From: ccie2be (ccie2be@nyc.rr.com)
Date: Sat Nov 13 2004 - 07:27:45 GMT-3
Yes, CEF was enabled.
I have ip cef along with the alias' I always use in my start up script -
just to make sure I don't forget something like that.
But, it's an important little detail to point out.
Thanks
----- Original Message -----
From: "Geert Nijs" <geert.nijs@simac.be>
To: "Kian Wah Lai" <kian_wah@qala.com.sg>; "ccie2be" <ccie2be@nyc.rr.com>
Cc: "Brian McGahan" <bmcgahan@internetworkexpert.com>; "Group Study"
<ccielab@groupstudy.com>
Sent: Saturday, November 13, 2004 3:41 AM
Subject: RE: Config mistake or version issue or bug - Who can prove the
truth?
Have you enabled CEF ??
isn't CEF necessary for the "match protocol" to work ?? (match protocol
uses NBAR, and NBAR needs CEF, no ?)
Regards,
Geert
-----Oorspronkelijk bericht-----
Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens Kian
Wah Lai
Verzonden: zaterdag 13 november 2004 5:27
Aan: ccie2be
CC: Brian McGahan; Group Study
Onderwerp: Re: Config mistake or version issue or bug - Who can prove
the truth?
i have the same problem as well.
policy-map A
class class-default
set fr-de
then applying to a serial link, link protocol will always be down
if i use
policy-map A
class ICMP (assume it's created)
set fr-de
the link would have no problem.
no idea what went wrong.
Regards,
Kian Wah
3 routers and one PIX rental at SGD2/hr
http://rack.sgcug.org/
Singapore Cisco User Group
ccie2be wrote:
>What happens if you change the policy-map action from drop to set
>fr-de. That's what I couldn't get to work.
>
>Is this maybe a problem with the set fr-de command rather than the mat
>prot icmp command?
>
>Tim
>----- Original Message -----
>From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
>To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
<ccielab@groupstudy.com>
>Sent: Friday, November 12, 2004 6:49 PM
>Subject: RE: Config mistake or version issue or bug - Who can prove the
>truth?
>
>
>Tim,
>
>Works fine for me:
>
>R1#
>class-map match-all ICMP
> match protocol icmp
>!
> policy-map QOS
> class ICMP
> drop
>!
>interface Ethernet0/0
> ip address 124.0.0.1 255.0.0.0
>!
>interface Serial0/1
> ip address 13.0.0.1 255.0.0.0
> service-policy output QOS
>
>R1#ping 13.0.0.3
>
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 13.0.0.3, timeout is 2 seconds: !!!!!
>Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
>R1#
>Rack2AS>4
>[Resuming connection 4 to r4 ... ]
>..
>R4#ping 13.0.0.1
>
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds: !!!!!
>Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
>R4#ping 13.0.0.3
>
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 13.0.0.3, timeout is 2 seconds: .....
>Success rate is 0 percent (0/5)
>R4#
>Rack2AS>1
>[Resuming connection 1 to r1 ... ]
>
>R1#show policy-map int s0/1
> Serial0/1
>
> Service-policy output: QOS
>
> Class-map: ICMP (match-all)
> 10 packets, 1040 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol icmp
> drop
>
> Class-map: class-default (match-any)
> 51 packets, 3452 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
>
>The locally originated traffic on R1 is not affected but transit
>traffic is.
>
>
>HTH,
>
>Brian McGahan, CCIE #8593
>bmcgahan@internetworkexpert.com
>
>Internetwork Expert, Inc.
>http://www.InternetworkExpert.com
>Toll Free: 877-224-8987 x 705
>Outside US: 775-826-4344 x 705
>24/7 Support: http://forum.internetworkexpert.com
>Live Chat: http://www.internetworkexpert.com/chat/
>
>
>
>
>>-----Original Message-----
>>From: ccie2be [mailto:ccie2be@nyc.rr.com]
>>Sent: Friday, November 12, 2004 5:39 PM
>>To: Brian McGahan; Group Study
>>Subject: Re: Config mistake or version issue or bug - Who can prove
>>
>>
>the
>
>
>>truth?
>>
>>Brian,
>>
>>After seeing your post I got all excited - maybe you hit on the
>>
>>
>problem,
>
>
>>but
>>alas no. :-(
>>
>>match prot icmp just doesn't work.
>>
>>r1#sh policy-map int s0/0
>>
>> Serial0/0
>>
>> Service-policy output: PING
>>
>> Class-map: PING (match-all)
>> 0 packets, 0 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: protocol icmp
>> QoS Set
>> fr-de
>> Packets marked 0
>>
>> Class-map: class-default (match-any)
>> 144 packets, 9976 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: any
>>
>>
>>I tried applying the srevice on the physcial interface and the p2p
>>subinterface which connects to R2 via dlci 102 and 201 on the R2 side.
>>r2#sh fram pvc 201
>>
>>PVC Statistics for interface Serial0/0 (Frame Relay DTE)
>>
>>DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
>>Serial0/0.201
>>
>> input pkts 192 output pkts 201 in bytes 21790
>> out bytes 23285 dropped pkts 0 in pkts dropped 0
>> out pkts dropped 0 out bytes dropped 0
>> in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
>> out BECN pkts 0 in DE pkts 0 out DE pkts 0
>> out bcast pkts 181 out bcast bytes 21205
>> 5 minute input rate 0 bits/sec, 0 packets/sec
>> 5 minute output rate 0 bits/sec, 0 packets/sec
>> pvc create time 00:23:27, last time pvc status changed 00:21:57
>>
>>When I change it to match access-group 100, where acl 100 permits
>>
>>
>icmp,
>
>
>>then
>>it works.
>>
>>Go configure!!!
>>
>>BTW, match prot icmp doesn't work when I ping from R1 (where the MQC
>>
>>
>is
>
>
>>configured) or from a different router. So, I'm out of ideas. Have
>>
>>
>you
>
>
>>got
>>anymore?
>>
>>Tim
>>
>>----- Original Message -----
>>From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
>>To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
>>
>>
><ccielab@groupstudy.com>
>
>
>>Sent: Friday, November 12, 2004 5:51 PM
>>Subject: RE: Config mistake or version issue or bug - Who can prove
>>
>>
>the
>
>
>>truth?
>>
>>
>>Try it as transit traffic, not locally originated traffic.
>>
>>Brian McGahan, CCIE #8593
>>bmcgahan@internetworkexpert.com
>>
>>Internetwork Expert, Inc.
>>http://www.InternetworkExpert.com
>>Toll Free: 877-224-8987 x 705
>>Outside US: 775-826-4344 x 705
>>24/7 Support: http://forum.internetworkexpert.com
>>Live Chat: http://www.internetworkexpert.com/chat/
>>
>>
>>
>>
>>>-----Original Message-----
>>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>>
>>>
>>Of
>>
>>
>>>ccie2be
>>>Sent: Friday, November 12, 2004 2:48 PM
>>>To: Group Study
>>>Subject: Config mistake or version issue or bug - Who can prove the
>>>
>>>
>>truth?
>>
>>
>>>Here's a challenge for all you ccie wannabe's and current ccie's.
>>>
>>>MQC was used to set the DE bit on ping traffic with the following
>>>
>>>
>>class-
>>
>>
>>>map:
>>>
>>>class-map PING
>>> match prot icmp
>>>
>>>policy-map PING
>>> set fr-de
>>>
>>>int s0/0
>>>service-policy out PING
>>>
>>>It didn't work. So begins the troubleshooting.
>>>
>>>Maybe, the service policy has to be within a map-class like this:
>>>
>>>map-class fram PING
>>>service-policy PING
>>>
>>>int s0/0
>>>fram class PING
>>>
>>>Nope, this doesn't work either. What could be wrong?
>>>
>>>How about if the class-map is applied on a p2p sub?
>>>
>>>Nope, doesn't work.
>>>
>>>Could it NBAR? Let's see.
>>>
>>>1st, create the acl like this
>>>
>>>access-list 100 perm icmp any any
>>>
>>>Now, change the class-map to look like this:
>>>
>>>class-map PING
>>> match access-group 100
>>>
>>>And, test again.
>>>
>>>Hurrah !!! It works.
>>>
>>>Who knows why?
>>>
>>>Here's the output of show ver:
>>>
>>>r1#sh ver
>>>Cisco Internetwork Operating System Software
>>>IOS (tm) 3600 Software (C3640-JK9O3S-M), Version 12.3(9), RELEASE
>>>
>>>
>>SOFTWARE
>>
>>
>>>(fc2)
>>>
>>>Copyright (c) 1986-2004 by cisco Systems, Inc.
>>>Compiled Fri 14-May-04 13:16 by dchih
>>>Image text-base: 0x60008B00, data-base: 0x620DE000
>>>
>>>ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE
>>>SOFTWARE (f
>>>c1)
>>>
>>>r1 uptime is 5 hours, 58 minutes
>>>System returned to ROM by power-on
>>>System image file is "flash:c3640-jk9o3s-mz.123-9.bin"
>>>
>>>Tim
>>>
>>>
>>>
>>>
>_______________________________________________________________________
>
>
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:43 GMT-3