Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1894
Views
0
Helpful
4
Replies

Applying Policy-map to 2960X LanBase switch

Go to solution
NeilT2
Level 1
Level 1

‎01-17-2020 07:05 AM

Hi All,

 

I'm trying, and failing, to apply an input service-policy to either a physical or Vlan interface.  The policy is Marking and from what I've read this should be achievable. The current config is listed below.  Any comments would be welcome.

 

Cheers

 

mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 2
mls qos srr-queue output cos-map queue 3 threshold 3 1
mls qos srr-queue output cos-map queue 4 threshold 3 0 3 4 6 7
mls qos srr-queue output dscp-map queue 1 threshold 3 30 46
mls qos srr-queue output dscp-map queue 2 threshold 1 18
mls qos srr-queue output dscp-map queue 2 threshold 3 22 28
mls qos srr-queue output dscp-map queue 3 threshold 2 10
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 3 8 9 11 12 13 14 15 16
mls qos srr-queue output dscp-map queue 4 threshold 3 17 19 20 21 23 24 25 26
mls qos srr-queue output dscp-map queue 4 threshold 3 27 29 31 32 33 34 35 36
mls qos srr-queue output dscp-map queue 4 threshold 3 37 38 39 40 41 42 43 44
mls qos srr-queue output dscp-map queue 4 threshold 3 45 47 48 49 50 51 52 53
mls qos srr-queue output dscp-map queue 4 threshold 3 54 55 56 57 58 59 60 61
mls qos srr-queue output dscp-map queue 4 threshold 3 62 63
mls qos queue-set output 1 threshold 1 200 200 50 400
mls qos queue-set output 1 threshold 2 700 1000 50 400
mls qos queue-set output 1 threshold 3 200 200 50 400
mls qos queue-set output 1 threshold 4 1000 1000 50 400
mls qos queue-set output 1 buffers 10 50 10 30
mls qos

class-map match-any EDGE-MARKING-DSCP30
description Voice signalling
match access-group name Voice-signalling-DSCP30
class-map match-any EDGE-MARKING-DSCPEF
description Voice
match access-group name Voice-EF
class-map match-any EDGE-MARKING-DSCP22
description High priority data drop threshold 3
match access-group name High-priority-data3-DSCP22
class-map match-any EDGE-MARKING-DSCP10
description Video
match access-group name Video-DSCP10
class-map match-any EDGE-MARKING-DSCP28
description Network mgmt
match access-group name Network_mgmt-DSCP28
class-map match-any EDGE-MARKING-DSCP18
description High priority data2
match access-group name High-priority-data1-DSCP18
class-map match-any default
description default traffic
match protocol ip
!
policy-map ACCESS-EDGE-MARKING
class EDGE-MARKING-DSCPEF
set ip dscp ef
class EDGE-MARKING-DSCP18
set ip dscp af21
class EDGE-MARKING-DSCP22
set ip dscp af23
class EDGE-MARKING-DSCP28
set ip dscp af32
class EDGE-MARKING-DSCP30
set ip dscp af33
class EDGE-MARKING-DSCP10
set ip dscp af11
class default
set ip dscp default

 

example of access-lists

ip access-list extended DACP_ENHANCED2
remark Citrix_licence_server
permit tcp any eq 27000 any
permit tcp any any eq 27000
ip access-list extended DACP_PREMIUM
remark Tandberg_VC
permit ip any host 172.24.45.231
permit ip any host 172.24.60.231
ip access-list extended High-priority-data1-DSCP18
remark DIR_STREAMING
permit tcp any eq 7510 any
permit tcp any any eq 7510
ip access-list extended High-priority-data3-DSCP22
remark Citrix_licence_server
permit tcp any eq 27000 any
permit tcp any any eq 27000
ip access-list extended Network_mgmt-DSCP28
remark Network management
permit tcp 172.24.0.0 0.0.255.255 any eq 22
permit tcp 172.24.0.0 0.0.255.255 eq 22 any
ip access-list extended Video-DSCP10
remark SKYPE_FOR_BUISINESS_VIDEO
permit tcp any range 50020 50039 any
permit udp any range 50020 50039 any
ip access-list extended Voice-EF
remark VOICE
permit udp any any range 49000 65535
permit udp any any eq 5482
ip access-list extended Voice-signalling-DSCP30
remark CISCO_RTP_SIGNALLING_EDGE
permit udp any any eq 50

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
NeilT2
Level 1
Level 1

‎01-23-2020 11:49 PM

Solution.

After running several tests I have found the solution so I thought I'd add it here so anyone else experiencing the same issue might find this useful.

 

The documentation states extended access lists can be used to classify traffic.  This is true but the extended access-list must be a numbered access-list i.e 100-999.  Named access-lists do not work.

I also found a second issue.  You cannot attach a policy-map to an interface when the class-default queue is configured with the 'match protocol ip'.  If you remove the 'match protocol ip' command from the class-default queue it works.

 

I hope this helps anyone experiencing issues with applying Policy-maps to interfaces.

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-17-2020 07:28 AM

Hi
lanbase supports policy maps on the interface ? , i would of thought you need minimum iplite , thats an ip feature your applying to a layer 2 software, where did you see it supported ?

is it giving an error when you try an apply it ?
0 Helpful

Go to solution
NeilT2
Level 1
Level 1
In response to Mark Malone

‎01-19-2020 11:49 PM - edited ‎01-19-2020 11:50 PM

Hi Mark,

The switch is running LANBase.  Why do you believe I might need IPLite?  Is it because I'm using Extended access-lists?  The documentation doesn't state which type of access-lists can be used with LANBase software.  I'm fairly sure the config isn't taking because of a restriction between the software/licensing and the configuration, I just cant see why and I haven't found any documentation that provides the answer.

There are no error messages.

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to NeilT2

‎01-20-2020 12:28 AM - edited ‎01-20-2020 12:46 AM

i had 2960s before quite a few but most are gone now and i thought from memory any of the features like that were under iplite , manual mqc qos

 

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/qa_c67-728348.html

A. The differences between the three Cisco IOS Software feature sets are:

● LAN Lite feature set has entry-level Layer 2 features and is targeted at midmarket deployments

● LAN Base feature set comes with advanced Layer 2 features and is typically targeted at enterprise customers

● IP Lite feature set comes with enterprise access Layer 3 features and is typically targeted at enterprise customers

looks like license cant be changed anyway

Q. Do I need a software license for the Cisco Catalyst 2960-X Series Switches?
A. No. Cisco Catalyst 2960-X Series Switches use the Universal image, but no license is required. The feature set is bound to the hardware model type and cannot be changed. For convenience, a single software image is used for all Cisco Catalyst 2960-X and 2960-XR switches, regardless of whether they are IP Lite, LAN Base, or LAN Lite models.

0 Helpful

Go to solution
NeilT2
Level 1
Level 1

‎01-23-2020 11:49 PM

Solution.

After running several tests I have found the solution so I thought I'd add it here so anyone else experiencing the same issue might find this useful.

 

The documentation states extended access lists can be used to classify traffic.  This is true but the extended access-list must be a numbered access-list i.e 100-999.  Named access-lists do not work.

I also found a second issue.  You cannot attach a policy-map to an interface when the class-default queue is configured with the 'match protocol ip'.  If you remove the 'match protocol ip' command from the class-default queue it works.

 

I hope this helps anyone experiencing issues with applying Policy-maps to interfaces.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card