Setting TOS bits !

illusion_rox · ‎10-04-2009

hi all. I am confused with the following issue pls guide me.

I have defined this acl

access-list 113 per icmp host 10.0.0.1 host 10.0.0.2 echo tos 3 log

access-list 113 per ip an an

Now from R1(10.0.0.1) i did an extended ping to R2(10.0.0.2) setting TOS bits to value 3 but no matches are detected in

show access-list 113.

Following is what i did

R1#ping

Protocol [ip]:

Target IP address: 10.0.0.2

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface:

Type of service [0]: 3

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms

R1#

On R2

R2#sh access-lists 113

Extended IP access list 113

10 permit icmp host 10.0.0.1 host 10.0.0.2 echo tos 3 log

20 permit ip any any (12812 matches)

R2#

I dont know if i have misunderstood tos byte or what but i think if i am setting tos bits to be 3, then why not its setting it ?

Originally i tested it via windows wireshark and got confused when tos bit wasnt being set properly

Pls guide me

Giuseppe Larosa · ‎10-05-2009

Hello Ovais,

when you specify the TOS byte you need to specify the byte value.

so if you want match packets with IP precedence 3:

3 -> 01100000 as tos byte = 96 decimal

32*ip prec value is the rule

then to test it you need to set ip precedence using extented commands in ping

ping

Protocol [ip]:

Target IP address: 10.55.0.32