Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1000
Views
0
Helpful
0
Replies

QOS ACL for snmp and icmp to/from monitoring server.

rawatsandeep
Level 1
Level 1

‎09-22-2012 05:43 AM - edited ‎03-07-2019 09:01 AM

Friends,

Problem : When there is a high congestion on the Remote site router wan link, our monitoring server reports it as down, and the reason being not getting reply to icmp packets or high responce time to get a reply back. I do not want this to happen during congestion period.

Please note that Inbound making is done on L3 switch and Outbound service policy is applied to Remote site router WAN interface.

- So when the Remote router replies to ICMP packts sent by monitoring servers , echo reply packets will be matched by default class, and due to congestions at  some point of time will be randomly droped. I belive router self generated packets like ssh, icmp, will be given default treatment.

Monitoring server -------- Head end Router (ASR1000) QOS applied here too ------- (Outbound policy applied on WAN interface)Remote site Router (2951) -------- L3 Swith (3750) (Inboud marking done here).

One way I think to address this is to create new class maps and policy-map on remote site router to mark the packets sent destination (Monitoring server ip ) marked with higher DSCP value or bandwith percentage. but would need to be done head end router too.

Example:

access-list 101 permit icmp host x.x.x.x host 10.x.x.x echo

access-list 101 permit icmp host x.x.x.x host 10.x.x.x echo-reply

access-list 101 permit udp host x.x.x.x host 10.x.x.x eq snmp

class-map match-all QPM_ICMP-Traffic

description Outbound ICMP traffic queue

match access-group 101

!

policy-map QPM_Lab-Policy-Group

class QPM_ICMP-Traffic

bandwidth percent <X>

!

interface Se0/0

ip address 192.168.251.6 255.255.255.224

service-policy output QPM_Lab-Policy-Group

Note we have below configs on L3 switch:

From L3 Switch at remote sites : (ACL is same at Head end)

class MARK-OPS-ADMIN-MGMT

set dscp af31

ip access-list extended OPS-ADMIN-MGMT-ACL

permit tcp any any eq tacacs

permit tcp any eq tacacs any

permit tcp any any eq 161

permit tcp any eq 161 any

permit udp any any eq snmp

permit udp any eq snmp any

permit udp any any eq snmptrap

permit udp any eq snmptrap any

permit udp any any eq syslog

permit tcp any any eq telnet

permit tcp any eq telnet any

permit tcp any any eq 22

permit tcp any eq 22 any

What do you suggest the best way to modify QOS ? and resolve the issue.?

Thanks

Sandep Rawat

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card