Hi Martin,

I guess yes, it is correct, but I also tried any combination, that is

any eq smtp any

any eq smtp any eq smtp

any any eq smtp

but the results are the same.

Thanks,

Laszlo

Hi,

you wrote :

"Also be aware, that all Catalyst ports are untrusted by default, i.e. the next Catalyst will remark everything to DSCP 0 if the (trunk) port is not configured to trust all incoming markings. "

Well, regarding the bcmsn book, I do not have to trust the ingress frame when using policy map to explicitly set the dscp value. Is this not true ? The config guide also suggest this.

Laszlo

Hi Laszlo,

I just meant it might happen, that markings are implemented by the 3560 but the next switch remarks to 0 again. It depends on where you sniffer the traffic (which I would do, to rule out "simple" counter problems = IOS bug).

So your input policy seems ok.

Regards, Martin

Hi Martin,

I actually misunderstood you, both the classification and queuing should happen on tha same switch.

Anyway, if the policy seems correct what else do you think is missing ? All match counters show 0.

Pls look at this :

C3560#sh policy-map interface gi 0/7

GigabitEthernet0/7

Service-policy input: smtp_policy

Class-map: SMTPTraffic (match-all)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: access-group 100

Class-map: class-default (match-any)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

rate 0 bps

C3560#sh access-lists

(text deleted)

Standard IP access list management_computers

10 permit 10.1.1.19 (34 matches)

20 permit 10.1.1.204 (28 matches)

Extended IP access list 100

10 permit tcp any eq smtp any

20 permit tcp any eq smtp any eq smtp

30 permit tcp any any eq smtp

Extended IP access list 101

(text deleted)

Thanks in advance,

Laszlo

Hi,

just for testing use "permit ip any any" as the ACL.

Regards, Martin

Hi,

this produces the same effect, no match, counters remain 0. However, there is a constatnt smtp flow through the interface.

Thanks,

Laszlo

I have the same problem.

Can you resolve it? Did you find the problem?

Thanks a lot.

Hello,

no, half as I would expect. On this forum and also on others, some people told me that the "show policy map interface" command is obsolete and will always show zero counter values. I also found this in some cisco documents. However, I still do not know how to monitor then the classification process and I would really appreciate if someone could tell me .

Laszlo

Hi,

now I have the solution for this problem :

1 : Under a Cisco bug ID it is documented as follows :

"

Problem:

In a CAT3550, show policy interface doesn't show statistics even

when traffic is flowing through the policy.

Workaround:

show mls qos interface [interface-

id] statistics should be used instead.

"

2 : ACL match is not incremented because QoS is implemented in hardware.

And the config actually works. You can see it if you check the particular egress interface for the classified traffic (not the port where classification takes place), by using the above mentioned command.

Laszlo