernet0/0

class-map match-all TCP

match access-group name tcp

match input-interface FastEthernet0/0

policy-map TST

class ICMP

set dscp af12

class TCP

set dscp af23

class UDP

set dscp cs4

interface FastEthernet0/0

Description LAN Interface

service-policy input TST

sh policy-map interface fa0/0

FastEthernet0/0

Service-policy input: TST

Class-map: ICMP (match-all)

100 packets, 11400 bytes

5 minute offered rate 3000 bps, drop rate 0 bps

Match: access-group name icmp

Match: input-interface FastEthernet0/0

QoS Set

dscp af12

Packets marked 100

Class-map: TCP (match-all)

10 packets, 606 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name tcp

Match: input-interface FastEthernet0/0

QoS Set

dscp af23

Packets marked 10

Class-map: UDP (match-all)

4 packets, 240 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name UDP

Match: input-interface FastEthernet0/0

QoS Set

dscp cs4

Packets marked 4

Class-map: class-default (match-any)

13 packets, 795 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul