[c-nsp] Matching EXP bits in ME3600
adamv0025 at netconsultings.com
adamv0025 at netconsultings.com
Mon Jun 26 04:02:12 EDT 2017
> James Bensley
> Sent: Saturday, June 24, 2017 8:50 AM
>
> On 21 Jun 2017 14:24, "Eric Van Tol" <eric at atlantech.net> wrote:
>
> For anyone else in the future who may be experiencing a similar issue:
>
> Problem turned out to be QoS ACL matching conditions. Docs here state:
>
> http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/s
> oftware/
> release/15-5_1_S/configuration/guide/3800x3600xscg/swqos.html
>
> "Not all IP ACL options are supported in QoS ACLs. Only these protocols
are
> supported for permit actions in an IP ACL: TCP, and UDP
>
> Although you can configure many options in ACLs, only some are supported
> for QoS ACLs.
>
> For permit protocol , the supported keywords are: tcp , and udp .
> For source and destination address, the supported entries are ip-address ,
> any , or host .
> For match criteria, the supported keywords are dscp or tos . You can also
> specify a time-range."
>
> I ended up having to modify the ACLs to only match on IP and remove the
> ICMP ACE and it works.
>
> -evt
>
>
> Hi Eric,
>
> Sorry for the late response, I wanted to say that the problem here is
likely
> the ACL on the IP interface. We tested IP address matching ACLs on a layer
3
> interface on a 15.3.3 version of IOS and it basically didn't work.
>
> As per the link you have provided not many features can be "matched" in
the
> ACL, we had to reduce the ACEs to be broader than we originally wanted. We
> also tried on an SVI and I don't think we matched any traffic at the time
(this
> was an older buggy IOS version). In the end we just stopped using IPs in
QoS
> ACLs and just match on qos-group, DSCP and EXP. These three are working
> fine for us.
>
Oh and I seem to remember there's also the limitation on which match
criteria can be combined, but I can't find it in my notes, it was something
like L2 fields L3 fields and some selected mix, but for example you could
not match for Dot1.p and EXP at the same time.
adam
netconsultings.com
::carrier-class solutions for the telecommunications industry::
More information about the cisco-nsp
mailing list