Citrix ICA tagging over DMVPN

Unanswered Question
May 22nd, 2008

Has anyone configured NBAR for Citrix ICA priority tagging ?

I have configured NBAR for Citrix ICA priority tagging feature on a 3845 with 12.4(13c) IOS.The citrix server is on a lan g0/0.1 connected to the DMVPN hub router.The citrix admin has configred all the parameters to make ICA priority tagging work on his side. The problem I have is I am not seeing the packets tagged when I access the server over from DMVPN edge router. Whereas the same works when I come from another lan interface g0/1.1 of the DMVPN router. I have used GRE tunneling instead of IPSec DMVPN, but it doesnt work. I am trying to match the packets on the lan interface where the server is connected.

class-map match-any icatag1

match protocol citrix ica-tag "1"

class-map match-any icatag0

match protocol citrix ica-tag "0"

class-map match-any icatag3

match protocol citrix ica-tag "3"

class-map match-any icatag2

match protocol citrix ica-tag "2"

!

policy-map test

class icatag0

set dscp af33

class icatag1

set dscp af32

class icatag2

set dscp af31

class icatag3

set dscp af23

!

interface GigabitEthernet0/0

no ip address

ip nbar protocol-discovery

ip route-cache flow

ip policy route-map citrix

duplex auto

speed auto

media-type sfp

no keepalive

service-policy input test

!

interface GigabitEthernet0/0.1

encapsulation dot1Q 1

ip address 10.244.1.250 255.255.255.0

ip nbar protocol-discovery

ip nat inside

ip virtual-reassembly

ip policy route-map citrix

service-policy input test

!

Rt1#sh route-map citrix

route-map citrix, permit, sequence 10

Match clauses:

ip address (access-lists): any

Set clauses:

ip df 0

Policy routing matches: 541003 packets, 38532833 bytes

Rt1#sh ip access-lists any

Extended IP access list any

10 permit ip any any (543185 matches)

!

Rt1# sh policy-map int g0/0.1

GigabitEthernet0/0.1

Service-policy input: test

Class-map: icatag0 (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol citrix ica-tag "0"

0 packets, 0 bytes

5 minute rate 0 bps

QoS Set: Feature obj ptr is 70A4F794

dscp af33

Packets marked 0

Class-map: icatag1 (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol citrix ica-tag "1"

0 packets, 0 bytes

5 minute rate 0 bps

QoS Set: Feature obj ptr is 70A4F844

dscp af32

Packets marked 0

Class-map: icatag2 (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol citrix ica-tag "2"

0 packets, 0 bytes

5 minute rate 0 bps

QoS Set: Feature obj ptr is 70A4F8F4

dscp af31

Packets marked 0

Class-map: icatag3 (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol citrix ica-tag "3"

0 packets, 0 bytes

5 minute rate 0 bps

QoS Set: Feature obj ptr is 70A4F9A4

dscp af23

Packets marked 0

Class-map: class-default (match-any)

33892 packets, 2757041 bytes

5 minute offered rate 3000 bps, drop rate 0 bps

Match: any

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
owillins Wed, 05/28/2008 - 12:44

Use this command show policy-map interface interface-name -- in working interface as well as non working interface verify the both the things.

Actions

This Discussion