03-26-2012 08:38 AM - edited 03-04-2019 03:48 PM
Hi,
I'm configuring an METRO WAN and get som strange result from my policy-map's. I have different VLAN's on the Metro links that I want to give certain characteristics, but for some reason the matching of VLAN seams to not work as I expected.
The routers are ISR 1921 running 15.1(4)M3
The config:
!
class-map match-any vrfOFFICE
match vlan 820-829
class-map match-any vrfMGM
match vlan 890-899
!
!
class-map match-any VOICE
match ip precedence 5
class-map match-any VIDEO
match ip precedence 4
class-map match-any PRIO
match ip precedence 2 3
!
!
policy-map OFFICE
class VOICE
set cos 5
priority 3000
class VIDEO
set cos 3
class PRIO
set cos 3
class class-default
set cos 0
!
!
policy-map MGM
class class-default
set cos 3
!
!
policy-map LOGICAL_NETWORKS
class vrfOFFICE
shape peak 10000000
service-policy OFFICE
class vrfMGM
bandwidth 1000
service-policy MGM
!
!
policy-map WAN
class class-default
shape average 10000000
service-policy LOGICAL_NETWORKS
!
!
interface GigabitEthernet0/1
description WAN
no ip address
duplex auto
speed auto
service-policy output WAN
!
interface GigabitEthernet0/1.820
description WAN - OFFICE
encapsulation dot1Q 820
vrf forwarding OFFICE
ip address 10.xx.xx.xx 255.255.255.224
ip pim sparse-mode
ip router isis tagOFFICE
isis authentication mode md5
isis authentication key-chain ISIS
!
interface GigabitEthernet0/1.890
description WAN - MGM
encapsulation dot1Q 890
vrf forwarding MGM
ip address 10.yy.yy.yy 255.255.255.224
ip router isis tagMGM
isis authentication mode md5
isis authentication key-chain ISIS
!
If I check the policy-map on the interface, most (but not all) of the traffic is hitting the default-class:
Site_A#sh policy-map int g0/1 | i Class-map|offered
Class-map: class-default (match-any)
5 minute offered rate 105000 bps, drop rate 0 bps
Class-map: vrfOFFICE (match-any)
5 minute offered rate 1000 bps, drop rate 0 bps
Class-map: VOICE (match-any)
5 minute offered rate 0 bps, drop rate 0 bps
Class-map: VIDEO (match-any)
5 minute offered rate 0 bps, drop rate 0 bps
Class-map: PRIO (match-any)
5 minute offered rate 0 bps, drop rate 0 bps
Class-map: class-default (match-any)
5 minute offered rate 1000 bps, drop rate 0 bps
Class-map: vrfMGM (match-any)
5 minute offered rate 1000 bps, drop rate 0 bps
Class-map: class-default (match-any)
5 minute offered rate 1000 bps, drop rate 0 bps
Class-map: class-default (match-any)
5 minute offered rate 103000 bps, drop rate 0 bps
I've read that the match VLAN's could be used for classification, could it be that it only works on Ingress interfaces? But why then are some of the traffic matching? I could understand it if none of the traffic matched, but some of the traffic is actually matched in the "vrfOFFICE" and "vrfMGM" class.
On the next site, most of the traffic match:
Site_B#sh policy-map int g0/1 | i Class-map|offered
Class-map: class-default (match-any)
5 minute offered rate 18000 bps, drop rate 0 bps
Class-map: vrfOFFICE (match-any)
5 minute offered rate 15000 bps, drop rate 0 bps
Class-map: VOICE (match-any)
5 minute offered rate 0 bps, drop rate 0 bps
Class-map: VIDEO (match-any)
5 minute offered rate 0 bps, drop rate 0 bps
Class-map: PRIO (match-any)
5 minute offered rate 0 bps, drop rate 0 bps
Class-map: class-default (match-any)
5 minute offered rate 15000 bps, drop rate 0 bps
Class-map: vrfMGM (match-any)
5 minute offered rate 1000 bps, drop rate 0 bps
Class-map: class-default (match-any)
5 minute offered rate 1000 bps, drop rate 0 bps
Class-map: class-default (match-any)
5 minute offered rate 4000 bps, drop rate 0 bps
At the headend there is a couple of ME3600X with similar config, and those seams to work as I expected.
So, what am I missing here...
03-29-2012 08:25 AM
Answer from TAC:
As per our discussion, match vlan command which you are using under the class map is supported on 10 K platforms only. This command was specially introduced for 10 K router.
A bit strange then that the command is present in the ISR routers, and even more confusing that is works on one but not another identical router. Anyway, I reconfigured - marking with qos-groups in ingress interface and match the qos-groups on outgoing. So I got the functionallity I needed...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide