From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri Nov 12 2004 - 20:49:16 GMT-3
Tim,
Works fine for me:
R1#
class-map match-all ICMP
match protocol icmp
!
policy-map QOS
class ICMP
drop
!
interface Ethernet0/0
ip address 124.0.0.1 255.0.0.0
!
interface Serial0/1
ip address 13.0.0.1 255.0.0.0
service-policy output QOS
R1#ping 13.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
R1#
Rack2AS>4
[Resuming connection 4 to r4 ... ]
..
R4#ping 13.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
R4#ping 13.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.0.0.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R4#
Rack2AS>1
[Resuming connection 1 to r1 ... ]
R1#show policy-map int s0/1
Serial0/1
Service-policy output: QOS
Class-map: ICMP (match-all)
10 packets, 1040 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol icmp
drop
Class-map: class-default (match-any)
51 packets, 3452 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
The locally originated traffic on R1 is not affected but transit traffic
is.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Friday, November 12, 2004 5:39 PM
> To: Brian McGahan; Group Study
> Subject: Re: Config mistake or version issue or bug - Who can prove
the
> truth?
>
> Brian,
>
> After seeing your post I got all excited - maybe you hit on the
problem,
> but
> alas no. :-(
>
> match prot icmp just doesn't work.
>
> r1#sh policy-map int s0/0
>
> Serial0/0
>
> Service-policy output: PING
>
> Class-map: PING (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol icmp
> QoS Set
> fr-de
> Packets marked 0
>
> Class-map: class-default (match-any)
> 144 packets, 9976 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
>
> I tried applying the srevice on the physcial interface and the p2p
> subinterface which connects to R2 via dlci 102 and 201 on the R2 side.
> r2#sh fram pvc 201
>
> PVC Statistics for interface Serial0/0 (Frame Relay DTE)
>
> DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
> Serial0/0.201
>
> input pkts 192 output pkts 201 in bytes 21790
> out bytes 23285 dropped pkts 0 in pkts dropped 0
> out pkts dropped 0 out bytes dropped 0
> in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
> out BECN pkts 0 in DE pkts 0 out DE pkts 0
> out bcast pkts 181 out bcast bytes 21205
> 5 minute input rate 0 bits/sec, 0 packets/sec
> 5 minute output rate 0 bits/sec, 0 packets/sec
> pvc create time 00:23:27, last time pvc status changed 00:21:57
>
> When I change it to match access-group 100, where acl 100 permits
icmp,
> then
> it works.
>
> Go configure!!!
>
> BTW, match prot icmp doesn't work when I ping from R1 (where the MQC
is
> configured) or from a different router. So, I'm out of ideas. Have
you
> got
> anymore?
>
> Tim
>
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
<ccielab@groupstudy.com>
> Sent: Friday, November 12, 2004 5:51 PM
> Subject: RE: Config mistake or version issue or bug - Who can prove
the
> truth?
>
>
> Try it as transit traffic, not locally originated traffic.
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Friday, November 12, 2004 2:48 PM
> > To: Group Study
> > Subject: Config mistake or version issue or bug - Who can prove the
> truth?
> >
> > Here's a challenge for all you ccie wannabe's and current ccie's.
> >
> > MQC was used to set the DE bit on ping traffic with the following
> class-
> > map:
> >
> > class-map PING
> > match prot icmp
> >
> > policy-map PING
> > set fr-de
> >
> > int s0/0
> > service-policy out PING
> >
> > It didn't work. So begins the troubleshooting.
> >
> > Maybe, the service policy has to be within a map-class like this:
> >
> > map-class fram PING
> > service-policy PING
> >
> > int s0/0
> > fram class PING
> >
> > Nope, this doesn't work either. What could be wrong?
> >
> > How about if the class-map is applied on a p2p sub?
> >
> > Nope, doesn't work.
> >
> > Could it NBAR? Let's see.
> >
> > 1st, create the acl like this
> >
> > access-list 100 perm icmp any any
> >
> > Now, change the class-map to look like this:
> >
> > class-map PING
> > match access-group 100
> >
> > And, test again.
> >
> > Hurrah !!! It works.
> >
> > Who knows why?
> >
> > Here's the output of show ver:
> >
> > r1#sh ver
> > Cisco Internetwork Operating System Software
> > IOS (tm) 3600 Software (C3640-JK9O3S-M), Version 12.3(9), RELEASE
> SOFTWARE
> > (fc2)
> >
> > Copyright (c) 1986-2004 by cisco Systems, Inc.
> > Compiled Fri 14-May-04 13:16 by dchih
> > Image text-base: 0x60008B00, data-base: 0x620DE000
> >
> > ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE
> > SOFTWARE
> > (f
> > c1)
> >
> > r1 uptime is 5 hours, 58 minutes
> > System returned to ROM by power-on
> > System image file is "flash:c3640-jk9o3s-mz.123-9.bin"
> >
> > Tim
> >
> >
>
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:42 GMT-3