Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
4
Replies

QoS trouble with class-map

Go to solution
johnyarborough
Level 1
Level 1

‎11-02-2009 03:11 PM - edited ‎03-04-2019 06:35 AM

I'm having trouble getting QoS to work on my router. I'm trying to get traffic from one specific address to be put in the priority queue. I will eventually fine tune this to specific ports but can't understand why this does not work. It does not match against the access list when I specify the address (192.168.1.15) but when match against any it matches meaning that it checks the access list but not working the way I expect it to.

boot system flash:c2600-ik9o3s3-mz.123-26.bin

!

no aaa new-model

ip subnet-zero

no ip source-route

ip flow-cache timeout active 1

ip cef

!

!

ip dhcp excluded-address 192.168.1.0 192.168.1.149

ip dhcp excluded-address 192.168.1.200 192.168.1.255

ip dhcp ping timeout 1000

!

ip dhcp pool Home

network 192.168.1.0 255.255.255.0

dns-server 4.2.2.2 4.2.2.3

default-router 192.168.1.251

lease 14

!

no ip bootp server

ip audit po max-events 100

vpdn enable

!

vpdn-group 1

request-dialin

protocol pppoe

!

!

class-map match-all TEST

match access-group name TEST

!

!

policy-map TEST

class TEST

priority 512

class class-default

fair-queue

!

interface Ethernet0/0

description Uplink to WAN

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

full-duplex

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface Ethernet0/1

description Uplink to LAN

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

full-duplex

!

interface Ethernet0/1.1

description Default VLAN

encapsulation dot1Q 1 native

!

interface Ethernet0/1.100

description Home VLAN

encapsulation dot1Q 100

ip address 192.168.1.251 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip nbar protocol-discovery

no ip mroute-cache

!

interface Dialer1

description ADSL WAN Dialer

mtu 1492

bandwidth 768000

ip address negotiated

no ip unreachables

ip nat outside

ip flow ingress

ip nbar protocol-discovery

encapsulation ppp

ip tcp adjust-mss 1452

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname username@isp.net ppp chap password 7 *

ppp pap sent-username username@isp.net password 7 *

ppp ipcp dns request

ppp ipcp address accept

service-policy output TEST

!

ip nat inside source list 10 interface Dialer1 overload

no ip http server

no ip http secure-server

ip classless

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip access-list standard TEST

permit host 192.168.1.15

dialer-list 1 protocol ip permit

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mlund
Level 7
Level 7

‎11-04-2009 02:18 AM

Hi

You are trying to match 192.168.1.15. This ip is on the inside. Maybe the router does nat before service-policy, then the match must be on the natted address.

You can try to set the policy on inside and set a dscp value. Then match the dscp value on outside.

example

policy-map inside

class TEST

set dscp ef

class-map match-all OUT

match dscp ef

policy-map outside

class OUT

priority 512

interface ethernet0/1.100

service-policy in TEST

interface dialer1

service-policy out OUT

/Mikael

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Gregory Camp
Cisco Employee
Cisco Employee

‎11-02-2009 04:27 PM

Try using an extended ACL instead

ip access-list extended TEST

permit host 192.168.1.15 any

0 Helpful

Go to solution
johnyarborough
Level 1
Level 1
In response to Gregory Camp

‎11-02-2009 04:32 PM

Thanks for the reply. I have tried an extended ACL, and also with numbers instead of names and no change. I've also tried between match-any and match-all. I have also tried applying the service-policy to the Ethernet0/0 interface and see the same results. Is there a way to debug class-maps or access-lists to see what address it is trying to match against?

0 Helpful

Go to solution
mlund
Level 7
Level 7

‎11-04-2009 02:18 AM

Hi

You are trying to match 192.168.1.15. This ip is on the inside. Maybe the router does nat before service-policy, then the match must be on the natted address.

You can try to set the policy on inside and set a dscp value. Then match the dscp value on outside.

example

policy-map inside

class TEST

set dscp ef

class-map match-all OUT

match dscp ef

policy-map outside

class OUT

priority 512

interface ethernet0/1.100

service-policy in TEST

interface dialer1

service-policy out OUT

/Mikael

0 Helpful

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7
In response to mlund

‎11-04-2009 03:17 AM

MiKael is right. Nat is done before doing queueing policies. What he has provided is a good solution.

HTH,

Toshi

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card