06-08-2008 09:40 PM - edited 03-03-2019 10:17 PM
I tryed to configure policy on gigabit ethernet interface and got message -
pdc-c7604-gt(config)#policy-map OUTSIDE
pdc-c7604-gt(config-pmap)# class ISA2SPB
pdc-c7604-gt(config-pmap-c)#shape average 256000
pdc-c7604-gt(config)#int gi1/9
pdc-c7604-gt(config-if)#service-policy output OUTSIDE
shape average command is not supported in output direction for this interface
Configuration failed on:
GigabitEthernet1/9
Why i can't do it?
Solved! Go to Solution.
06-08-2008 10:54 PM
Hi!
It looks like you are using a Lan card there. Lan cand doesnot support shaping. You will require OSM WAN Ports (includes GE-WAN ports, but not GigabitEthernet ports) or wan cards like Flexwan/SIP200/SIP400 to support shaping.
Lan cards are lower end cards and donot have sufficient h/w resources to support shaping. The Qos functionality on Lan cards is limited as there is not much necessity of Qos on Lan side of the networks where ample bandwidth is available.
Hope this solves your query. (please mark the post if it was helpful)
Regards,
Niranjan
06-08-2008 10:54 PM
Hi!
It looks like you are using a Lan card there. Lan cand doesnot support shaping. You will require OSM WAN Ports (includes GE-WAN ports, but not GigabitEthernet ports) or wan cards like Flexwan/SIP200/SIP400 to support shaping.
Lan cards are lower end cards and donot have sufficient h/w resources to support shaping. The Qos functionality on Lan cards is limited as there is not much necessity of Qos on Lan side of the networks where ample bandwidth is available.
Hope this solves your query. (please mark the post if it was helpful)
Regards,
Niranjan
06-09-2008 05:54 AM
i tryed to find info about lan card, but failed. Can you send me link about it?
06-09-2008 06:25 AM
The limitation is due to the PFC, more information can be found at:
HTH,
__
Edison.
06-09-2008 06:43 AM
i've configured policy
policy-map OUTSIDE
class ISA2SPB
police cir 256000 bc 8000 be 8000 conform-action transmit exceed-action drop violate-action drop
class class-default
!
!
interface GigabitEthernet1/9
description # link to GT MAN #
bandwidth 100000
ip address 1.1.1.222 255.255.255.0
load-interval 30
service-policy output OUTSIDE
=================
From sh int gi1/9 output i can see output rate
30 second output rate 6729000 bits/sec, 2421 packets/sec
but from sh policy-map gi1/9 i see only rate in class ISA2SPB not any other types of traffic-
pdc-c7604-gt#sh policy-map int gi1/9
GigabitEthernet1/9
Service-policy output: OUTSIDE
class-map: ISA2SPB (match-any)
Match: access-group name ISA2SPB
police :
256000 bps 8000 limit 8000 extended limit
Earl in slot 1 :
8142651 bytes
30 second offered rate 223544 bps
aggregate-forwarded 7549964 bytes action: transmit
exceeded 592687 bytes action: drop
aggregate-forward 208672 bps exceed 14800 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
Class-default has rate 0.
Why it so?
06-09-2008 06:52 AM
Let's see the class ISA2SPB portion of the config.
__
Edison.
06-09-2008 07:02 AM
Here -
class-map match-any ISA2SPB
match access-group name ISA2SPB
!
ip access-list extended ISA2SPB
permit ip 10.90.5.0 0.0.0.255 10.20.22.0 0.0.0.255
permit ip 10.90.6.0 0.0.0.255 10.20.22.0 0.0.0.255
!
06-09-2008 07:23 AM
..And you have traffic traversing that link that does not match the source and destination on that ACL?
If so, it should be under the default class. Can you post the entire config?
__
Edison.
06-09-2008 10:36 PM
i created new policy -
ip access-list extended DC2ANY
permit ip 10.90.0.0 0.0.0.255 any
ip access-list extended INET2ANY
permit ip 10.90.5.0 0.0.0.255 any
ip access-list extended SMTP2ANY
permit ip 10.90.6.0 0.0.0.255 any
class-map match-any DC2ANY
match access-group name DC2ANY
class-map match-any INET2ANY
match access-group name INET2ANY
class-map match-any SMTP2ANY
match access-group name SMTP2ANY
!
!
policy-map OUTSIDE
class SMTP2ANY
class INET2ANY
class DC2ANY
class class-default
and attached it to int gi1/9
interface GigabitEthernet1/9
service-policy output OUTSIDE
I created empty policy to see that policy is working. In case when nothing matched by classes SMTP2ANY,INET2ANY,DC2ANY i should see that class class-default is working but it doesn't.
Here output of sh policy-map int gi1/9-
pdc-c7604-gt#sh policy-map int gi1/9
GigabitEthernet1/9
Service-policy output: OUTSIDE
Class-map: SMTP2ANY (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps
Match: access-group name SMTP2ANY
0 packets, 0 bytes
30 second rate 0 bps
Class-map: INET2ANY (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps
Match: access-group name INET2ANY
0 packets, 0 bytes
30 second rate 0 bps
Class-map: DC2ANY (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps
Match: access-group name DC2ANY
0 packets, 0 bytes
30 second rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
And sh int gi1/9-
30 second input rate 4542000 bits/sec, 2904 packets/sec
30 second output rate 20398000 bits/sec, 4938 packets/sec
06-10-2008 04:44 AM
How about if you create an 'action' for class class-default like shape or average. Does it work then?
__
Edison.
06-10-2008 05:41 AM
Yes, in that case policy works-
pdc-c7604-gt#sh policy-map int gi1/9
GigabitEthernet1/9
Service-policy output: OUTSIDE
class-map: SMTP2ANY (match-any)
Match: access-group name SMTP2ANY
police :
3000000 bps 93000 limit 93000 extended limit
Earl in slot 1 :
2034447 bytes
30 second offered rate 423832 bps
aggregate-forwarded 2034447 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 1146552 bps exceed 0 bps
class-map: INET2ANY (match-any)
Match: access-group name INET2ANY
police :
3000000 bps 93000 limit 93000 extended limit
Earl in slot 1 :
5556859 bytes
30 second offered rate 1171120 bps
aggregate-forwarded 5058455 bytes action: transmit
exceeded 498404 bytes action: drop
aggregate-forward 2918808 bps exceed 379904 bps
class-map: DC2ANY (match-any)
Match: access-group name DC2ANY
police :
3000000 bps 93000 limit 93000 extended limit
Earl in slot 1 :
3966661 bytes
30 second offered rate 813136 bps
aggregate-forwarded 3953616 bytes action: transmit
exceeded 13045 bytes action: drop
aggregate-forward 2069088 bps exceed 2808 bps
class-map: class-default (match-any)
Match: any
police :
5000000 bps 156000 limit 156000 extended limit
Earl in slot 1 :
4436907 bytes
30 second offered rate 934400 bps
aggregate-forwarded 4436907 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 2625168 bps exceed 0 bps
Why it has such behavior?
06-10-2008 05:44 AM
You need to have an action for the packets to be matched. Think of an ACL without a permit or deny statement, it does nothing.
HTH,
__
Edison.
Please rate helpful posts
06-10-2008 05:53 AM
I agree- in classes exclude class-default there are not ACL ( and matches). But for class class-default it should work because that class should matches all
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: