Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
0
Helpful
2
Replies

QoS issue with access-lists

jbluciani
Level 1
Level 1

‎04-14-2008 09:55 AM - edited ‎02-21-2020 01:58 AM

Hello,

I would like to create on a CE router a different QoS depending on 2 traffic types: web and the rest. The idea is to give to a less important application (the web) only 30% of the bandwidth.

My problem is that, with the following configuration, all the traffic match the highest priority access-list without matching the less priority access-list (0 match, even when the link is full).

Do you have an idea why ?

Regards,

Jean-Baptiste

The config is the following one:

----------------------

class-map match-any PRIOR_IN

match access-group name ALL

class-map match-any WEB_IN

match access-group name WEB

!

class-map match-any PRIOR_OUT

match ip dscp af21

class-map match-any WEB_OUT

match ip dscp af11

!

policy-map mark

class PRIOR_IN

set ip dscp af21

class WEB_IN

set ip dscp af11

!

policy-map etm

class PRIOR_OUT

bandwidth remaining percent 70

random-detect dscp-based

class WEB_OUT

bandwidth remaining percent 30

random-detect dscp-based

!

interface FastEthernet0/0

service-policy input mark

!

interface Serial0/0/0:1

service-policy output etm

!

ip access-list extended ALL

permit ip any any

ip access-list extended WEB

permit tcp any any eq www

!

0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎04-14-2008 04:40 PM

Jean-Baptiste

The problem is you are marking all traffic as dscp af21 because of the order in your policy-map mark. So change the order here ie.

policy-map mark

class PRIOR_IN

set ip dscp af21

class WEB_IN

set ip dscp af11

should be

policy-map mark

class WEB_IN

set ip dscp af11

class PRIOR_IN

set ip dscp af21

This way web traffic will be correctly marked with af11.

Jon

0 Helpful

mheusing
Cisco Employee
Cisco Employee

‎04-14-2008 10:27 PM

Hi,

Jon spotted the problem in your initial configuration and gave a working solution. A potentially more simple solution:

policy-map mark

class WEB_IN

set ip dscp af11

class class-default

set ip dscp af21

The class "class-default" is always present and has the definition of "match any", which means all the rest of traffic not matched in any other class before. This will achieve the same result as your ACL ALL matching all IP traffic.

Hope this helps! Please use the rating system.

Regards, Martin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card