03-24-2006 01:14 AM - edited 03-03-2019 02:27 AM
I have a 2970G with ver :
C2970-LANBASEK9-M), Version 12.2(25)SEE
I am trying to make a QoS marking policy.
example:
class-map match-any Critical-Traffic
match access-group name Critical-Traffic
!
!
policy-map Client-Traffic-QoS
class Critical-Traffic
set dscp af31
class class-default
set dscp default
police 30000000 200000 exceed-action policed-dscp-transmit
!
ip access-list extended Critical-Traffic
permit tcp any any eq telnet
permit tcp any any eq tacacs
permit tcp any any eq 22
permit icmp any any
permit udp any any eq snmp
permit udp any any eq snmptrap
permit udp any any eq tftp
interface GigabitEthernet0/19
service-policy input Client-Traffic-QoS
srr-queue bandwidth share 20 25 45 10
priority-queue out
no cdp enable
spanning-tree portfast
I placed a sniffer machine to sniff the inbound traffic on the port.
when I run traffic in through the port the policy map sees no matches thus doesnt mark the traffic.
I have tried traffic that would be marked AF31.
any ideas?
03-24-2006 01:24 AM
Just as a check to see whether your class-map is the issue, could you configure 'set dscp af31' under class-default to see if the service-policy is acting on your traffic at all....
Paresh
03-24-2006 07:49 AM
I have tried setting the
class-default
set dscp af31
and also changing the access-list
and no luck:
s2970G-Intranet-EP#sh policy-map interface gigabitEthernet 0/19
GigabitEthernet0/19
Service-policy input: Client-Traffic-QoS
Class-map: Priority-Traffic (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group name Priority-Traffic
0 packets, 0 bytes
30 second rate 0 bps
Class-map: Critical-Traffic (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group name Critical-Traffic
0 packets, 0 bytes
30 second rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bps
Seems there are no matches on the access-lists or the policy.
03-24-2006 07:15 AM
Hello,
does your access-list get any matches? Maybe it is a source/destination issue.
can you try
ip access-list extended Critical-Traffic
permit tcp any any eq telnet
permit tcp any eq telnet any
and check with a telnet THROUGH the switch (not from or to the switch!) if it works then?
Hope this helps! Please rate all posts.
Regards, Martin
03-24-2006 07:50 AM
I have tried this as you can see in the comment above.
I telneted through the switch and no traffic matche sthe access-list or the policy-map....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide