11-19-2021 07:09 AM
Hi,
The scenario here is a WAN router connected by port channel to a pair of Nexuses. Obviously it's VPC at the Nexus end but I don't think the router needs to know that. We want to use nbar to mark incoming traffic, to make sure everything has the correct DSCP to suit the WAN provider. Where should this be configured, on the Port Channel interface, or on the member interfaces? If I understand correctly I am being told that it won't accept the service policy applied on the Port Channel. It's a live customer system so we can only test during pre-agreed change windows.
Currently it has the service policy on both member interfaces, and " ip nbar protocol-discovery" on member interfaces and on also the Port Channel. With this configuration the policy is not matching anything, packet counts only appear under class-default, although strangely the rate is zero for class-default as well.
Any comment welcome,
Thanks, Tony S
11-19-2021 07:36 AM
Hello
Are you trying remark the traffic or classify upon already marked traffic?
You should be able to apply service-policys not only to specific interfaces including PC's (ingress only for l2) but also to vlans or even system wide.
11-22-2021 04:32 AM
It's a mixture of both. Some of the traffic like voice should already be correctly marked by the time it reaches the router, but the priority data applications will not be marked. So this will be an input service policy, on either the Port Channel, or on the member interfaces. It's just not clear how it should work given that it doesn't appear to be effective if applied to the member interfaces, and apparently cannot be applied to the port channel.
11-22-2021 06:18 AM
Hello Tony
would it be possible to provide an example of what you are trying to achieve may be a simple topology diagram attached!
11-22-2021 06:58 AM - edited 11-22-2021 07:00 AM
See attached, hopefully this helps. On the LAN side the router connects with two Ethernet interfaces, but since these are configured as an Etherchannel much of the functional LAN configuration is applied to the port channel interface, rather than the member ports. On the WAN side it is again an Ethernet interface, but since this is a DMVPN much of the functional configuration is applied to the tunnel interface rather than the egress i/f.
11-24-2021 05:19 AM
When trying to apply the ingress policy to the Port Channel interface, we get an error ...
ROUTER(config)#int port-channel 1 ROUTER(config-if)#service-policy input LAN-MARKING service-policy input LAN-MARKING not supported on this target
11-24-2021 06:02 AM
Hello Tony
Apologies my mistake I was on the understanding the qos was being applied to the nexus not the rtr, TBH I don’t think (as the rtr is showing) qos service-policy allowed on aggregation ports- as an alternative you could mark on the nexus and trust on the rtr.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide