[c-nsp] SVI interface - multicast traffic
Dean Belev
dbelev at gmail.com
Wed Dec 1 06:07:28 EST 2010
Hi all,
The entire picture includes trunk port with 2 unicast and 1 multicast
VLANs and the goal is to do a traffic policing to the multicast one.
I can not perform per port - per vlan policing so I created SVI
interface, configured the trunk port as mls qos vlan-based and expected
that everything should be OK.
I tried to configure SVI policer in order to catch and do a traffic
policing to multicast traffic.
Unfortunately I can even catch it with the well known methods.
So - is that situation has its obvious explanation or I have to be
concern about that case and escalate it to the TAC team.
Thank you in advance for all your replays!
Here is the brief config:
Cisco CISCO7609-S (M8500) processor (revision 1.0)
BASEBOARD: RSP720
(c7600rsp72043_rp-ADVIPSERVICES-M), Version 12.2(33)SRE1, RELEASE
SOFTWARE (fc2)
#
interface TenGigabitEthernet3/4
description xxx
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 358,xxx,xxx
switchport mode trunk
mtu 9216
load-interval 30
mls qos vlan-based
x
#
sh module 3
Mod Ports Card Type Model
--- ----- -------------------------------------- ------------------
-----------
3 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE
Mod Sub-Module Model Serial Hw
Status
---- --------------------------- ------------------ ----------- -------
-------
3 Centralized Forwarding Card WS-F6700-CFC ---- 2.0 Ok
#
SVI interface:
interface Vlan358
no ip address
load-interval 30
*service-policy input TEST*
#
Policy Map TEST
Class Vlan358
police cir 250000000 bc 7812500
conform-action transmit
exceed-action drop
Class class-default
police cir 250000000 bc 7812500
conform-action transmit
exceed-action drop
#
Class Map match-all Vlan358 (id 55)
Match access-group name IP_Traffic
#
Extended IP access list IP_Traffic
10 permit ip any any
- here I tried with access-list matching the exact multicast source
addreses - without any success and no hits at all
#
sh int vl358
Vlan358 is up, line protocol is up
x
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
x
#30 second input rate 0 bits/sec, 0 packets/sec - # no hits due to
CSCtg19669
#30 second output rate 0 bits/sec, 0 packets/sec - # no hits due to
CSCtg19669
#L2 Switched: ucast: 0 pkt, 0 bytes - mcast: 560485636 pkt,
*763381436232* bytes - # counter is normally increasing
L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
238 packets input, 103068 bytes, 0 no buffer
Received 171 broadcasts (0 IP multicasts)
#sh policy-map interface vlan358
Vlan358
Service-policy input: TEST
class-map: Vlan358 (match-all)
Match: access-group name IP_Traffic
police :
250000000 bps 7812000 limit 7812000 extended limit
Earl in slot 5 :
0 bytes
30 second offered rate *0* bps
aggregate-forwarded 0 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 0 bps exceed 0 bps
class-map: class-default (match-any)
Match: any
police :
250000000 bps 7812000 limit 7812000 extended limit
Earl in slot 5 :
0 bytes
30 second offered rate *0* bps
aggregate-forwarded 0 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 0 bps exceed 0 bps
#sh mls qos ip vlan 358
[In] Policy map is TEST_BIX [Out] Default.
QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module)
Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By
AgPoliced-By
Id Id
-------------------------------------------------------------------------------
Vl358 5 In Vlan358 0 492 dscp 0
*0* 0
Vl358 5 In class-defa 0 502 dscp 0
*0* 0
#
Here is a brief example when there is no policy-map on SVI int vl358:
#sh mls qos ip vlan 358
[In] Default. [Out] Default.
QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module)
Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By
AgPoliced-By
Id Id
-------------------------------------------------------------------------------
Vl358 5 In Default 0 0* No 0
*220193147238* 0
Best~
More information about the cisco-nsp
mailing list