Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
965
Views
3
Helpful
7
Replies

QoS - Class-Map doesn't match the statement

Federico Olivieri
Level 2
Level 2

‎01-09-2016 08:04 AM - edited ‎03-08-2019 03:21 AM

Hi,

I have create this class-map 

887VA#show class-map
Class Map match-any DSN_SERVER (id 5)
Match access-group name DNS

That match this ACL

887VA#show access-lists DNS
Extended IP access list DNS
10 permit udp any eq domain any
20 permit udp any any eq domain
30 permit tcp any eq domain any
40 permit tcp any any eq domain

But when I apply it seems that doesn't match any packets 

Class-map: DSN_SERVER (match-all)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: access-group name DNS
Priority: 30% (16 kbps), burst bytes 1500, b/w exceed drops: 0

If I use the preconfigured cisco dns value for class map, seems working fine

Class Map match-all DNS (id 4)
Match protocol dns

Class-map: DNS (match-all)
166 packets, 16615 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: protocol dns
Priority: 30% (16 kbps), burst bytes 1500, b/w exceed drops: 0

  • Anyone can spot any errors in my first part of configuration?
  • The Match protocol dns match source or destination port 53?

    Thanks

Labels:
0 Helpful
7 Replies 7

Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎01-09-2016 10:55 AM

It looks correct to me.

I did notice your first class-map was a "match-any" and the second was a "match-all" but this should not make any difference if there is only one match criteria.

0 Helpful

Federico Olivieri
Level 2
Level 2
In response to Philip D'Ath

‎01-09-2016 02:22 PM

Hi,
Thanks for your reply. Do you know if the Match protocol dns match source or destination port 53?

Thanks

Federico

0 Helpful

Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star
In response to Federico Olivieri

‎01-09-2016 02:41 PM

I'm 80% confident it matches both.

0 Helpful

Richard Bradfield
Level 11
Level 11

‎01-09-2016 04:02 PM

the only thing I see is

Class-map: DSN_SERVER (match-all) <whereas should be match-any it is on my routers!

so are you sure you have

Class Map match-any DSN_SERVER 

in the configuration

0 Helpful

Federico Olivieri
Level 2
Level 2

‎01-11-2016 04:30 AM

Found by myself. I did apply to interface instead to SVI.

A question for you guys:

The Match protocol dns match source or destination port 53?

Thanks

0 Helpful

Richard Bradfield
Level 11
Level 11
In response to Federico Olivieri

‎01-11-2016 01:23 PM

Usually match both, but depends on your DNS setup,whether your DNS server has to go to a higher authority within  the DNS domain, or just receives requests from clients.

With your ACLs I would not have " any any" I would use the  addresses of the DNS servers

Federico Olivieri
Level 2
Level 2
In response to Richard Bradfield

‎01-12-2016 06:26 AM

Thanks Richard. 
My server is recursive, that means will use source and destination 

0 Helpful
Customers Also Viewed These Support Documents