Hi Freinds,
i am facing issue with MLS QOS , in 3750x (15.02(se3)) , i configure class maps, policy maps , service policy , but still my qos policing is not working .please let know what mistake i am making.
configuration below.
Current configuration : 12255 bytes
!
! Last configuration change at 09:04:44 UTC Thu Jul 15 1993 by naveed
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname QUR-FF-CB2-DSW
!
boot-start-marker
boot-end-marker
!
!
!
username mdraffi privilege 15 secret 5 $1$KKiJ$4xFm.s7k8boTe8BCnxw7N.
username zubair privilege 15 secret 5 $1$TlXi$PUBbZhzTWn5r3lUTBD22N/
username gazi privilege 15 secret 5 $1$3PBF$jEMaN7G2UykGPjoIKdG3G1
username abdullah privilege 15 secret 5 $1$WN9q$BipNuTF4JZtdusRkrmg8x/
username naveed privilege 15 secret 5 $1$FSs2$CL2inO/wv5.1GxYXpOhwq/
username ncm privilege 15 secret 5 $1$lCM3$K63Tf5QvcSCo2Nm67jtAy1
no aaa new-model
switch 1 provision ws-c3750x-12s
switch 2 provision ws-c3750x-12s
system mtu routing 1500
ip routing
!
ip dhcp excluded-address 10.2.13.200 10.2.13.210
ip dhcp excluded-address 10.2.11.1 10.2.11.60
ip dhcp excluded-address 10.2.14.1 10.2.14.50
ip dhcp excluded-address 10.2.26.1 10.2.26.30
ip dhcp excluded-address 10.2.25.1 10.2.25.30
ip dhcp excluded-address 10.2.27.1 10.2.27.30
ip dhcp excluded-address 10.2.28.1 10.2.28.30
ip dhcp excluded-address 10.2.29.1 10.2.29.30
ip dhcp excluded-address 10.2.26.1 10.2.26.50
!
ip dhcp pool GL
network 10.2.11.0 255.255.255.0
default-router 10.2.11.1
domain-name ALJAZIRAHFORD
netbios-name-server 172.16.0.87
option 60 ip 10.1.12.61
option 67 ascii boot\x86\pxeboot.com
option 66 ip 10.1.12.61
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
!
ip dhcp pool GR
network 10.2.12.0 255.255.255.0
default-router 10.2.12.1
domain-name ALJAZIRAHFORD
netbios-name-server 172.16.0.87
option 60 ip 10.1.12.61
option 67 ascii boot\x86\pxeboot.com
--More-- option 66 ip 10.1.12.61
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
!
ip dhcp pool FL
network 10.2.13.0 255.255.255.0
default-router 10.2.13.1
domain-name ALJAZIRAHFORD
netbios-name-server 172.16.0.87
option 60 ip 10.1.12.61
option 67 ascii boot\x86\pxeboot.com
option 66 ip 10.1.12.61
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
!
ip dhcp pool FR
network 10.2.14.0 255.255.255.0
default-router 10.2.14.1
domain-name ALJAZIRAHFORD
netbios-name-server 172.16.0.87
option 60 ip 10.1.12.61
option 67 ascii boot\x86\pxeboot.com
option 66 ip 10.1.12.61
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
!
ip dhcp pool voice1
network 10.2.21.0 255.255.255.0
default-router 10.2.21.1
domain-name ALJAZIRAHFORD
option 150 ip 172.16.1.97 172.16.1.52 172.16.8.24
netbios-name-server 172.16.0.87
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
!
ip dhcp pool Qurtuba-Wireless-Ajva-Users
network 10.2.26.0 255.255.255.0
default-router 10.2.26.1
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
domain-name aljazirahford.com
option 43 hex f104.ac10.1e02
option 60 ip 10.1.12.61
option 67 ascii boot\x86\pxeboot.com
option 66 ip 10.1.12.61
!
ip dhcp pool Qurtuba-Wireless-Ajva-VIPs
network 10.2.25.0 255.255.255.0
default-router 10.2.25.1
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
domain-name aljazirahford.com
option 43 hex f104.ac10.1e02
option 60 ip 10.1.12.61
option 67 ascii boot\x86\pxeboot.com
option 66 ip 10.1.12.61
!
