cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1836
Views
4
Helpful
5
Replies

QoS: my IOS doesn't allow "match dscp ef"

thomasdzubin
Level 1
Level 1

Grrr... I'm wanting to create a QoS class-map that matches when a packet has the DSCP value "ef"

Unfortunately, it seems my version of IOS (12.4(11)T Adv. Security on an 871 router) doesn't support dscp matching. Is there a way around this using access-lists or something else?

I think "match ip precedence 5" will do the same thing and this cmap match statement IS accepted by my router.

Any comments? suggestions?

5 Replies 5

thomasdzubin
Level 1
Level 1

...and before you suggest "match ip dscp", that doesn't work either.

My only sub-options shown when I do a

"match ip ?"

are "precedence" and "rtp"

I just tested this on a 877 running 12.4(15)T1 Advanced IP Services and it works on this.....

class-map EF

match dscp ef

You could try the 'old' way:

ip access-list extended Any-EF

permit ip any any dscp ef

!

class-map EF

match access-group name Any-EF

!

HTH

Andy

Nope, maybe the "IP Security" version of IOS just doesn't like "dscp"...here's what happens when I tried your suggestion:

R#config t

Enter configuration commands, one per line. End with CNTL/Z.

R(config)#ip access-list extended Any-EF

R(config-ext-nacl)#permit ip any any dscp ef

^

% Invalid input detected at '^' marker.

R(config-ext-nacl)#

(note the '^' marker is supposed to be pointing at "dscp", but when I cut-and-paste into this Cisco forum, it gets rid of all the leading whitespace)

In any case, here are my options available on a "permit ip any any" access-list:

R(config-ext-nacl)#permit ip any any ?

fragments Check non-initial fragments

log Log matches against this entry

log-input Log matches against this entry, including input interface

option Match packets with given IP Options value

precedence Match packets with given precedence value

reflect Create reflexive access list entry

time-range Specify a time-range

tos Match packets with given TOS value

ttl Match packets with given TTL value

I have had a quick look at feature navigator but (as usual...) can't find any references - I'm not 100% sure what the feature would be called?

There are some QoS differences between the Advanced IP Services & Advanced Security but nothing that seems to reference DSCP.

I suggest you upgrade to 12.4(15)T1 Advanced Security and see whether the commands are accepted with that.

The upgrade should be free since you are not changing feature set or moving to a different major release.

There are also a couple of advisories against 12.4(11)T so you should try and upgrade anyway.

Andy

Yeah, I upgraded the 871 to:

c870-advsecurityk9-mz.124-15.T1.bin

and it still didn't work, so I said "what the heck" and upgraded to:

c870-advipservicesk9-mz.124-15.T1.bin

Finally "match dscp ef" works now.

So it was a IOS version problem, just not a version NUMBER problem.

Oh well...it's only money...luckily the $$$ difference between Adv. Security and Adv. IP services isn't that much on the 800 series.

Thanks for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: