×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

QoS trouble with class-map

Answered Question
Nov 2nd, 2009
User Badges:

I'm having trouble getting QoS to work on my router. I'm trying to get traffic from one specific address to be put in the priority queue. I will eventually fine tune this to specific ports but can't understand why this does not work. It does not match against the access list when I specify the address (192.168.1.15) but when match against any it matches meaning that it checks the access list but not working the way I expect it to.


boot system flash:c2600-ik9o3s3-mz.123-26.bin

!

no aaa new-model

ip subnet-zero

no ip source-route

ip flow-cache timeout active 1

ip cef

!

!

ip dhcp excluded-address 192.168.1.0 192.168.1.149

ip dhcp excluded-address 192.168.1.200 192.168.1.255

ip dhcp ping timeout 1000

!

ip dhcp pool Home

network 192.168.1.0 255.255.255.0

dns-server 4.2.2.2 4.2.2.3

default-router 192.168.1.251

lease 14

!

no ip bootp server

ip audit po max-events 100

vpdn enable

!

vpdn-group 1

request-dialin

protocol pppoe

!

!

class-map match-all TEST

match access-group name TEST

!

!

policy-map TEST

class TEST

priority 512

class class-default

fair-queue

!

interface Ethernet0/0

description Uplink to WAN

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

full-duplex

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface Ethernet0/1

description Uplink to LAN

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

full-duplex

!

interface Ethernet0/1.1

description Default VLAN

encapsulation dot1Q 1 native

!

interface Ethernet0/1.100

description Home VLAN

encapsulation dot1Q 100

ip address 192.168.1.251 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip nbar protocol-discovery

no ip mroute-cache

!

interface Dialer1

description ADSL WAN Dialer

mtu 1492

bandwidth 768000

ip address negotiated

no ip unreachables

ip nat outside

ip flow ingress

ip nbar protocol-discovery

encapsulation ppp

ip tcp adjust-mss 1452

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname [email protected] ppp chap password 7 *

ppp pap sent-username [email protected] password 7 *

ppp ipcp dns request

ppp ipcp address accept

service-policy output TEST

!

ip nat inside source list 10 interface Dialer1 overload

no ip http server

no ip http secure-server

ip classless

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip access-list standard TEST

permit host 192.168.1.15

dialer-list 1 protocol ip permit


Correct Answer by mlund about 7 years 9 months ago

Hi


You are trying to match 192.168.1.15. This ip is on the inside. Maybe the router does nat before service-policy, then the match must be on the natted address.


You can try to set the policy on inside and set a dscp value. Then match the dscp value on outside.

example


policy-map inside

class TEST

set dscp ef


class-map match-all OUT

match dscp ef

policy-map outside

class OUT

priority 512


interface ethernet0/1.100

service-policy in TEST

interface dialer1

service-policy out OUT


/Mikael

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gregory Camp Mon, 11/02/2009 - 16:27
User Badges:
  • Cisco Employee,

Try using an extended ACL instead


ip access-list extended TEST

permit host 192.168.1.15 any

johnyarborough Mon, 11/02/2009 - 16:32
User Badges:

Thanks for the reply. I have tried an extended ACL, and also with numbers instead of names and no change. I've also tried between match-any and match-all. I have also tried applying the service-policy to the Ethernet0/0 interface and see the same results. Is there a way to debug class-maps or access-lists to see what address it is trying to match against?

Correct Answer
mlund Wed, 11/04/2009 - 02:18
User Badges:
  • Silver, 250 points or more

Hi


You are trying to match 192.168.1.15. This ip is on the inside. Maybe the router does nat before service-policy, then the match must be on the natted address.


You can try to set the policy on inside and set a dscp value. Then match the dscp value on outside.

example


policy-map inside

class TEST

set dscp ef


class-map match-all OUT

match dscp ef

policy-map outside

class OUT

priority 512


interface ethernet0/1.100

service-policy in TEST

interface dialer1

service-policy out OUT


/Mikael

thotsaphon Wed, 11/04/2009 - 03:17
User Badges:
  • Gold, 750 points or more

MiKael is right. Nat is done before doing queueing policies. What he has provided is a good solution.


HTH,

Toshi

Actions

This Discussion