03-20-2007 02:09 PM - edited 03-03-2019 04:14 PM
Hi,
In an effort to better understand cisco qos configuration, I am doing a test on my router. Right now, all I want to do is match some traffic and give it dedicated bandwidth over my vpn and actually see that it is working. It doesn't seem to be working so far. Maybe someone can spot a problem in my config. Traffic I want to match:
access-list 105 permit ip 192.168.50.0 0.0.0.255 192.168.32.0 0.0.1.255
Policy stuff:
class-map match-all test
description test class to see whats going on
match access-group 105
!
!
policy-map policy1
class test
priority 96
class class-default
fair-queue
My outbound internet if:
interface Serial1/0
ip address x.x.x.x 255.255.255.252
serial restart-delay 0
no cdp enable
service-policy output policy1
my vpn config:
interface Tunnel0
description VPN to Tempe
ip address 10.10.50.1 255.255.255.0
qos pre-classify
keepalive 300 3
tunnel source Serial1/0
tunnel destination x.x.x.x
tunnel mode ipsec ipv4
tunnel protection ipsec profile pro-meramont
Traffic is coming into the router on this if:
interface FastEthernet2/0
ip address 192.168.50.2 255.255.255.0
duplex auto
speed auto
no cdp enable
I understand I need that qos pre-classify command to perform the policy routing over the tunnel, but I don't see it happening:
Meramont#sh crypto eng qos
crypto engine name: Multi-VPN Using Virtual Private Network (VPN) Module3/8
crypto engine type: hardware
slot: 3
queuing: enabled
visible bandwidth: 2000 kbps
llq size: 0
default queue size/max: 0/64
interface table size: 32
Serial1/0 (5), iftype 1, ctable size 16, input filter: access-group 105
class test (1/9), match access-group 105
bandwidth 96 kbps, max token 19200
IN match pkt/byte 0/0, police drop 0
OUT match pkt/byte 0/0, police drop 0
class default, match pkt/byte 115051/80548845, qdrop 11
crypto engine bandwidth: total 2000 kbps, allocated 96 kbps
I don't know maybe I'm not supposed to see it happening in here. But I am definately getting hits on my access-list:
sh access-list 105
Extended IP access list 105
10 permit ip 192.168.50.0 0.0.0.255 192.168.32.0 0.0.1.255 (424 matches)
I don't really know of any good debug commands to see if the qos is happening, and I am a little confused as to where the packet matching happens. Any help would be appreciated.
thanks
03-20-2007 02:24 PM
Hi,
The configuration looks fine.
You are doing LLQ. Any queueing, including LLQ, only works when there's congestion and that's the reason why you aren't seeing any packets being prioritized.
You might want to generate more traffic to cause congestion and check whether queueing kicks in.
HTH
Sundar
03-22-2007 08:47 AM
Thanks, that makes sense.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: