Re: DSCP / ip precedence through NAT

From: Matt White (mwhite23@gmail.com)
Date: Wed Mar 23 2005 - 21:10:27 GMT-3

• Next message: Matt White: "Re: ip nbar protocol-discovery and service-policy map"
• Previous message: Jongsoo.Kim@Intelsat.com: "ip nbar protocol-discovery and service-policy map"
• Maybe in reply to: Matt White: "DSCP / ip precedence through NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Even, better, did it live at client site... didn't have time for a lab
setup unfortunately...

Three 2950's each into a separate PIX 515 DMZ interface, the outside
interface dumped into a 2620 F0/0.

DSCP was marked on each 2950 switchport locally at the switch, through
the PIX (NAT point) then matched and reclassified at the 2620's F0/0,
and shaped and guaranteed outbound on a Serial interface-dlci.

Worked like a charm.

The issue was I was not able to match on source and destination address
on the router because it was after the PIX NAT. Setting the DSCP at
the switches was my only hope and it worked pretty slick.

Thanks.

On Mar 23, 2005, at 1:53 PM, Brian Dennis wrote:

> Matt,
> Do you have a rack to lab this up? It shouldn't take more than
> 10 minutes to test.
>
> R1
> |
> |
> R2
> |
> |
> R3
>
> R1:
> interface Ethernet0/0
> ip address 1.1.1.1 255.255.255.0
> !
> ip local policy route-map LOCAL->POLICY
> !
> ip route 0.0.0.0 0.0.0.0 1.1.1.2
> !
> route-map LOCAL->POLICY permit 10
> set ip precedence flash-override
>
> R2:
> interface Ethernet0/0
> ip address 1.1.1.2 255.255.255.0
> ip nat inside
> !
> interface Ethernet0/1
> ip address 2.2.2.2 255.255.255.0
> ip nat outside
> !
> ip nat inside source list 1 interface Ethernet0/1 overload
> !
> access-list 1 permit any
>
> R3:
> interface Ethernet0/0
> ip address 2.2.2.3 255.255.255.0
> ip access-group 100 in
> !
> access-list 100 permit ip any any precedence flash-override
> access-list 100 permit ip any any
>
> Once this is pasted in the routers, ping from R1 and verify your
> results
> by doing a "show ip access-list 100" on R3.
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
>
> bdennis@internetworkexpert.com
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Matt White
> Sent: Wednesday, March 23, 2005 7:32 AM
> To: Group Study
> Subject: DSCP / ip precedence through NAT
>
> Will NAT strip out this information?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Matt White: "Re: ip nbar protocol-discovery and service-policy map"
• Previous message: Jongsoo.Kim@Intelsat.com: "ip nbar protocol-discovery and service-policy map"
• Maybe in reply to: Matt White: "DSCP / ip precedence through NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:51 GMT-3