06-08-2010 08:34 AM - edited 03-06-2019 11:28 AM
I have a QoS issue. Please help me figure out.
ip access-list extended SILVER-TRAFFIC
permit tcp any 10.0.0.0 0.255.255.255 eq 80
ip access-list extended BRONZE-TRAFFIC
permit tcp any 10.3.115.0 0.0.0.255 eq 80
permit tcp any 10.60.52.0 0.0.0.255 eq 80
class-map match-any SILVER-CLASS
match access-group name SILVER-TRAFFIC
class-map match-any BRONZE-CLASS
match access-group name BRONZE-TRAFFIC
policy-map QOS
class SILVER-CLASS
set dscp cs3
class BRONZE-CLASS
set dscp cs2
class class-default
set dscp default
There are 2 QoS class in this configuration. The ACL (permit tcp any 10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?
Solved! Go to Solution.
06-08-2010 10:28 AM
cscyangyu wrote:
There are 2 QoS class in this configuration. The ACL (permit tcp any 10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?
It means that all traffic with the first octet of 10 in the IP address will be matched to the silver class. Nothing with a 10.x.x.x address will ever get past the silver class so all 10.x.x.x traffic will be marked with dscp cs3.
The policy-map is checked sequentially so and if a match is found processing stops so if you want bronze traffic to be marked as bronze -
policy-map QOS
class BRONZE-CLASS
set dscp cs2
class SILVER-CLASS
set dscp cs3
class class-default
set dscp default
Jon
06-08-2010 10:33 AM
Hello Angyu,
your understanding is correct: the order of call of the class-maps counts like in an ACL
you should rewrite the policy-map invoking the bronze-traffic first or you will be in trouble
It could be a safe measure to rewrite the ACL for silver traffic denying the other traffic
Hope to help
Giuseppe
06-08-2010 10:28 AM
cscyangyu wrote:
There are 2 QoS class in this configuration. The ACL (permit tcp any 10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?
It means that all traffic with the first octet of 10 in the IP address will be matched to the silver class. Nothing with a 10.x.x.x address will ever get past the silver class so all 10.x.x.x traffic will be marked with dscp cs3.
The policy-map is checked sequentially so and if a match is found processing stops so if you want bronze traffic to be marked as bronze -
policy-map QOS
class BRONZE-CLASS
set dscp cs2
class SILVER-CLASS
set dscp cs3
class class-default
set dscp default
Jon
06-08-2010 10:33 AM
Hello Angyu,
your understanding is correct: the order of call of the class-maps counts like in an ACL
you should rewrite the policy-map invoking the bronze-traffic first or you will be in trouble
It could be a safe measure to rewrite the ACL for silver traffic denying the other traffic
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide