06-02-2008 09:23 AM - edited 03-05-2019 11:21 PM
I have a QOS class called Imaging to match an ACL. The policy is working because the 'show policy-map int' shows how many packets have matched the ACL and been acted on. Yet a 'show access-list ...' doesn't show any hit counters.
This same QOS config is in 7206 and 2821 routers and the ACL hit counters increment when they are hit.
Any idea why the ACL hit counters aren't incrementing?
Here is the 7604 pertinent info:
IOS = 12.2(33)SRB1
ROC-RT7604A-CR#sh policy-map int g2/1/1.54
GigabitEthernet2/1/1.54
Service-policy output: ESH-WAN-100MB-speed_with_10MB_voice
.
.
.
Class-map: Imaging (match-any)
30800769 packets, 24714774942 bytes
30 second offered rate 2147000 bps, drop rate 0 bps
Match: access-group 151
Queueing
queue limit 12000 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 30800775/24714776230
QoS Set
set dscp af11
Packets marked 30800769
bandwidth 48000 kbps
ROC-RT7604A-CR#sh access-list 151
Extended IP access list 151
10 permit tcp any any eq 6464
20 permit tcp any eq 6464 any
30 permit tcp any any eq 104
40 permit tcp any eq 104 any
50 permit tcp any any eq 105
60 permit tcp any eq 105 any
class-map match-any Imaging
match access-group 151
policy-map ESH-QOS_classes_6Video_110voice
class Voice
priority 10000
class Call-Control
bandwidth 500
class Imaging
set dscp af11
bandwidth 48000
class Video
bandwidth 3220
class DVR
police 1544000
class class-default
random-detect
Solved! Go to Solution.
06-02-2008 09:35 AM
Jim
The 7600 router, as with the 6500 switch, supports ACL processsing in hardware. Any packets processed in hardware will not be shown in the match count when you do a "sh ip access-list
I would assume this is why you are not seeing hits. In contrast the 2800 and 7200 routers handle this in software hence you see the matches.
Attached is a link with more details on ACL processing for the 7600:
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/acl.html
Jon
06-02-2008 09:35 AM
Jim
The 7600 router, as with the 6500 switch, supports ACL processsing in hardware. Any packets processed in hardware will not be shown in the match count when you do a "sh ip access-list
I would assume this is why you are not seeing hits. In contrast the 2800 and 7200 routers handle this in software hence you see the matches.
Attached is a link with more details on ACL processing for the 7600:
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/acl.html
Jon
06-03-2008 12:32 AM
You might try:
'show tcam interface
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: