Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1486
Views
0
Helpful
1
Replies

QoS, matching VLAN

Michael Famin
Level 1
Level 1

‎03-26-2012 08:38 AM - edited ‎03-04-2019 03:48 PM

Hi,

I'm configuring an METRO WAN and get som strange result from my policy-map's. I have different VLAN's on the Metro links that I want to give certain characteristics, but for some reason the matching of VLAN seams to not work as I expected.

The routers are ISR 1921 running 15.1(4)M3

The config:

!

class-map match-any vrfOFFICE

match vlan  820-829

class-map match-any vrfMGM

match vlan  890-899

!

!

class-map match-any VOICE

match ip precedence 5

class-map match-any VIDEO

match ip precedence 4

class-map match-any PRIO

match ip precedence 2  3

!

!

policy-map OFFICE

class VOICE

  set cos 5

  priority 3000

class VIDEO

  set cos 3

class PRIO

  set cos 3

class class-default

  set cos 0

!

!

policy-map MGM

class class-default

  set cos 3

!

!

policy-map LOGICAL_NETWORKS

class vrfOFFICE

  shape peak 10000000

  service-policy OFFICE

class vrfMGM

  bandwidth 1000

  service-policy MGM

!

!

policy-map WAN

class class-default

  shape average 10000000

  service-policy LOGICAL_NETWORKS

!

!

interface GigabitEthernet0/1

description WAN

no ip address

duplex auto

speed auto

service-policy output WAN

!

interface GigabitEthernet0/1.820

description WAN - OFFICE

encapsulation dot1Q 820

vrf forwarding OFFICE

ip address 10.xx.xx.xx 255.255.255.224

ip pim sparse-mode

ip router isis tagOFFICE

isis authentication mode md5

isis authentication key-chain ISIS

!

interface GigabitEthernet0/1.890

description WAN - MGM

encapsulation dot1Q 890

vrf forwarding MGM

ip address 10.yy.yy.yy 255.255.255.224

ip router isis tagMGM

isis authentication mode md5

isis authentication key-chain ISIS

!

If I check the policy-map on the interface, most (but not all) of the traffic is hitting the default-class:

Site_A#sh policy-map int g0/1 | i Class-map|offered

    Class-map: class-default (match-any)

      5 minute offered rate 105000 bps, drop rate 0 bps

        Class-map: vrfOFFICE (match-any)

          5 minute offered rate 1000 bps, drop rate 0 bps

            Class-map: VOICE (match-any)

              5 minute offered rate 0 bps, drop rate 0 bps

            Class-map: VIDEO (match-any)

              5 minute offered rate 0 bps, drop rate 0 bps

            Class-map: PRIO (match-any)

              5 minute offered rate 0 bps, drop rate 0 bps

            Class-map: class-default (match-any)

              5 minute offered rate 1000 bps, drop rate 0 bps

        Class-map: vrfMGM (match-any)

          5 minute offered rate 1000 bps, drop rate 0 bps

            Class-map: class-default (match-any)

              5 minute offered rate 1000 bps, drop rate 0 bps

        Class-map: class-default (match-any)

          5 minute offered rate 103000 bps, drop rate 0 bps

I've read that the match VLAN's could be used for classification, could it be that it only works on Ingress interfaces? But why then are some of the traffic matching? I could understand it if none of the traffic matched, but some of the traffic is actually matched in the "vrfOFFICE" and "vrfMGM" class.

On the next site, most of the traffic match:

Site_B#sh policy-map int g0/1 | i Class-map|offered

    Class-map: class-default (match-any)

      5 minute offered rate 18000 bps, drop rate 0 bps

        Class-map: vrfOFFICE (match-any)

          5 minute offered rate 15000 bps, drop rate 0 bps

            Class-map: VOICE (match-any)

              5 minute offered rate 0 bps, drop rate 0 bps

            Class-map: VIDEO (match-any)

              5 minute offered rate 0 bps, drop rate 0 bps

            Class-map: PRIO (match-any)

              5 minute offered rate 0 bps, drop rate 0 bps

            Class-map: class-default (match-any)

              5 minute offered rate 15000 bps, drop rate 0 bps

        Class-map: vrfMGM (match-any)

          5 minute offered rate 1000 bps, drop rate 0 bps

            Class-map: class-default (match-any)

              5 minute offered rate 1000 bps, drop rate 0 bps

        Class-map: class-default (match-any)

          5 minute offered rate 4000 bps, drop rate 0 bps

At the headend there is a couple of ME3600X with similar config, and those seams to work as I expected.

So, what am I missing here...

Labels:
0 Helpful
1 Reply 1

Michael Famin
Level 1
Level 1

‎03-29-2012 08:25 AM

Answer from TAC:

As per our discussion, match vlan command which you are using under the class map is supported on 10 K platforms only. This command was specially introduced for 10 K router.

A bit strange then that the command is present in the ISR routers, and even more confusing that is works on one but not another identical router. Anyway, I reconfigured - marking with qos-groups in ingress interface and match the qos-groups on outgoing. So I got the functionallity I needed...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card