Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Setting TOS bits !

hi all. I am confused with the following issue pls guide me.

I have defined this acl

access-list 113 per icmp host 10.0.0.1 host 10.0.0.2 echo tos 3 log

access-list 113 per ip an an

Now from R1(10.0.0.1) i did an extended ping to R2(10.0.0.2) setting TOS bits to value 3 but no matches are detected in

show access-list 113.

Following is what i did

R1#ping

Protocol [ip]:

Target IP address: 10.0.0.2

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface:

Type of service [0]: 3

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms

R1#

On R2

R2#sh access-lists 113

Extended IP access list 113

10 permit icmp host 10.0.0.1 host 10.0.0.2 echo tos 3 log

20 permit ip any any (12812 matches)

R2#

I dont know if i have misunderstood tos byte or what but i think if i am setting tos bits to be 3, then why not its setting it ?

Originally i tested it via windows wireshark and got confused when tos bit wasnt being set properly

Pls guide me

1 REPLY
Hall of Fame Super Silver

Re: Setting TOS bits !

Hello Ovais,

when you specify the TOS byte you need to specify the byte value.

so if you want match packets with IP precedence 3:

3 -> 01100000 as tos byte = 96 decimal

32*ip prec value is the rule

then to test it you need to set ip precedence using extented commands in ping

ping

Protocol [ip]:

Target IP address: 10.55.0.32

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface:

Type of service [0]: 96

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.55.0.32, timeout is 2 seconds:

!!!!!

Also packets locally generated on the router are not processed by an outbound ACL on the device

Hope to help

Giuseppe

409
Views
0
Helpful
1
Replies