[c-nsp] Matching EXP bits in ME3600
James Bensley
jwbensley at gmail.com
Sat Jun 24 03:50:17 EDT 2017
On 21 Jun 2017 14:24, "Eric Van Tol" <eric at atlantech.net> wrote:
For anyone else in the future who may be experiencing a similar issue:
Problem turned out to be QoS ACL matching conditions. Docs here state:
http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/
release/15-5_1_S/configuration/guide/3800x3600xscg/swqos.html
"Not all IP ACL options are supported in QoS ACLs. Only these protocols are
supported for permit actions in an IP ACL: TCP, and UDP
Although you can configure many options in ACLs, only some are supported
for QoS ACLs.
For permit protocol , the supported keywords are: tcp , and udp .
For source and destination address, the supported entries are ip-address ,
any , or host .
For match criteria, the supported keywords are dscp or tos . You can also
specify a time-range."
I ended up having to modify the ACLs to only match on IP and remove the
ICMP ACE and it works.
-evt
Hi Eric,
Sorry for the late response, I wanted to say that the problem here is
likely the ACL on the IP interface. We tested IP address matching ACLs on a
layer 3 interface on a 15.3.3 version of IOS and it basically didn't work.
As per the link you have provided not many features can be "matched" in the
ACL, we had to reduce the ACEs to be broader than we originally wanted. We
also tried on an SVI and I don't think we matched any traffic at the time
(this was an older buggy IOS version). In the end we just stopped using IPs
in QoS ACLs and just match on qos-group, DSCP and EXP. These three are
working fine for us.
Cheers,
James.
More information about the cisco-nsp
mailing list