QoS issue with access-lists

Unanswered Question
Apr 14th, 2008
User Badges:

Hello,


I would like to create on a CE router a different QoS depending on 2 traffic types: web and the rest. The idea is to give to a less important application (the web) only 30% of the bandwidth.


My problem is that, with the following configuration, all the traffic match the highest priority access-list without matching the less priority access-list (0 match, even when the link is full).


Do you have an idea why ?


Regards,


Jean-Baptiste


The config is the following one:

----------------------

class-map match-any PRIOR_IN

match access-group name ALL

class-map match-any WEB_IN

match access-group name WEB

!

class-map match-any PRIOR_OUT

match ip dscp af21

class-map match-any WEB_OUT

match ip dscp af11

!

policy-map mark

class PRIOR_IN

set ip dscp af21

class WEB_IN

set ip dscp af11

!

policy-map etm

class PRIOR_OUT

bandwidth remaining percent 70

random-detect dscp-based

class WEB_OUT

bandwidth remaining percent 30

random-detect dscp-based

!

interface FastEthernet0/0

service-policy input mark

!

interface Serial0/0/0:1

service-policy output etm

!

ip access-list extended ALL

permit ip any any

ip access-list extended WEB

permit tcp any any eq www

!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 04/14/2008 - 16:40
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jean-Baptiste


The problem is you are marking all traffic as dscp af21 because of the order in your policy-map mark. So change the order here ie.


policy-map mark

class PRIOR_IN

set ip dscp af21

class WEB_IN

set ip dscp af11


should be


policy-map mark

class WEB_IN

set ip dscp af11

class PRIOR_IN

set ip dscp af21


This way web traffic will be correctly marked with af11.


Jon

mheusing Mon, 04/14/2008 - 22:27
User Badges:
  • Cisco Employee,

Hi,


Jon spotted the problem in your initial configuration and gave a working solution. A potentially more simple solution:


policy-map mark

class WEB_IN

set ip dscp af11

class class-default

set ip dscp af21


The class "class-default" is always present and has the definition of "match any", which means all the rest of traffic not matched in any other class before. This will achieve the same result as your ACL ALL matching all IP traffic.


Hope this helps! Please use the rating system.


Regards, Martin



Actions

This Discussion