ip dhcp pool Qurtuba-GUEST-Wireless
network 10.2.27.0 255.255.255.0
default-router 10.2.27.1
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
domain-name aljazirahford.com
option 43 hex f104.ac10.1e02
--More-- option 60 ip 10.1.12.61
option 67 ascii boot\x86\pxeboot.com
option 66 ip 10.1.12.61
!
ip dhcp pool Qurtuba-WIPHONE-Wireless
network 10.2.28.0 255.255.255.0
default-router 10.2.28.1
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
domain-name aljazirahford.com
option 43 hex f104.ac10.1e02
option 67 ascii boot\x86\pxeboot.com
option 66 ip 10.1.12.61
!
ip dhcp pool Qurtuba-ASCOM-Wireless
network 10.2.29.0 255.255.255.0
default-router 10.2.29.1
dns-server 172.16.0.73 10.1.11.25 10.1.102.56
domain-name aljazirahford.com
option 43 hex f104.ac10.1e02
option 60 ip 10.1.12.61
option 67 ascii boot\x86\pxeboot.com
option 66 ip 10.1.12.61
!
!
!
mls qos
!
crypto pki trustpoint TP-self-signed-3461845760
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3461845760
revocation-check none
rsakeypair TP-self-signed-3461845760
!
!
crypto pki certificate chain TP-self-signed-3461845760
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343631 38343537 3630301E 170D3933 30333031 30303031
35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34363138
34353736 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D4FF 0110B67C FBAEBE19 13D8C19B 1DC0D2B1 56DDF5BD 09CF922C 23CB0091
71EEEC56 BB0527FF 81CCE011 038BD17D 12C64B2D D64D5098 6381CE1B D5ED89F5
81B3D0B4 7CDD463F CF78EF54 72A80B2C 20D70067 D372F121 9DA9FA11 F30A7B75
1941767F 9374DA35 B4D3626F C221DD1F 84F16E76 50666793 A4410DAD A400E905
C03B0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
551D1104 12301082 0E515552 2D46462D 4342322D 44535730 1F060355 1D230418
30168014 B97FF0E4 51369507 0CAEEC59 AE0FB917 3069E02D 301D0603 551D0E04
160414B9 7FF0E451 3695070C AEEC59AE 0FB91730 69E02D30 0D06092A 864886F7
0D010104 05000381 8100BE85 E2D775F0 9022D377 5FC37F9A 7147CF78 944E0A0E
37901DF1 981D9B41 782C7ECE 3BB66D04 2A6AD612 279A65A9 4579F8B0 10F769BF
204D3C26 C999A2B2 7DB8BB78 9EC599CC FC0894CF AE0C1F7F 4FCCE1A1 7AB4DF20
11D5AAEC BA4B9A75 6B6801E1 4A7C34E3 6E3AA32C D876CC6C 927B78CD A1FFCCF3
DD7D5C15 5D798A56 99F2
quit
!
--More-- !
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
class-map match-all GUEST-PORTS
match input-interface GigabitEthernet1/0/1
match input-interface GigabitEthernet1/0/3 - GigabitEthernet1/0/5
match input-interface GigabitEthernet2/0/3 - GigabitEthernet2/0/7
match input-interface GigabitEthernet2/0/1
match input-interface GigabitEthernet2/0/12
class-map match-all GUEST-REST
match access-group 101
!
policy-map GUEST-PORT
class GUEST-PORTS
police 1000000 32000 exceed-action drop
policy-map GUEST-VLAN
class GUEST-REST
set dscp default
service-policy GUEST-PORT
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
mls qos vlan-based
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
!
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
mls qos vlan-based
!
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
mls qos vlan-based
!
interface GigabitEthernet1/0/5
switchport trunk encapsulation dot1q
mls qos vlan-based
!
--More-- interface GigabitEthernet1/0/6
switchport trunk encapsulation dot1q
!
interface GigabitEthernet1/0/7
switchport trunk encapsulation dot1q
!
interface GigabitEthernet1/0/8
switchport trunk encapsulation dot1q
!
interface GigabitEthernet1/0/9
switchport trunk encapsulation dot1q
!
interface GigabitEthernet1/0/10
switchport trunk encapsulation dot1q
!
interface GigabitEthernet1/0/11
switchport trunk encapsulation dot1q
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
mls qos vlan-based
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface GigabitEthernet2/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos vlan-based
!
interface GigabitEthernet2/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos vlan-based
!
interface GigabitEthernet2/0/4
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos vlan-based
!
interface GigabitEthernet2/0/5
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos vlan-based
--More-- !
interface GigabitEthernet2/0/6
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos vlan-based
!
interface GigabitEthernet2/0/7
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos vlan-based
!
interface GigabitEthernet2/0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface Vlan1
ip address 172.16.57.254 255.255.255.0
!
interface Vlan100
ip address 10.2.10.1 255.255.255.0
!
interface Vlan101
ip address 10.2.11.1 255.255.255.0
!
interface Vlan102
ip address 10.2.12.1 255.255.255.0
!
interface Vlan103
ip address 10.2.13.1 255.255.255.0
--More-- !
interface Vlan104
ip address 10.2.14.1 255.255.255.0
!
interface Vlan111
ip address 10.2.21.1 255.255.255.0
!
interface Vlan112
ip address 10.2.22.1 255.255.255.0
!
interface Vlan115
description **AJVA-VIP**WIRELESS**
ip address 10.2.25.1 255.255.255.0
!
interface Vlan116
description **AJVA-USER-AP-WIRELESS**
ip address 10.2.26.1 255.255.255.0
!
interface Vlan117
description **AJVA-GUEST-WIRELESS**
ip address 10.2.27.1 255.255.255.0
ip access-group 110 in
!
interface Vlan118
description **AJVA-WIPHONE-WIRELESS**
ip address 10.2.28.1 255.255.255.0
!
interface Vlan119
description **AJVA-ASCOM-WIRELESS**
ip address 10.2.29.1 255.255.255.0
!
ip default-gateway 172.16.57.1
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 172.16.57.1
!
logging esm config
access-list 101 permit ip 10.2.27.0 0.0.0.255 any
access-list 110 permit ip 10.2.27.0 0.0.0.255 host 172.16.18.10
access-list 110 permit ip 10.2.27.0 0.0.0.255 host 1.1.1.1
access-list 110 permit tcp 10.2.27.0 0.0.0.255 host 1.1.1.1
access-list 110 permit udp 10.2.27.0 0.0.0.255 host 1.1.1.1
access-list 110 permit ahp 10.2.27.0 0.0.0.255 host 1.1.1.1
access-list 110 permit esp 10.2.27.0 0.0.0.255 host 1.1.1.1
access-list 110 permit ipinip 10.2.27.0 0.0.0.255 host 1.1.1.1
access-list 110 deny tcp 10.2.27.0 0.0.0.255 172.16.0.0 0.0.255.255 eq telnet
access-list 110 deny tcp 10.2.27.0 0.0.0.255 172.18.0.0 0.0.255.255 eq telnet
access-list 110 deny tcp 10.2.27.0 0.0.0.255 172.20.0.0 0.0.255.255 eq telnet
access-list 110 deny tcp 10.2.27.0 0.0.0.255 10.0.0.0 0.255.255.255 eq telnet
access-list 110 deny icmp 10.2.27.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 110 deny icmp 10.2.27.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 110 deny icmp 10.2.27.0 0.0.0.255 172.18.0.0 0.0.255.255
access-list 110 deny icmp 10.2.27.0 0.0.0.255 172.20.0.0 0.0.255.255
access-list 110 permit ip 10.2.27.0 0.0.0.255 any
access-list 110 deny tcp 10.2.27.0 0.0.0.255 10.0.0.0 0.255.255.255 eq 22
access-list 110 deny tcp 10.2.27.0 0.0.0.255 172.20.0.0 0.0.255.255 eq 22
access-list 110 deny tcp 10.2.27.0 0.0.0.255 172.16.0.0 0.0.255.255 eq 22
access-list 110 deny tcp 10.2.27.0 0.0.0.255 172.18.0.0 0.0.255.255 eq 22
!
snmp-server community ajva RW
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps syslog
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon temperature
snmp ifmib ifindex persist
!
!
line con 0
login local
line vty 0 4
login local
transport input all
line vty 5 15
login
!