cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2582
Views
0
Helpful
9
Replies

policy-map with set ip dscp not working

Hello everyone,

I currently have the following configuration setup on a Cisco 2901 router. However, the configuration isn't work as expected. The expected outcome is for the dscp values to be assigned as they leave the WAN interface. However, the values aren't being set (verified with tcp dump). Any help would be greatly

appreciated.

class-map match-all VIDEO-TCP

match access-group name VIDEO-TCP

class-map match-all VIDEO-UDP

match access-group name VIDEO-UDP

policy-map WAN_PM

class VIDEO-TCP

  set ip dscp cs3

class VIDEO-UDP

  set ip dscp af41

interface GigabitEthernet0/0

service-policy output WAN_PM

ip access-list extended VIDEO-TCP

permit tcp xxx.xxx.xxx.16 0.0.0.7 any

permit tcp any xxx.xxx.xxx.16 0.0.0.7

ip access-list extended VIDEO-UDP

permit udp xxx.xxx.xxx.16 0.0.0.7 any

permit udp any xxx.xxx.xxx.16 0.0.0.7

9 Replies 9

Hello

Try to apply your dscp marking ingress on the LAN interface of your router and amend your acl's

ip access-list extended VIDEO-TCP
permit tcp x.x.x.x y.y.y.y 16.0.0.0

ip access-list extended VIDEO-UDP
permit UDP x.x.x.x y.y.y.y 16.0.0.0

Int xx(LAN interface)
Service-policy input policy-map


Res
Paul


Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I'm not tracking. I need it to apply as it leaves the outbound interface.

Can you post "show policy-map interface"?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

show policy-map yields no results (e.g. no counter increases)

    Class-map: VIDEO-TCP (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0000 bps, drop rate 0000 bps

      Match: access-group name VIDEO-TCP

      QoS Set

        dscp cs3

          Packets marked 0

    Class-map: VIDEO-UDP (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0000 bps, drop rate 0000 bps

      Match: access-group name VIDEO-UDP

      QoS Set

        dscp af41

          Packets marked 0

    Class-map: class-default (match-any)

      9484 packets, 1961637 bytes

      5 minute of

Hello

Dont understand what you mean by tracking - if you mark the traffic as in enters your wan router from you lan then as it egresses out of the wan interface it will have it defined traffic marked with the the dscp.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Same result even if on the LAN

Aaron

It sounds like you may not be matching on the correct IPs which we can't verify because you haven't posted them.

Also is NAT involved anywhere ?

Perhaps if you could you provide a few more details.

In addition what is the IOS version ?

Jon

This definitely should work. I agree with Jon about not matching the correct addresses. Is there a way that you could post your complete interface config? This works fine on 12.4 in GNS, and I have sites running 15.2 that it works well on as well.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Hello

Looks possibly like you acl's are incorrect

I have just tested this and it works for me.

ip access-list extended UDP

permit udp any host 3.3.3.3 eq tftp

ip access-list extended icmp

permit icmp host 111.111.111.111 host 133.133.133.33 echo

permit icmp host 133.133.133.33 host 111.111.111.111 echo-reply

ip access-list extended tcp

permit tcp host 1.1.1.1 host 3.3.3.3 eq telnet

class-map match-all ICMP

match access-group name icmp

match input-interface FastEthernet0/0

class-map match-all UDP

match access-group name UDP

match input-interface FastEthernet0/0

class-map match-all TCP

match access-group name tcp

match input-interface FastEthernet0/0

policy-map TST

class ICMP

  set dscp af12

class TCP

  set dscp af23

class UDP

  set dscp cs4

interface FastEthernet0/0

Description LAN Interface

service-policy input TST

sh policy-map interface  fa0/0

FastEthernet0/0

  Service-policy input: TST

    Class-map: ICMP (match-all)

      100 packets, 11400 bytes

      5 minute offered rate 3000 bps, drop rate 0 bps

      Match: access-group name icmp

      Match: input-interface FastEthernet0/0

      QoS Set

        dscp af12

          Packets marked 100

    Class-map: TCP (match-all)

      10 packets, 606 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: access-group name tcp

      Match: input-interface FastEthernet0/0

      QoS Set

        dscp af23

          Packets marked 10

    Class-map: UDP (match-all)

      4 packets, 240 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: access-group name UDP

      Match: input-interface FastEthernet0/0

      QoS Set

        dscp cs4

          Packets marked 4

    Class-map: class-default (match-any)

      13 packets, 795 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: any

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco