09-25-2006 06:20 AM - edited 03-03-2019 05:13 AM
I am having issues applying a Quality of Service policy to a number of 2950 series switches. I am aware of the limitations of the 2950, but I am hoping to work around these.
The problem synopsis is as follows:
The customer has a number of 2950 series switches which are uplinking to Core boxes. I am trying to police at the edge mark and police at the edge to avoid unneccesary utilisation of the uplinks. The config I am trying to apply to the 2950's is as follows:
ip access-list extended NetMAN-ANY.
permit tcp any 10.181.4.0 0.0.0.127 eq telnet
permit tcp any 10.181.4.128 0.0.0.127 eq telnet
permit tcp any 10.181.4.0 0.0.0.127 eq 22
permit tcp any 10.181.4.128 0.0.0.127 eq 22
permit ip any host 10.181.4.30
permit ip any host 10.181.4.60
permit ip any host 10.64.60.5
ip access-list extended PACS-ANY
permit tcp any 10.181.0.128 0.0.0.127 eq www
permit tcp any 10.181.0.128 0.0.0.127 eq 443
ip access-list extended TelnetAPPS-ANY
permit tcp any 10.181.29.0 0.0.0.127 eq telnet
permit tcp any 10.181.29.128 0.0.0.127 eq telnet
!
!
class-map match-all TelnetAPPS-ANY
match access-group name TelnetAPPS-ANY
class-map match-all NetMAN-ANY
match access-group name NetMAN-ANY
class-map match-all VVLAN-ANY
match ip dscp ef
class-map match-all PACS-ANY
match access-group name PACS-ANY
!
policy-map QOS-POLICY
class VVLAN-ANY
set ip dscp ef
police 1000000 8192 exceed-action dscp 0
class PACS-ANY
set ip dscp 32
police 5000000 8192 exceed-action dscp 0
class TelnetAPPS-ANY
set ip dscp 24
police 1000000 8192 exceed-action dscp 0
class NetMAN-ANY
set ip dscp 16
police 1000000 8192 exceed-action dscp 0
class class-default
set ip dscp 0
police 1000000 8192 exceed-action dscp 0
!
I have had to use /25 addresses for the access-lists because the limitation on the 2950 regarding mixing subnet masks. I have tried to match the VVLAN traffic by IP address using the following ACL but this has not worked, and the switch compains about the different mask used (Even though all masks were /25)
ip access-list extended VVLAN-ANY
permit ip 10.181.110.0 0.0.0.127 any
permit ip 10.181.110.128 0.0.0.127 any
The problem I am now experiencing is with applying the service policy to the interfaces of the switch. upon entering the command
(config-if)service-policy input QOS-POLICY
I get the following error:
NAH_CASUALTY_ESW1(config-if)#service-policy input QOS-POLICY
%Error: Another qos mask on this interface
Service Policy attachment failed
There are no other policies present on the switch.
If I remove the policy and just input one of the classes then apply the policy to an interface all works fine. I can then add each class one at a time, and there are no problems until I add the VVLAN-ANY class. Upon adding the VVLAN class it errors and the policy is removed from the interface. If I remove the VVLAN-ANY class and attempt to reapply the policy all works fine.
Does anyone have any ideas on how to reconfigure to make things work? Is the problem that the VVLAN-ANY class is matching matching against dscp value, and the others are matching against ACLs
Thanks in advance
Martin
09-29-2006 06:27 AM
saying basically is that:
1. If you have two different ACLs using two different masks, then it will not work.
2. If you have two different ACLs using the same mask, then it will work.
For the QOS, its required to use the same mask as there is a hardware limitation on this and that is the reason for it having the errors.
Additionally, the 3550 does not have this limitation as its only related to the 2950.
Please see this release note on this link:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swqos.htm#wp1025345
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: