[c-nsp] ASR1k, can't qos local ssh traffic

[Daniska Tomas]

Hi,

I'm in a final phase of deploying an ASR1k-based private MPLS network. The boxes are marvelouos in what I can do with qos, except that I can't make them put locally originated SSH traffic into the proper class. All management traffic is in-band, no out-of-band management is deployed. I've tried everything that came to my mind, with failure in every case:

-          ACL-based classification in the class-maps on backbone i/f output policy-map

-          ip ssh dscp

-          ip ssh precedence

-          control-plane policing with ACL-based classification in the class-maps

-          ip local policy route-map with ACL-based classification and setting precedence

None of them matches a single locally originated SSH packet (the ACL-based classification on the backbone i/fs matches passing SSH traffic correctly, though). I've tried minimising the policy map to a SSH-only configuration to avoid possible conflicts with other classes, still no success.

The boxes run Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNF1, RELEASE SOFTWARE (fc1).


Thanks for any hints!

--

Tomas Daniska
Senior CSE/BDM

Soitron, a.s.
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224000, fax: +421 2 58224520

Good judgment comes from experience. Unfortunately, the experience usually comes from poor judgment.
-- O 'Reilly's fundamentals of Aviation