Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
4
Replies

QoS with access lists not working

Alessandro Zucchini
Level 1
Level 1

‎05-18-2011 09:59 PM - edited ‎03-04-2019 12:26 PM

Hi everybody,

i have a stack of 3750 (WS-C3750G-24TS-1U with IOS 12.2(53)SE2).

This is the conf I have:

!

class-map match-all DC_SC-to-DC_UW

match access-group 100

class-map match-all DC_SC-to-WAN

match access-group 101

class-map match-all D2D_Backup

match access-group 102

!

policy-map Traffic-from-SC_DC

class DC_SC-to-DC_UW

  police 200000000 1000000 exceed-action drop

class DC_SC-to-WAN

  police 800000000 1000000 exceed-action drop

policy-map D2D_Backup_Rate

class D2D_Backup

  police 100000000 1000000 exceed-action drop

!

{...}

interface GigabitEthernet1/0/24

description Downling_to_Edge

switchport access vlan 2

switchport mode access

speed 1000

duplex full

service-policy input Traffic-from-SC_DC

!

{...}
access-list 100 permit ip 168.217.144.0 0.0.0.255 168.217.146.0 0.0.0.255
access-list 100 permit ip 10.240.3.0 0.0.0.255 10.240.128.0 0.0.0.255
access-list 100 permit ip 10.240.4.0 0.0.0.255 10.240.129.0 0.0.0.255
access-list 100 permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 100 permit ip 168.217.144.0 0.0.0.255 10.240.129.0 0.0.0.255
access-list 101 permit ip any any
and the service policy is not catching any traffic at all. qosing is not working.
Plus the access lists are not catching anything either.
sw#sh ip access-lists 100
Extended IP access list 100
    10 permit ip 168.217.144.0 0.0.0.255 168.217.146.0 0.0.0.255
    11 permit ip 10.240.3.0 0.0.0.255 10.240.128.0 0.0.0.255
    12 permit ip 10.240.4.0 0.0.0.255 10.240.129.0 0.0.0.255
    13 permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
    14 permit ip 168.217.144.0 0.0.0.255 10.240.129.0 0.0.0.255
sw#sh ip access-lists 101
Extended IP access list 101
    10 permit ip any any
I configured a span port and did packet sniffing --> i can see traffic between the subnets inside the access lists, in both direction.
Vlan 2 is the vlan i use to do eigrp with the device directly connected to port 1/0/24.
!
interface Vlan2
ip address 10.122.0.2 255.255.255.240
!
router eigrp 100
network 10.122.0.0 0.0.0.15
!
Any idea?
Thanks.

Labels:
0 Helpful
4 Replies 4

Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎05-18-2011 10:42 PM

Hi,

  Please post "Switch#show mls qos" If it's not enable , pls do "mls qos" command on global configuration mode.

HTH,

Toshi

0 Helpful

Alessandro Zucchini
Level 1
Level 1
In response to Thotsaphon Lueangwattanaphong

‎05-18-2011 11:01 PM

sw#sh mls qos

QoS is enabled

QoS ip packet dscp rewrite is enabled

thanks. i tried that before posting my original thread.

0 Helpful

Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to Alessandro Zucchini

‎05-19-2011 12:19 AM

Hi,

   It seems you won't see the hits on ACLs applied on policy-map. You cannot use "show policy-map interface" to see the output on C3750 as well. You can check the policy working or not by using  "show mls qos interface g1/0/2 statistics | include Policer: Inprofile:"

HTH,

Toshi

0 Helpful

Florin Barhala
Level 6
Level 6

‎05-19-2011 01:32 AM

Hello,

You will not see any hits on the ACLs either QoS works or not. On the other hand try to limit/police traffic harder, instead of 800mbps limit it to 20Mbps and see it done.

If all these will fail, you have to use srr-queue configuration. I will try these days a lab config to properly test it.

0 Helpful
Customers Also Viewed These Support Documents