cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
621
Views
0
Helpful
6
Replies

Cat4500 SUP IV show policy-map interface command

ogencheva
Level 1
Level 1

Hello everyone,

I just ran into the problem with Cat4503, sup 4, IOS 12.2(18)EW is not reporting amount of packets marked with DSCP in show policy-map interface command. It seems that policy does work as it shows packets number under the class-map section of show policy-map interface command + I captured the data coming out and it is marked correctly. Int gig 1/1 in this case is a dot1q trunk and has qos trust dscp configured. Does anyone run into this? Is it a bug? I could not find anything on the Cisco web site re this. So I thought I would ask.

Thanks in advance.

Below is the example.

#sh policy-map int gig 1/1

GigabitEthernet1/1

Service-policy output: LAN-PM

Class-map: IP-Voice-CM (match-any)

16747664 packets

Match: access-group name IP-Voice-Traffic

16747664 packets

Match: ip dscp ef

0 packets

QoS Set

ip dscp ef

Packets marked 0

Class-map: IP-Video-CM (match-any)

29 packets

Match: access-group name VideoConference-Traffic

28 packets

Match: ip dscp af31

1 packets

QoS Set

ip dscp af31

Packets marked 0

Class-map: Bulk-CM (match-any)

193185 packets

Match: access-group name BackUp-Traffic

0 packets

Match: access-group name SMS-Traffic

193185 packets

Match: ip dscp af11

0 packets

QoS Set

ip dscp af11

Packets marked 0

Class-map: class-default (match-any)

19268464 packets

Match: any

6 Replies 6

mchin345
Level 6
Level 6

This command display the statistics and configurations of the input and output policies that are attached to an interface. Your output looking good . Could you provide show run

I just added the config. I am not sure that output looks good as it shows 0 packets being marked.

Thanks for looking into this.

Olga

Kevin Dorrell
Level 10
Level 10

I have also had problems with the counters on 4500. However, in my case there was a difference that I was marking on input from access ports rather than output. Presumably your G1/1 is a trunk.

In my case, I noticed the class counters were counting up even when there was no phone traffic for the port. I then looked at the show policy-map int across several access ports that were connected to the phones, and found that all the ports in one VLAN had the same counts. I came to the conclusion that class packets counters were actually the totals for the whole VLAN, whereas the set counters were the real traffic on the port. That is, the classes seem to be sorted out globally on the VLAN before the forwarding decision is made.

But my observations were for input policy maps, whereas yours are for output. Maybe there is a difference.

Kevin Dorrell

Luxembourg

Cisco just came back with the answer - bug ID CSCef5603

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCef56039

show policy-map -> Packets marked 0 (counter is 0)

Symptom:

Cat4500 with Sup2+ (4013+) running 12.2(20)EW, with the policy

map applied on ingress (marking the packets -> match -> ef )does

not show the packets being marked, counter stays at "0". When a

sniffer was connected and the egress port spanned, the packets

going out were marked according to the service-policy applied.

Conditions:

The output of show policy-map int (match access-list, dscp ef,

applied on ingress), even with the "match" counter incrementing,

DOES NOT SHOW packets marked correctly stays at 0 all the time

Source IP 10.10.10.2----Fast3/1=Cat4500/IOS=Fast3/2---Dest

#sh policy-map int Fas 3/1

FastEthernet3/1

Service-policy input: xtest

Class-map: testx (match-all)

112 packets

Match: access-group 10

QoS Set

ip dscp ef

==>> Packets marked 0

Config: IOS version -> 12.2(20)EW

cat4000-i9s-mz.122-20.EW.bin

Mod Ports Card Type Model

---+-----+--------------------------------------+----------

1 2 1000BaseX (GBIC) Supervisor(active) WS-X4013+

3 48 10/100BaseTX (RJ45)V WS-X4148-RJ45V

...

class-map match-all testx

match access-group 10

policy-map xtest

class testx

set dscp ef

interface FastEthernet3/1

switchport access vlan 100

service-policy input xtest

access-list 10 permit 10.10.10.2

Workaround: Use a sniffer capture on egress interface to verify. This counter

cannot be displayed in CAT4500 series switches and hence starting 12.2(25)EW

and later, the Packets Marked field has been removed from the output of show

policy-map command. Status

Fixed

Severity

5

Last Modified

In Last 3 Days

Product

Cisco IOS software

Technology

1st Found-In

12.2(20)EW

Known Affected Versions

Fixed-In

12.2(18)EW6

12.2(25)EW

Related Bugs

The Packets marked counter of show policy-map does not increment

A Catalyst 4506 running 12.2(18)EW configured to mark incoming packets with a DSCP value specified with a policy-map will not increment the "Packets marked" counters even though the marking of the packet happened. This is a cosmetic issue which affects only the reporting counters shown in the outputs of "show policy-map interface". The marking of the packets is working as expected. There is no workaround .

