Re: Strange issue with Outgoing access-list and QoS

paris2london · ‎08-01-2008

Hi all

I have the following issue, which I guess may be due to my IOS version.

IOS (tm) 3700 Software (C3745-IK9S-M), Version 12.3(6b), RELEASE SOFTWARE (fc1)

When I apply an outgoing access-list to an interface, my QoS shaping ceases to function. When I remove the access-list the QoS shaping kicks in.

In this version of IOS are security access-lists and QoS shaping mutually exclusive? or do I need to configure additional paramaters.

Any ideas?

tdrais · ‎08-01-2008

Check this link.

On output acl are processes before most QoS. It does not explicitly say shaping but I suspect it is done after the ACL.

paris2london · ‎08-01-2008

Thanks for that.

I read the article, and the output ACL is processed before QoS.

My outgoing access-list has the 'reflect' option and is not processed, when I remove the 'relect' option, QoS kicks in.

Any ideas.

tdrais · ‎08-01-2008

This is strange since reflexive acl modify the incoming access list and should not really affect the outbound traffic.

Sounds like a bug but its been a while since I used reflexive access lists. I generally use CBAC but you need the firewall feature set to do that.

This one sounds like a good case to call the TAC if you have a service agreement.