NBAR Problem - packet marking

Unanswered Question
Mar 3rd, 2008
User Badges:

Hi everyone

I am using NBAR on my 7206VXR box to mark RTP stream to DSCP EF and SIP to CS3. Marking of SIP to CS3 works fine, but I got problem with RTP marking. Sometimes output packet are NOT marked, altough the output of policy-map applied on the interface says something different:

Service-policy output: QoS-LAN-OUT

Class-map: RTP-NBAR (match-any)

7039646 packets, 2379635593 bytes

5 minute offered rate 87000 bps, drop rate 0 bps

Match: protocol rtp

7039646 packets, 2379635593 bytes

5 minute rate 87000 bps

QoS Set

dscp ef

Packets marked 7039646


Strict Priority

Output Queue: Conversation 264

Bandwidth 1000 (kbps) Burst 25000 (Bytes)

(pkts matched/bytes matched) 1002/344274

(total drops/bytes drops) 0/0

I use wireshark analyzer on output interface of router to verify this. I cann't find anything, what could explain why it is working sometimes, and sometimes not. Could it be IOS bug? Using 12.4(5a) right now.

Config of class and policy map is as simple as that (suppose the problem is not in configuration):

class-map match-any RTP-NBAR

match protocol rtp

policy-map QoS-LAN-OUT

class RTP-NBAR

set ip dscp ef

Any suggestions?

Best regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
MAC_IN_TOCH Mon, 03/10/2008 - 07:34
User Badges:

Hello Martin,

From my experience i think you should tag that traffic as it's coming in the interface.

I attached a *.pdf file with net diagram and configuration. hope it helps.

You can also use these commands to troubleshoot NBAR.

sh ip nbar protocol-discovery interface stats bit-rate top-n 10

debug ip nbar unclassified-port-stats

sh ip nbar unclassified-port-stats 5


Bruno Rodrigues



This Discussion