[c-nsp] Cisco 2960 QOS issue

Dimuthu Parussalla dparussalla at baysidegrp.com.au
Mon May 14 01:12:16 EDT 2007 

Hi,

All it seems like the problem with the ftp using dynamic ports. Thanks all
for your help and it's working perfectly.

Greatly appreciated.


Regards
Dimuthu

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Liviu Pislaru
Sent: Monday, 14 May 2007 2:55 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco 2960 QOS issue


hello dimuthu,

assure that "QoS ip packet dscp rewrite is enabled" (global config)
and you'll see that your policy-map is marking your ftp traffic;

you can see that with a port monitor configured with source
uplink port (Gi0/24) TX or "sh mls qos interface Gi0/24 statistics"
at "dscp: outgoing" field.

.... BUT you will not see any matches at "sh mls qos interface Gi0/1
statistics"
for DSCP 40 nor at "sh ip access list 133";

P.S. - i use IOS "c2960-lanbase-mz.122-25.FX.bin"

--
liviu.

----- Original Message -----
From: "Dimuthu Parussalla" <dparussalla at baysidegrp.com.au>
To: <cisco-nsp at puck.nether.net>
Sent: Monday, May 14, 2007 2:04 AM
Subject: [c-nsp] Cisco 2960 QOS issue


> Hi All,
>
> I am having trouble marking packets on a ingress interface. It seems like
> policy doesn't mark the traffic related to access list. I have a test
> access
> list set to mark DSCP 40 on all the ftp traffic. I can't even see matching
> traffic to my access list via sh acceess-lists.
>
> What I am doing wrong?.
>
>
> Regards
> Dimuthu
>
>
>
>
> Configurations:
>
> mls qos
> !
>
> class-map match-any test
>  match access-group 133
>
>
> policy-map mark-i
>  class test
>   set dscp cs5
>
> interface GigabitEthernet0/1
> service-policy input mark-i
> !
> interface GigabitEthernet0/2
> mls qos trust dscp
> !
> interface GigabitEthernet0/3
> mls qos trust dscp
>
>
>
> access-list 133 permit tcp any any eq ftp
> access-list 133 permit tcp any eq ftp any
>
>
> Diagnostic outputs:
>
> sh policy-map int g0/1
> GigabitEthernet0/1
>
>  Service-policy input: mark-i
>
>    Class-map: test (match-any)
>      0 packets, 0 bytes
>      5 minute offered rate 0 bps, drop rate 0 bps
>      Match: access-group 133
>        0 packets, 0 bytes
>        5 minute rate 0 bps
>
>    Class-map: class-default (match-any)
>      0 packets, 0 bytes
>      5 minute offered rate 0 bps, drop rate 0 bps
>      Match: any
>        0 packets, 0 bytes
>        5 minute rate 0 bps
>
>
> #sh mls qos interface g0/1 sta
> GigabitEthernet0/1
>
>  dscp: incoming
> -------------------------------
>
>  0 -  4 :     1662025            0            0            0            0
>  5 -  9 :           0            0            0            0            0
> 10 - 14 :           0            0            0            0            0
> 15 - 19 :           0            0            0            0            0
> 20 - 24 :           0            0            0            0            0
> 25 - 29 :           0            0            0            0            0
> 30 - 34 :           0            0            0            0            0
> 35 - 39 :           0            0            0            0            0
> 40 - 44 :           0            0            0            0            0
> 45 - 49 :           0            0            0            0            0
> 50 - 54 :           0            0            0            0            0
> 55 - 59 :           0            0            0            0            0
> 60 - 64 :           0            0            0            0
>  dscp: outgoing
> -------------------------------
>
>  0 -  4 :     2236212            0            0            0            0
>  5 -  9 :           0            0            0            0            0
> 10 - 14 :           0            0            0            0            0
> 15 - 19 :           0            0            0            0            0
> 20 - 24 :           0            0            0            0            0
> 25 - 29 :           0            0            0            0            0
> 30 - 34 :           0            0            0            0            0
> 35 - 39 :           0            0            0            0            0
> 40 - 44 :           0            0            0            0            0
> 45 - 49 :           0            0            0            0            0
> 50 - 54 :           0            0            0            0            0
> 55 - 59 :           0            0            0            0            0
> 60 - 64 :           0            0            0            0
>  cos: incoming
> -------------------------------
>
>  0 -  4 :     1677064            0            0            0            0
>  5 -  7 :           0            0            0
>  cos: outgoing
> -------------------------------
>
>  0 -  4 :     2239841            0            0            0            0
>  5 -  7 :           0            0          708
> Policer: Inprofile:            0 OutofProfile:            0
>
>
> #sh access-lists
> Standard IP access list 22
>    10 permit 192.168.1.0, wildcard bits 0.0.0.255
> Extended IP access list 132
>    10 permit tcp any any eq 19100
>    20 permit tcp any eq 19100 any
> Extended IP access list 133
>    10 permit tcp any any eq ftp
>    20 permit tcp any eq ftp any
> Extended MAC access list jb
>    permit host 0017.31f2.33b8 any
>    permit any host 0017.31f2.33b8
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list