Router 7606 policy-map

elena.rus · ‎10-02-2008

Could you help me, please.

User terminate pppoe session and must get service-policy input and output from RADIUS server. And router get it, but can't set output policy in Virtual-Access interface.

Router 7606-s

In log:

%SW_MGR-3-CM_ERROR_FEATURE_CLASS: Connection Manager Feature Error: Class SSS: (QoS) - install error, ignore.

-Traceback= 85501E8 85508F4 94ABAFC 94BE36C AEEC180 AEEC210 94BE610 94BE810 94BECBC 94AACF4 94AAE4C 94A5950 94A5D74 A6A07B0 A696310

Problem with this policy:

access-list 101 permit ip any any time-range TST

class-map match-all TST

match access-group 101

!

policy-map 64K

class TST

police cir 131000 bc 131072 be 131072

conform-action transmit

exceed-action drop

class class-default

police cir 65500 bc 65536 be 65536

conform-action transmit

exceed-action drop

but with this polisy have not problem:

policy-map 100K

class class-default

police cir 102000 bc 102400 be 102400

conform-action transmit

exceed-action drop

policy-map 64K install only as input, but doesn't work properly.

All traffic match to class TST, even through time-range doesn't match.

Both policy-maps work properly on 7204 router.

Giuseppe Larosa · ‎10-03-2008

Hello Elena,

I think you are facing a functional limitation of multilayer switch C7606:

there are different TCAM tables that are used for different purposes including an ACL TCAM.

A time based ACL is something different then normal ACL I don't know if they are supported in ACL TCAM table.

The TCAM entries should be modified with action permit or drop at the time range boundaries.

Verify also the clock on the C7606 because it needs to be in sync with an NTP server to be accurate.

the C7204 is a software based router and so its implementation is different: less efficient but with more functionalities.

>> policy-map 64K install only as input, but doesn't work properly.

All traffic match to class TST, even through time-range doesn't match.

probably the time-range is ignored.

Or at least it is a problem with the current release. May you provide more info like type of supervisor and IOS image name ?

Hope to help

Giuseppe

elena.rus · ‎10-03-2008

Thanks for your help, Giuseppe!

With NTP all is ok.

Information from "sh ver" :

Cisco CISCO7606-S (M8500) processor (revision 1.0) with 851968K/65536K bytes of memory.

Processor board ID FOX1220H7C4

BASEBOARD: RSP720

CPU: MPC8548_E, Version: 2.0, (0x80390020)

CORE: E500, Version: 2.0, (0x80210020)

CPU:1200MHz, CCB:400MHz, DDR:200MHz,

L1: D-cache 32 kB enabled

I-cache 32 kB enabled

Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRC2, RELEASE SOFTWARE (fc2)

>> probably the time-range is ignored.

if it ignored in policy-map, does it also must ignored in Access-Group in interface?

Giuseppe Larosa · ‎10-03-2008

Hello Elena,

>> probably the time-range is ignored.

if it ignored in policy-map, does it also must ignored in Access-Group in interface?

Here we enter the field of implementation details.

It is possible that an access-list applied directly to interface can use the time range because it is present in command reference, but at the same time an ACL used within a qos policy-map cannot use time-range because the code does not retain this info and doesn't pass it to another routine that has to build the TCAM entry later used for the policy map.

I would suggest you to open a TAC service request for this issue: customers can propose new features/improvements also using this channel

Hope to help

Giuseppe

elena.rus · ‎10-06-2008

Hello, Giuseppe

With error we have arrived at a solution

%SW_MGR-3-CM_ERROR_FEATURE_CLASS: Connection Manager Feature Error: Class SSS: (QoS) - install error, ignore.

-Traceback= 85501E8 85508F4 94ABAFC 94BE36C AEEC180 AEEC210 94BE610 94BE810 94BECBC 94AACF4 94AAE4C 94A5950 94A5D74 A6A07B0 A696310

Now we use hQoS instead of two class with "police" in the same policy-map.

There is just one problem - time-range is real ignored.

We open a TAC service request for this issue.

Thanks for your help