RE: Policy and class-maps on 3550

From: simon hart (simon@harttel.com)
Date: Tue Oct 18 2005 - 07:58:32 GMT-3

• Next message: Harri Makela: "Ireland"
• Previous message: Alexander Arsenyev (GU/ETL): "RE: Policy and class-maps on 3550"
• Maybe in reply to: simon hart: "Policy and class-maps on 3550"
• Next in thread: simon hart: "RE: Policy and class-maps on 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

sorry all, yes i am It should read

service-policy in POLICE and not service-policy out

Simon

-----Original Message-----
From: Alexander Arsenyev (GU/ETL)
[mailto:alexander.arsenyev@ericsson.com]
Sent: 18 October 2005 11:41
To: simon hart; Group Study
Subject: RE: Policy and class-maps on 3550

Are You sure You are applying service-policy in the right direction on the
right interface?
According to Your diagram the packets from R1 are hitting fa0/1 on 3550 but
You also have
service-policy POLICE applied outbound on 3550' fa0/1.
HTH
Cheers
Alex

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
simon hart
Sent: 18 October 2005 10:31
To: Group Study
Subject: Policy and class-maps on 3550

Hi all,

An interesting scenario has presented itself, welcome any comments. I have
the following set up

R1--e0-------------fa0/1---3550--fa0/6---------e0--R6

R1 is configured to send all packets with an af23

No MLS QOS policy, ip prec accounting on e0 interface of R6. As expected in
this setup I can see that all packets received from R1 are marked with
ipprec of 2 recieved at R6.

I turn MLS QOS with no other parameters. As expected is see all packets
recieved at R6 with ipprec of 0.

I know define the following

class-map match-any TEST
match any

Policy-map POLICE
class TEST
trust dscp
police 8000 8000 exceed-action policed-dscp-transmit

int fa0/1
service-policy out POLICE

In this configuration when R1 sends packets of af23 to R6, R6 still shows
that incoming packets have ipprec of 0.

Now if I change the configuration to:

access-list 101 permit ip any any dscp af23

class-map match-any TEST
match access-group 101

Policy-map POLICE
class TEST
trust dscp
police 8000 8000 exceed-action policed-dscp-transmit

int fa0/1
service-policy out POLICE

I know find that when R1 sends packets of af23 to R6, R6 will now show
incoming packets with ipprec of 2.

This seems to show that the the class-map match-any TEST, match any, does
not in fact match anything. In order for the interface to trust the marking
one needs to explicitly define the traffic to match within the class-map.
Has anyone else encountered this? Or am I doing something wrong?

Thanks

Simon

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.12.2/137 - Release Date: 16/10/2005

• Next message: Harri Makela: "Ireland"
• Previous message: Alexander Arsenyev (GU/ETL): "RE: Policy and class-maps on 3550"
• Maybe in reply to: simon hart: "Policy and class-maps on 3550"
• Next in thread: simon hart: "RE: Policy and class-maps on 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3