Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3552
Views
0
Helpful
5
Replies

Dropping traffic with a policy-map not working

Go to solution
kevin_miller
Level 1
Level 1

‎07-28-2009 05:47 PM - edited ‎03-06-2019 06:59 AM

Hey ya'll. I'm trying to drop traffic using a policy-map. A config snip is included. I see some traffic matching, but it is definitely not being dropped. Any ideas?

policy-map Primary-OUT

class VOICE-Queue

drop

class VIDEO-Queue

drop

class SIGNALING-Queue

drop

class CONTROL-Queue

bandwidth remaining percent 10

...

blah, blah, blah.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vishwancc
Level 3
Level 3
In response to kevin_miller

‎07-30-2009 12:46 AM

Hi Kevin,

As per my understanding this QOS configuration will stop dropping packet once the QOS will come into picture ,that is when the congestion will occur until then the traffic will pass .Are you saying there is congestion and even then the traffic is passed.

Chao

Vishwa

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Amit Singh
Cisco Employee
Cisco Employee

‎07-28-2009 11:19 PM

Hi kevin,

Which device is this? What IOS you are running. Please paste the config for Class-maps and ACL's as well.

-amit singh

0 Helpful

Go to solution
kevin_miller
Level 1
Level 1
In response to Amit Singh

‎07-29-2009 04:07 AM

Hi Amit. I'm running c2801-advipservicesk9-mz.124-15.T8.bin, but I've tried a similar config in earlier versions of IOS - to no avail.

I can see traffic matching the Edge-IN service-policy on ingress. And when I configure a priority queue (instead of a drop), I can see the same traffic hitting the queue on egress. But when I replace the priority queue with "drop", I see some (but not all) packets hitting the class on egress, but the traffic is definitely not being dropped by the router.

Thanks for your help !

Here is the detail -

class-map match-any BULK-Mark

match access-group name BULK-APPS

class-map match-all SCAVENGER-Queue

match ip dscp af13

class-map match-all SIGNALING-Queue

match ip dscp cs5

class-map match-all VOICE-Queue

match ip dscp ef

class-map match-all VIDEO-Queue

match ip dscp af41

class-map match-all CONTROL-Queue

match ip dscp cs6

class-map match-any SCAVENGER-Mark

match access-group name SCAVENGER-APPS

class-map match-all SIGNALING-Mark

match ip dscp cs5

class-map match-all VIDEO-Mark

match ip dscp af41

class-map match-all VOICE-Mark

match ip dscp ef

class-map match-any CONTROL-Mark

match access-group name CONTROL-APPS

class-map match-all BULK-Queue

match ip dscp af11

!

!

policy-map Edge-IN

class SCAVENGER-Mark

set ip dscp af13

class BULK-Mark

set ip dscp af11

class VOICE-Mark

set ip dscp ef

class VIDEO-Mark

set ip dscp af41

class SIGNALING-Mark

set ip dscp cs5

class CONTROL-Mark

set ip dscp cs6

class class-default

set dscp default

policy-map Primary-OUT

class VOICE-Queue

drop

class VIDEO-Queue

drop

class SIGNALING-Queue

drop

class CONTROL-Queue

bandwidth remaining percent 10

class BULK-Queue

bandwidth remaining percent 25

random-detect

class SCAVENGER-Queue

police rate 256000

conform-action transmit

exceed-action drop

class class-default

fair-queue

policy-map Primary-Shaper

class class-default

shape average percent 95

service-policy Primary-OUT

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.240

!

interface FastEthernet0/0

description Internal Interface

ip address 10.1.1.0 255.255.255.0

service-policy input Edge-IN

!

interface Serial0/1/0

description To MCI

bandwidth 1544

no ip address

encapsulation frame-relay IETF

frame-relay lmi-type ansi

max-reserved-bandwidth 100

service-policy output Primary-Shaper

!

interface Serial0/1/0.500 point-to-point

ip unnumbered Loopback0

frame-relay interface-dlci 500 IETF

!

ip access-list extended BULK-APPS

permit tcp any any eq 50

permit udp any any eq 60

permit tcp any any eq 70

ip access-list extended CONTROL-APPS

permit udp any any eq 1645

permit udp any eq 1645 any

permit udp any any eq 1812

permit udp any eq 1812 any

permit tcp any any eq telnet

permit tcp any eq telnet any

permit udp any any eq domain

permit udp any eq domain any

ip access-list extended SCAVENGER-APPS

permit ip host 10.16.30.65 any time-range WORKING-HOURS

time-range WORKING-HOURS

periodic weekdays 12:00 to 23:59

0 Helpful

Go to solution
vishwancc
Level 3
Level 3
In response to kevin_miller

‎07-30-2009 12:46 AM

Hi Kevin,

As per my understanding this QOS configuration will stop dropping packet once the QOS will come into picture ,that is when the congestion will occur until then the traffic will pass .Are you saying there is congestion and even then the traffic is passed.

Chao

Vishwa

0 Helpful

Go to solution
kevin_miller
Level 1
Level 1
In response to vishwancc

‎07-30-2009 04:09 AM

Of course ! I don't know why I didn't think of that. The drop command can't be used to drop all traffic - it will only start dropping when QOS is active. Thanks much Vishwa!

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9

‎07-28-2009 11:54 PM

try to attached or apply the policy map on an interface using the 'service-policy' command. try to do a 'show policy-map interface' command afterwards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card