[c-nsp] Cisco 2960 QOS issue

Lincoln Dale (ltd) ltd at cisco.com
Mon May 14 00:49:26 EDT 2007


> I am having trouble marking packets on a ingress interface. It seems
like
> policy doesn't mark the traffic related to access list. I have a test
> access
> list set to mark DSCP 40 on all the ftp traffic. I can't even see
matching
> traffic to my access list via sh acceess-lists.
> 
> What I am doing wrong?.
>
> access-list 133 permit tcp any any eq ftp
> access-list 133 permit tcp any eq ftp any

it could well be that your policy is working just fine.  note that
unless the FTP is 'passive', it will be using dynamic port numbers in
the direction you're configured your ACL for.


cheers,

lincoln.



More information about the cisco-nsp mailing list