Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

QoS issue with access-lists

Hello,

I would like to create on a CE router a different QoS depending on 2 traffic types: web and the rest. The idea is to give to a less important application (the web) only 30% of the bandwidth.

My problem is that, with the following configuration, all the traffic match the highest priority access-list without matching the less priority access-list (0 match, even when the link is full).

Do you have an idea why ?

Regards,

Jean-Baptiste

The config is the following one:

----------------------

class-map match-any PRIOR_IN

match access-group name ALL

class-map match-any WEB_IN

match access-group name WEB

!

class-map match-any PRIOR_OUT

match ip dscp af21

class-map match-any WEB_OUT

match ip dscp af11

!

policy-map mark

class PRIOR_IN

set ip dscp af21

class WEB_IN

set ip dscp af11

!

policy-map etm

class PRIOR_OUT

bandwidth remaining percent 70

random-detect dscp-based

class WEB_OUT

bandwidth remaining percent 30

random-detect dscp-based

!

interface FastEthernet0/0

service-policy input mark

!

interface Serial0/0/0:1

service-policy output etm

!

ip access-list extended ALL

permit ip any any

ip access-list extended WEB

permit tcp any any eq www

!

2 REPLIES
Hall of Fame Super Blue

Re: QoS issue with access-lists

Jean-Baptiste

The problem is you are marking all traffic as dscp af21 because of the order in your policy-map mark. So change the order here ie.

policy-map mark

class PRIOR_IN

set ip dscp af21

class WEB_IN

set ip dscp af11

should be

policy-map mark

class WEB_IN

set ip dscp af11

class PRIOR_IN

set ip dscp af21

This way web traffic will be correctly marked with af11.

Jon

Cisco Employee

Re: QoS issue with access-lists

Hi,

Jon spotted the problem in your initial configuration and gave a working solution. A potentially more simple solution:

policy-map mark

class WEB_IN

set ip dscp af11

class class-default

set ip dscp af21

The class "class-default" is always present and has the definition of "match any", which means all the rest of traffic not matched in any other class before. This will achieve the same result as your ACL ALL matching all IP traffic.

Hope this helps! Please use the rating system.

Regards, Martin

133
Views
0
Helpful
2
Replies