Solved: service-policy input

kozorezdi · ‎10-17-2011

Hello everyone,

my service-policy is not working on inbound. it works on outbound, but I need to apply it on IN as well.

please check what I am doing wrong. thank you in advance.

!

mls qos

!

ip access-list extended ACL-TEST-LIMIT50

permit ip any any

!

class-map match-all CLASS-TEST-LIMIT50

match access-group name ACL-TEST-LIMIT50

!

policy-map MAP-TEST-LIMIT50

class CLASS-TEST-LIMIT50

police 50000000 40000 conform-action drop exceed-action drop violate-action drop

!

int vlan 103

service-policy input MAP-TEST-LIMIT50

!

P.S.

with traffic up to 100mb/s, I almost don't see the matches:

sh ip access-lists ACL-TEST-LIMIT50

Extended IP access list ACL-TEST-LIMIT50

10 permit ip any any (1 match)

c7600 / Version 12.2(33)SRE2

--

Have a nice day,

Dmitry

Balaji K · ‎10-19-2011

hi,

do we have 'mls qos vlan-based' configured on the physical port through which the traffic is ingressing.

View solution in original post

mlund · ‎10-20-2011

Hi Dimity

You said " when I put it on the interface it blocked all traffic to host"

That is exactly what is going to happen, because of Your policy.

The policy states " conform-action drop"

/Mikael

View solution in original post

nkarpysh · ‎10-19-2011

Hi Dmitry,

can you please paste the following output when this policy is attached in IN direction with some traffic passing through VLAN (not sent to VLAN):

show policy-map int Vlan 103

Nik

HTH,
Niko

kozorezdi · ‎10-19-2011

Hi Nikolay,

Thank you for your help.

sh policy-map interface vlan 103

Vlan103

Service-policy input: MAP-TEST-LIMIT50

class-map: CLASS-TEST-LIMIT50 (match-all)

Match: access-group name ACL-RODINA-LIMIT50

police :

50000000 bps 40000 limit 40000 extended limit

Earl in slot 5 :

59009454 bytes

5 minute offered rate 0 bps

aggregate-forwarded 0 bytes action: drop

exceeded 59009454 bytes action: drop

aggregate-forward 0 bps exceed 0 bps

Earl in slot 6 :

0 bytes

5 minute offered rate 0 bps

aggregate-forwarded 0 bytes action: drop

exceeded 0 bytes action: drop

aggregate-forward 0 bps exceed 0 bps

Earl in slot 7 :

0 bytes

5 minute offered rate 0 bps

aggregate-forwarded 0 bytes action: drop

exceeded 0 bytes action: drop

aggregate-forward 0 bps exceed 0 bps

Earl in slot 9 :

0 bytes

5 minute offered rate 0 bps

aggregate-forwarded 0 bytes action: drop

exceeded 0 bytes action: drop

aggregate-forward 0 bps exceed 0 bps

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps

--

Dmitry

Balaji K · ‎10-19-2011

hi,

do we have 'mls qos vlan-based' configured on the physical port through which the traffic is ingressing.

kozorezdi · ‎10-19-2011

Hi Balaji,

I see, it's the right direction. Let me expain the scheme:

router(SVI 103---port-channel1)----------trunk-------------L2 switch(access-port)--------------host

I haven't had the connand 'mls qos vlan-based' on int port-channel1, as result the policy was not working.

When I put it on the interface, it blocked all traffic to the host. Please give me an idea what is wrong.

some details:

interface Port-channel1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

end

!

interface Vlan103

bandwidth 100000

ip address *.*.*.49 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip verify unicast source reachable-via any

ip flow ingress

mls netflow sampling

service-policy input MAP-TEST-LIMIT50

end

!

L2 switch:

interface GigabitEthernet0/15

switchport access vlan 103

switchport mode access

speed 100

end

!

Thank you in advance.

--

Dimitry

kozorezdi · ‎10-20-2011

THANK YOU VERY MUCH !!!

mlund · ‎10-20-2011

Hi Dimity

You said " when I put it on the interface it blocked all traffic to host"

That is exactly what is going to happen, because of Your policy.

The policy states " conform-action drop"

/Mikael

kozorezdi · ‎10-20-2011

Hi Mlund,

sorry for my blindness. yes, it is working now! THANK YOU VERY MUCH!

--

Dimitry