QoS trouble with class-map

Answered Question
Nov 2nd, 2009

I'm having trouble getting QoS to work on my router. I'm trying to get traffic from one specific address to be put in the priority queue. I will eventually fine tune this to specific ports but can't understand why this does not work. It does not match against the access list when I specify the address (192.168.1.15) but when match against any it matches meaning that it checks the access list but not working the way I expect it to.


boot system flash:c2600-ik9o3s3-mz.123-26.bin

!

no aaa new-model

ip subnet-zero

no ip source-route

ip flow-cache timeout active 1

ip cef

!

!

ip dhcp excluded-address 192.168.1.0 192.168.1.149

ip dhcp excluded-address 192.168.1.200 192.168.1.255

ip dhcp ping timeout 1000

!

ip dhcp pool Home

network 192.168.1.0 255.255.255.0

dns-server 4.2.2.2 4.2.2.3

default-router 192.168.1.251

lease 14

!

no ip bootp server

ip audit po max-events 100

vpdn enable

!

vpdn-group 1

request-dialin

protocol pppoe

!

!

class-map match-all TEST

match access-group name TEST

!

!

policy-map TEST

class TEST

priority 512

class class-default

fair-queue

!

interface Ethernet0/0

description Uplink to WAN

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

full-duplex

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface Ethernet0/1

description Uplink to LAN

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

full-duplex

!

interface Ethernet0/1.1

description Default VLAN

encapsulation dot1Q 1 native

!

interface Ethernet0/1.100

description Home VLAN

encapsulation dot1Q 100

ip address 192.168.1.251 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip nbar protocol-discovery

no ip mroute-cache

!

interface Dialer1

description ADSL WAN Dialer

mtu 1492

bandwidth 768000

ip address negotiated

no ip unreachables

ip nat outside

ip flow ingress

ip nbar protocol-discovery

encapsulation ppp

ip tcp adjust-mss 1452

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname [email protected] ppp chap password 7 *

ppp pap sent-username [email protected] password 7 *

ppp ipcp dns request

ppp ipcp address accept

service-policy output TEST

!

ip nat inside source list 10 interface Dialer1 overload

no ip http server

no ip http secure-server

ip classless

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip access-list standard TEST

permit host 192.168.1.15

dialer-list 1 protocol ip permit


Correct Answer by mlund about 7 years 3 months ago

Hi


You are trying to match 192.168.1.15. This ip is on the inside. Maybe the router does nat before service-policy, then the match must be on the natted address.


You can try to set the policy on inside and set a dscp value. Then match the dscp value on outside.

example


policy-map inside

class TEST

set dscp ef


class-map match-all OUT

match dscp ef

policy-map outside

class OUT

priority 512


interface ethernet0/1.100

service-policy in TEST

interface dialer1

service-policy out OUT


/Mikael

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gregory Camp Mon, 11/02/2009 - 16:27

Try using an extended ACL instead


ip access-list extended TEST

permit host 192.168.1.15 any

johnyarborough Mon, 11/02/2009 - 16:32

Thanks for the reply. I have tried an extended ACL, and also with numbers instead of names and no change. I've also tried between match-any and match-all. I have also tried applying the service-policy to the Ethernet0/0 interface and see the same results. Is there a way to debug class-maps or access-lists to see what address it is trying to match against?

Correct Answer
mlund Wed, 11/04/2009 - 02:18

Hi


You are trying to match 192.168.1.15. This ip is on the inside. Maybe the router does nat before service-policy, then the match must be on the natted address.


You can try to set the policy on inside and set a dscp value. Then match the dscp value on outside.

example


policy-map inside

class TEST

set dscp ef


class-map match-all OUT

match dscp ef

policy-map outside

class OUT

priority 512


interface ethernet0/1.100

service-policy in TEST

interface dialer1

service-policy out OUT


/Mikael

thotsaphon Wed, 11/04/2009 - 03:17

MiKael is right. Nat is done before doing queueing policies. What he has provided is a good solution.


HTH,

Toshi

Actions

This Discussion