[c-nsp] Cisco 2960 QOS issue
Dimuthu Parussalla
dparussalla at baysidegrp.com.au
Mon May 14 01:12:16 EDT 2007
Hi,
All it seems like the problem with the ftp using dynamic ports. Thanks all
for your help and it's working perfectly.
Greatly appreciated.
Regards
Dimuthu
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Liviu Pislaru
Sent: Monday, 14 May 2007 2:55 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco 2960 QOS issue
hello dimuthu,
assure that "QoS ip packet dscp rewrite is enabled" (global config)
and you'll see that your policy-map is marking your ftp traffic;
you can see that with a port monitor configured with source
uplink port (Gi0/24) TX or "sh mls qos interface Gi0/24 statistics"
at "dscp: outgoing" field.
.... BUT you will not see any matches at "sh mls qos interface Gi0/1
statistics"
for DSCP 40 nor at "sh ip access list 133";
P.S. - i use IOS "c2960-lanbase-mz.122-25.FX.bin"
--
liviu.
----- Original Message -----
From: "Dimuthu Parussalla" <dparussalla at baysidegrp.com.au>
To: <cisco-nsp at puck.nether.net>
Sent: Monday, May 14, 2007 2:04 AM
Subject: [c-nsp] Cisco 2960 QOS issue
> Hi All,
>
> I am having trouble marking packets on a ingress interface. It seems like
> policy doesn't mark the traffic related to access list. I have a test
> access
> list set to mark DSCP 40 on all the ftp traffic. I can't even see matching
> traffic to my access list via sh acceess-lists.
>
> What I am doing wrong?.
>
>
> Regards
> Dimuthu
>
>
>
>
> Configurations:
>
> mls qos
> !
>
> class-map match-any test
> match access-group 133
>
>
> policy-map mark-i
> class test
> set dscp cs5
>
> interface GigabitEthernet0/1
> service-policy input mark-i
> !
> interface GigabitEthernet0/2
> mls qos trust dscp
> !
> interface GigabitEthernet0/3
> mls qos trust dscp
>
>
>
> access-list 133 permit tcp any any eq ftp
> access-list 133 permit tcp any eq ftp any
>
>
> Diagnostic outputs:
>
> sh policy-map int g0/1
> GigabitEthernet0/1
>
> Service-policy input: mark-i
>
> Class-map: test (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: access-group 133
> 0 packets, 0 bytes
> 5 minute rate 0 bps
>
> Class-map: class-default (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> 0 packets, 0 bytes
> 5 minute rate 0 bps
>
>
> #sh mls qos interface g0/1 sta
> GigabitEthernet0/1
>
> dscp: incoming
> -------------------------------
>
> 0 - 4 : 1662025 0 0 0 0
> 5 - 9 : 0 0 0 0 0
> 10 - 14 : 0 0 0 0 0
> 15 - 19 : 0 0 0 0 0
> 20 - 24 : 0 0 0 0 0
> 25 - 29 : 0 0 0 0 0
> 30 - 34 : 0 0 0 0 0
> 35 - 39 : 0 0 0 0 0
> 40 - 44 : 0 0 0 0 0
> 45 - 49 : 0 0 0 0 0
> 50 - 54 : 0 0 0 0 0
> 55 - 59 : 0 0 0 0 0
> 60 - 64 : 0 0 0 0
> dscp: outgoing
> -------------------------------
>
> 0 - 4 : 2236212 0 0 0 0
> 5 - 9 : 0 0 0 0 0
> 10 - 14 : 0 0 0 0 0
> 15 - 19 : 0 0 0 0 0
> 20 - 24 : 0 0 0 0 0
> 25 - 29 : 0 0 0 0 0
> 30 - 34 : 0 0 0 0 0
> 35 - 39 : 0 0 0 0 0
> 40 - 44 : 0 0 0 0 0
> 45 - 49 : 0 0 0 0 0
> 50 - 54 : 0 0 0 0 0
> 55 - 59 : 0 0 0 0 0
> 60 - 64 : 0 0 0 0
> cos: incoming
> -------------------------------
>
> 0 - 4 : 1677064 0 0 0 0
> 5 - 7 : 0 0 0
> cos: outgoing
> -------------------------------
>
> 0 - 4 : 2239841 0 0 0 0
> 5 - 7 : 0 0 708
> Policer: Inprofile: 0 OutofProfile: 0
>
>
> #sh access-lists
> Standard IP access list 22
> 10 permit 192.168.1.0, wildcard bits 0.0.0.255
> Extended IP access list 132
> 10 permit tcp any any eq 19100
> 20 permit tcp any eq 19100 any
> Extended IP access list 133
> 10 permit tcp any any eq ftp
> 20 permit tcp any eq ftp any
> Extended MAC access list jb
> permit host 0017.31f2.33b8 any
> permit any host 0017.31f2.33b8
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list