Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

QoS class issue

I have a QoS issue. Please help me figure out.

ip access-list extended SILVER-TRAFFIC

permit tcp any  10.0.0.0 0.255.255.255 eq 80

ip access-list extended BRONZE-TRAFFIC

permit tcp any  10.3.115.0 0.0.0.255 eq 80

permit tcp any  10.60.52.0 0.0.0.255 eq 80

class-map match-any SILVER-CLASS

  match access-group name SILVER-TRAFFIC

class-map match-any BRONZE-CLASS

  match access-group name BRONZE-TRAFFIC

policy-map QOS

  class SILVER-CLASS

   set dscp cs3

  class BRONZE-CLASS

   set dscp cs2

  class class-default

   set dscp default

There are 2 QoS class in this configuration. The ACL (permit tcp any  10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

Re: QoS class issue

cscyangyu wrote:

There are 2 QoS class in this configuration. The ACL (permit tcp any  10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?

It means that all traffic with the first octet of 10 in the IP address will be matched to the silver class. Nothing with a 10.x.x.x address will ever get past the silver class so all 10.x.x.x traffic will be marked with dscp cs3.

The policy-map is checked sequentially so and if a match is found processing stops so if you want bronze traffic to be marked as bronze -

policy-map QOS

class BRONZE-CLASS

set dscp cs2

class SILVER-CLASS

set dscp cs3

class class-default

set dscp default

Jon

Hall of Fame Super Silver

Re: QoS class issue

Hello Angyu,

your understanding is correct: the order of call of the class-maps counts like in an ACL

you should rewrite the policy-map invoking the bronze-traffic first or you will be in trouble

It could be a safe measure to rewrite the ACL for silver traffic denying the other traffic

Hope to help

Giuseppe

2 REPLIES
Hall of Fame Super Blue

Re: QoS class issue

cscyangyu wrote:

There are 2 QoS class in this configuration. The ACL (permit tcp any  10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?

It means that all traffic with the first octet of 10 in the IP address will be matched to the silver class. Nothing with a 10.x.x.x address will ever get past the silver class so all 10.x.x.x traffic will be marked with dscp cs3.

The policy-map is checked sequentially so and if a match is found processing stops so if you want bronze traffic to be marked as bronze -

policy-map QOS

class BRONZE-CLASS

set dscp cs2

class SILVER-CLASS

set dscp cs3

class class-default

set dscp default

Jon

Hall of Fame Super Silver

Re: QoS class issue

Hello Angyu,

your understanding is correct: the order of call of the class-maps counts like in an ACL

you should rewrite the policy-map invoking the bronze-traffic first or you will be in trouble

It could be a safe measure to rewrite the ACL for silver traffic denying the other traffic

Hope to help

Giuseppe

336
Views
0
Helpful
2
Replies