Cat4500 SUP IV show policy-map interface command

Unanswered Question
Mar 17th, 2008
User Badges:

Hello everyone,

I just ran into the problem with Cat4503, sup 4, IOS 12.2(18)EW is not reporting amount of packets marked with DSCP in show policy-map interface command. It seems that policy does work as it shows packets number under the class-map section of show policy-map interface command + I captured the data coming out and it is marked correctly. Int gig 1/1 in this case is a dot1q trunk and has qos trust dscp configured. Does anyone run into this? Is it a bug? I could not find anything on the Cisco web site re this. So I thought I would ask.

Thanks in advance.


Below is the example.

#sh policy-map int gig 1/1

GigabitEthernet1/1

Service-policy output: LAN-PM

Class-map: IP-Voice-CM (match-any)

16747664 packets

Match: access-group name IP-Voice-Traffic

16747664 packets

Match: ip dscp ef

0 packets

QoS Set

ip dscp ef

Packets marked 0

Class-map: IP-Video-CM (match-any)

29 packets

Match: access-group name VideoConference-Traffic

28 packets

Match: ip dscp af31

1 packets

QoS Set

ip dscp af31

Packets marked 0

Class-map: Bulk-CM (match-any)

193185 packets

Match: access-group name BackUp-Traffic

0 packets

Match: access-group name SMS-Traffic

193185 packets

Match: ip dscp af11

0 packets

QoS Set

ip dscp af11

Packets marked 0

Class-map: class-default (match-any)

19268464 packets

Match: any


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Fri, 03/21/2008 - 13:29
User Badges:
  • Silver, 250 points or more

This command display the statistics and configurations of the input and output policies that are attached to an interface. Your output looking good . Could you provide show run

Kevin Dorrell Fri, 03/21/2008 - 19:00
User Badges:
  • Green, 3000 points or more

I have also had problems with the counters on 4500. However, in my case there was a difference that I was marking on input from access ports rather than output. Presumably your G1/1 is a trunk.


In my case, I noticed the class counters were counting up even when there was no phone traffic for the port. I then looked at the show policy-map int across several access ports that were connected to the phones, and found that all the ports in one VLAN had the same counts. I came to the conclusion that class packets counters were actually the totals for the whole VLAN, whereas the set counters were the real traffic on the port. That is, the classes seem to be sorted out globally on the VLAN before the forwarding decision is made.


But my observations were for input policy maps, whereas yours are for output. Maybe there is a difference.


Kevin Dorrell

Luxembourg


ogencheva Wed, 03/26/2008 - 07:00
User Badges:

Cisco just came back with the answer - bug ID CSCef5603

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCef56039

show policy-map -> Packets marked 0 (counter is 0)

Symptom:

Cat4500 with Sup2+ (4013+) running 12.2(20)EW, with the policy

map applied on ingress (marking the packets -> match -> ef )does

not show the packets being marked, counter stays at "0". When a

sniffer was connected and the egress port spanned, the packets

going out were marked according to the service-policy applied.


Conditions:

The output of show policy-map int (match access-list, dscp ef,

applied on ingress), even with the "match" counter incrementing,

DOES NOT SHOW packets marked correctly stays at 0 all the time


Source IP 10.10.10.2----Fast3/1=Cat4500/IOS=Fast3/2---Dest


#sh policy-map int Fas 3/1

FastEthernet3/1

Service-policy input: xtest

Class-map: testx (match-all)

112 packets

Match: access-group 10

QoS Set

ip dscp ef

==>> Packets marked 0


Config: IOS version -> 12.2(20)EW

cat4000-i9s-mz.122-20.EW.bin


Mod Ports Card Type Model

---+-----+--------------------------------------+----------

1 2 1000BaseX (GBIC) Supervisor(active) WS-X4013+

3 48 10/100BaseTX (RJ45)V WS-X4148-RJ45V


...

class-map match-all testx

match access-group 10

policy-map xtest

class testx

set dscp ef

interface FastEthernet3/1

switchport access vlan 100

service-policy input xtest

access-list 10 permit 10.10.10.2


Workaround: Use a sniffer capture on egress interface to verify. This counter

cannot be displayed in CAT4500 series switches and hence starting 12.2(25)EW

and later, the Packets Marked field has been removed from the output of show

policy-map command. Status

Fixed


Severity

5


Last Modified

In Last 3 Days


Product

Cisco IOS software


Technology



1st Found-In

12.2(20)EW

Known Affected Versions



Fixed-In

12.2(18)EW6

12.2(25)EW

Related Bugs

The Packets marked counter of show policy-map does not increment

A Catalyst 4506 running 12.2(18)EW configured to mark incoming packets with a DSCP value specified with a policy-map will not increment the "Packets marked" counters even though the marking of the packet happened. This is a cosmetic issue which affects only the reporting counters shown in the outputs of "show policy-map interface". The marking of the packets is working as expected. There is no workaround .


Kevin Dorrell Wed, 03/26/2008 - 08:10
User Badges:
  • Green, 3000 points or more

Thank you for reporting back on that. I have 12.2(25)EWA2, and I can confirm that I have no "packets marked" counters.


What I do notice, however, is that the calss counters are fiction ... well, they are the class counters for the whole VLAN. I can tell that because if I police the class, then the conform bytes are not nearly enough to acocunt for the packets counted. Also, al the ports in the same VLANs have the same counts. Here is an example:

</p><p>Switch#show policy-map int F2/4</p><p> FastEthernet2/4</p><p></p><p>  Service-policy input: IPtel-in</p><p></p><p>    Class-map: IPtel-voice (match-all)</p><p>      1574012 packets</p><p>      Match: access-group name IPtel-net</p><p>      Match: ip dscp ef</p><p>      police: Per-interface</p><p>        Conform: 168 bytes Exceed: 0 bytes</p><p></p><p></p><p>    Class-map: IPtel-signal (match-all)</p><p>      233079 packets</p><p>      Match: access-group name IPtel-net</p><p>      Match: ip dscp cs3  af31</p><p>      QoS Set</p><p>       ip dscp cs3</p><p>      police: Per-interface</p><p>        Conform: 497752 bytes Exceed: 0 bytes</p><p></p><p></p><p>    Class-map: IPtel-other (match-all)</p><p>      284313 packets</p><p>      Match: access-group name IPtel-net</p><p></p><p>    Class-map: class-default (match-any)</p><p>      4536650 packets</p><p>      Match: any</p><p>      QoS Set</p><p>       ip dscp default</p><p>      police: Per-interface</p><p>        Conform: 0 bytes Exceed: 0 bytes</p><p>


Kevin Dorrell

Luxembourg


ogencheva Wed, 03/26/2008 - 08:21
User Badges:

On my switch in question I apply the same policy on two uplink interfaces and counters are pretty close but not exactly the same. For example, for VoIP traffic on Gig 1/1 it reports 351687015 packets and on Gig 1/2 it reports 351864394 packets.


SLH-COM6-4503-AS1#sh policy-map int gig1/1

GigabitEthernet1/1


Service-policy output: LAN-PM


Class-map: IP-Voice-CM (match-any)

351687015 packets

Match: access-group name IP-Voice-Traffic

351687015 packets

Match: ip dscp ef

0 packets

QoS Set

ip dscp ef

Packets marked 0


Class-map: Patient-IP-Video-CM (match-any)

0 packets

Match: access-group name eICU-Patient-Traffic

0 packets

Match: access-group name TeleMedicine-Traffic

0 packets

Match: ip dscp af41

0 packets

QoS Set

ip dscp af41

Packets marked 0


Class-map: IP-Video-CM (match-any)

3160028 packets

Match: access-group name VideoConference-Traffic

3160010 packets

Match: ip dscp af31

18 packets

QoS Set

ip dscp af31

Packets marked 0


Class-map: Bulk-CM (match-any)

9351850 packets

Match: access-group name BackUp-Traffic

0 packets

Match: access-group name SMS-Traffic

9351850 packets

Match: ip dscp af11

0 packets

QoS Set

ip dscp af11

Packets marked 0


Class-map: class-default (match-any)

535001553 packets

Match: any

SLH-COM6-4503-AS1#sh policy-map int gig1/2

GigabitEthernet1/2


Service-policy output: LAN-PM


Class-map: IP-Voice-CM (match-any)

351864394 packets

Match: access-group name IP-Voice-Traffic

351864394 packets

Match: ip dscp ef

0 packets

QoS Set

ip dscp ef

Packets marked 0


Class-map: Patient-IP-Video-CM (match-any)

0 packets

Match: access-group name eICU-Patient-Traffic

0 packets

Match: access-group name TeleMedicine-Traffic

0 packets

Match: ip dscp af41

0 packets

QoS Set

ip dscp af41

Packets marked 0


Class-map: IP-Video-CM (match-any)

3160028 packets

Match: access-group name VideoConference-Traffic

3160010 packets

Match: ip dscp af31

18 packets

QoS Set

ip dscp af31

Packets marked 0


Class-map: Bulk-CM (match-any)

9351919 packets

Match: access-group name BackUp-Traffic

0 packets

Match: access-group name SMS-Traffic

9351919 packets

Match: ip dscp af11

0 packets

QoS Set

ip dscp af11

Packets marked 0


Class-map: class-default (match-any)

534221056 packets

Match: any

SLH-COM6-4503-AS1#

Actions

This Discussion