12-16-2009 09:27 AM - edited 03-11-2019 09:49 AM
Hi, I have a 2 Mb link and wish dedicate 800 Kb for specific host. The another host in network can use only 1.2 Mb.
Look the configuration that I did:
access-list acl_qos extended permit ip host 172.16.1.10 any
access-list acl_qos_default extended permit ip any any
class-map class_qos
match access-list acl_qos
class-map class_qos_default
match access-list acl_qos_default
policy-map qos_policy
class class_qos
police output 812000 conform transmit exc transmit
class class_qos_default
police output 1258000 conform transmit exc drop
service-policy qos_policy interface outside
Well, I have this questions:
1°) The configuration is ok?
2°) The service-policy is applied before or after nat process?
3°) Traffic in default class (class_qos_default) never will use more that 1.2 Mb? Or, if host 172.16.1.10 not consume your cote (800 Kb) default class can use more that 1.2 Mb?
The last one: In show service-policy interface outside I see conform-action and exceed-action DROP in default class. Is it right?
fw# sh service-policy interface outside
Interface outside:
Service-policy: qos_policy
Class-map: class_qos_ib
Output police Interface outside:
cir 812000 bps, bc 25375 bytes
conformed 1862 packets, 1931904 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: transmit
conformed 145248 bps, exceed 0 bps
Class-map: class_qos_default
Output police Interface outside:
cir 1258000 bps, bc 39312 bytes
conformed 3686 packets, 704579 bytes; actions: drop
exceeded 0 packets, 0 bytes; actions: drop
conformed 51144 bps, exceed 0 bps
Best Regards.
Solved! Go to Solution.
12-16-2009 11:05 AM
1) No, but if you have 2 classes they should not match the same traffic. If they match the same traffic there is no point in policing them differently.
3) No, if class 2 is hitting its limit 1200 then it will not use the leftovers of class1, it will just be policed.
4) No, I am not sure why that shows. Please try to reapply the policing and see if it fixes.
PK
12-16-2009 10:28 AM
Hi,
1) No, one minor change
access-list acl_qos_default extended deny ip host 172.16.1.10 any
access-list acl_qos_default extended permit ip any any
2) After
3) If they are mutually exclusive (see 1) each can take its max.
last) You set the action in the police command. Usually it doesn't make sense to police if you are not dropping.
I hope it helps.
PK
12-16-2009 10:44 AM
Thanks pkampana, your help is very useful.
1) But I have two acl and two class, for differents policys. Is it wrong?
2) Ok, thanks.
3) Maybe I was not articulate. My question is: If traffic in policy 1 has not reached its limit, so the traffic policy 2 can use the "band" of the policy 1?
4) I set conform-action transmit and only excedeed action drop, but in show service-policy appear both as DROP... is it normal?
12-16-2009 11:05 AM
1) No, but if you have 2 classes they should not match the same traffic. If they match the same traffic there is no point in policing them differently.
3) No, if class 2 is hitting its limit 1200 then it will not use the leftovers of class1, it will just be policed.
4) No, I am not sure why that shows. Please try to reapply the policing and see if it fixes.
PK
12-16-2009 11:13 AM
One more time, thanks pkampana.
Now I understood.
I try many times remove and apply the configuration (about number 4)... I will open a TAC.
Regards.
12-17-2009 11:13 PM
Hey,
Have a look at this link before opening a TAC case.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#intro
You might just hit it right and solving it on your own would be priceless.
Regards,
Sian
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: