class-map question

Unanswered Question
May 8th, 2007

Case I)

class-map match-all CoS-1

match access-group name tftp

match protocol tftp

policy-map mqc-1

class CoS-1

police cir 8000

conform-action transmit

exceed-action drop

interface Serial0/1

ip address 2.2.2.2 255.128.0.0

service-policy input mqc-1

encapsulation frame-relay

ip access-list extended rtp

permit ip any any

Case II)

class-map match-all CoS-1

match protocol tftp

policy-map mqc-1

class CoS-1

police cir 8000

conform-action transmit

exceed-action drop

interface Serial0/1

ip address 2.2.2.2 255.128.0.0

service-policy input mqc-1

encapsulation frame-relay

Question:

End result as described in I) & II) is same? i.e. in both the cases 'tftp' traffic is subjected to policing?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mohammedmahmoud Tue, 05/08/2007 - 07:55

Hi,

I think that there is some kind of typo mistake in case1, but any way always make sure is it match-all or match-any, match-all is the default, but it introduces a problem as all the subsequent match statements should match, accordingly the class-map could fail to match.

HTH, please do rate all helpful posts,

Mohammed Mahmoud.

dgahm Tue, 05/08/2007 - 16:44

Assuming access list rtp should really be called tftp, then both examples will perform the same as the access list will always match.

Actually, neither will work to police tftp traffic as match protocol requires that NBAR protocol discovery be enabled on the interface.

Please rate helpful posts.

Dave

jcrussell Tue, 05/08/2007 - 17:03

dgahm,

The Doc CD doesn't mention enabling NBAR protocol discovery on an interface to use "match protocol". All it mentions as a prerequisite is enabling CEF. The following is from the link at the bottom.

Configuring a Traffic Class with NBAR Example

In the following example, all SQL*Net traffic leaving fastethernet interface 0/1 is marked with the IP precedence value of 4. In the example, NBAR is used to identify SQL*Net traffic, while the treatment of SQL*Net traffic (in this case, it is forwarded with the IP precedence bit set as 4) is determined by the traffic policy configuration (the set ip precedence 4 command in policy-map class configuration mode).

Router(config)# class-map sqlnettraffic

Router(config-cmap)# match protocol sqlnet

Router(config)# policy-map sqlsetipprec1

Router(config-pmap)# class sqlnettraffic

Router(config-pmap-c)# set ip precedence 4

Router(config)# interface fastethernet 0/1

Router(config-if)# service-policy output sqlsetipprec1

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfnbar.htm#wp1003032

Also, the QOS Exam Certification Guide 2nd Edition says on page 222:

"In earlier IOS releases, the 'ip nbar protocol-discovery' command was required on an interface before using a service-policy command that used NBAR matching. With 12.2T train releases, the command is no longer required".

So I guess it might depend on what version of IOS you are using.

Actions

This Discussion