Thank you for reporting back on that. I have 12.2(25)EWA2, and I can confirm that I have no "packets marked" counters.

What I do notice, however, is that the calss counters are fiction ... well, they are the class counters for the whole VLAN. I can tell that because if I police the class, then the conform bytes are not nearly enough to acocunt for the packets counted. Also, al the ports in the same VLANs have the same counts. Here is an example:

Switch#show policy-map int F2/4

FastEthernet2/4

Service-policy input: IPtel-in

Class-map: IPtel-voice (match-all)

1574012 packets

Match: access-group name IPtel-net

Match: ip dscp ef

police: Per-interface

Conform: 168 bytes Exceed: 0 bytes

Class-map: IPtel-signal (match-all)

233079 packets

Match: access-group name IPtel-net

Match: ip dscp cs3 af31

QoS Set

ip dscp cs3

police: Per-interface

Conform: 497752 bytes Exceed: 0 bytes

Class-map: IPtel-other (match-all)

284313 packets

Match: access-group name IPtel-net

Class-map: class-default (match-any)

4536650 packets

Match: any

QoS Set

ip dscp default

police: Per-interface

Conform: 0 bytes Exceed: 0 bytes

Kevin Dorrell

Luxembourg

On my switch in question I apply the same policy on two uplink interfaces and counters are pretty close but not exactly the same. For example, for VoIP traffic on Gig 1/1 it reports 351687015 packets and on Gig 1/2 it reports 351864394 packets.

SLH-COM6-4503-AS1#sh policy-map int gig1/1

GigabitEthernet1/1

Service-policy output: LAN-PM

Class-map: IP-Voice-CM (match-any)

351687015 packets

Match: access-group name IP-Voice-Traffic

351687015 packets

Match: ip dscp ef

0 packets

QoS Set

ip dscp ef

Packets marked 0

Class-map: Patient-IP-Video-CM (match-any)

0 packets

Match: access-group name eICU-Patient-Traffic

0 packets

Match: access-group name TeleMedicine-Traffic

0 packets

Match: ip dscp af41

0 packets

QoS Set

ip dscp af41

Packets marked 0

Class-map: IP-Video-CM (match-any)

3160028 packets

Match: access-group name VideoConference-Traffic

3160010 packets

Match: ip dscp af31

18 packets

QoS Set

ip dscp af31

Packets marked 0

Class-map: Bulk-CM (match-any)

9351850 packets

Match: access-group name BackUp-Traffic

0 packets

Match: access-group name SMS-Traffic

9351850 packets

Match: ip dscp af11

0 packets

QoS Set

ip dscp af11

Packets marked 0

Class-map: class-default (match-any)

535001553 packets

Match: any

SLH-COM6-4503-AS1#sh policy-map int gig1/2

GigabitEthernet1/2

Service-policy output: LAN-PM

Class-map: IP-Voice-CM (match-any)

351864394 packets

Match: access-group name IP-Voice-Traffic

351864394 packets

Match: ip dscp ef

0 packets

QoS Set

ip dscp ef

Packets marked 0

Class-map: Patient-IP-Video-CM (match-any)

0 packets

Match: access-group name eICU-Patient-Traffic

0 packets

Match: access-group name TeleMedicine-Traffic

0 packets

Match: ip dscp af41

0 packets

QoS Set

ip dscp af41

Packets marked 0

Class-map: IP-Video-CM (match-any)

3160028 packets

Match: access-group name VideoConference-Traffic

3160010 packets

Match: ip dscp af31

18 packets

QoS Set

ip dscp af31

Packets marked 0

Class-map: Bulk-CM (match-any)

9351919 packets

Match: access-group name BackUp-Traffic

0 packets

Match: access-group name SMS-Traffic

9351919 packets

Match: ip dscp af11

0 packets

QoS Set

ip dscp af11

Packets marked 0

Class-map: class-default (match-any)

534221056 packets

Match: any

SLH-COM6-4503-AS1#

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco