[c-nsp] Cisco 2960 QOS issue
Dimuthu Parussalla
dparussalla at baysidegrp.com.au
Sun May 13 19:04:55 EDT 2007
Hi All,
I am having trouble marking packets on a ingress interface. It seems like
policy doesn't mark the traffic related to access list. I have a test access
list set to mark DSCP 40 on all the ftp traffic. I can't even see matching
traffic to my access list via sh acceess-lists.
What I am doing wrong?.
Regards
Dimuthu
Configurations:
mls qos
!
class-map match-any test
match access-group 133
policy-map mark-i
class test
set dscp cs5
interface GigabitEthernet0/1
service-policy input mark-i
!
interface GigabitEthernet0/2
mls qos trust dscp
!
interface GigabitEthernet0/3
mls qos trust dscp
access-list 133 permit tcp any any eq ftp
access-list 133 permit tcp any eq ftp any
Diagnostic outputs:
sh policy-map int g0/1
GigabitEthernet0/1
Service-policy input: mark-i
Class-map: test (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 133
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
#sh mls qos interface g0/1 sta
GigabitEthernet0/1
dscp: incoming
-------------------------------
0 - 4 : 1662025 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 2236212 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 1677064 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
-------------------------------
0 - 4 : 2239841 0 0 0 0
5 - 7 : 0 0 708
Policer: Inprofile: 0 OutofProfile: 0
#sh access-lists
Standard IP access list 22
10 permit 192.168.1.0, wildcard bits 0.0.0.255
Extended IP access list 132
10 permit tcp any any eq 19100
20 permit tcp any eq 19100 any
Extended IP access list 133
10 permit tcp any any eq ftp
20 permit tcp any eq ftp any
Extended MAC access list jb
permit host 0017.31f2.33b8 any
permit any host 0017.31f2.33b8
More information about the cisco-nsp
mailing list