3550 marking verification doubt

From: Daniel Berlinski (Daniel.Berlinski@telecom.co.nz)
Date: Tue Nov 15 2005 - 18:25:23 GMT-3

• Next message: Schulz, Dave: "RE: Redistribution option (NMC Lab#1- 1.3.4)"
• Previous message: Schulz, Dave: "RE: Redistribution option (NMC Lab#1- 1.3.4)"
• Next in thread: Victor Cappuccio: "Re: 3550 marking verification doubt"
• Maybe reply: Victor Cappuccio: "Re: 3550 marking verification doubt"
• Maybe reply: Daniel Berlinski: "RE: 3550 marking verification doubt"
• Maybe reply: Chris Lewis: "RE: 3550 marking verification doubt"
• Maybe reply: Niche: "Re: 3550 marking verification doubt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Still on this Marking issue. Please someone have a look and let me know if I'm testing/configuring this correctly:
 
Trying to mark ICMP packets from VLAN12 with precedence 5 e other traffic with precedence 3.
 
Now I have the policy map applied on a trunk port. Scenario is:
SW1 (Root bridge for VLAN 12) --- TRUNK --- SW2 (Root port is fa0/13 for VLAN 12)
 
The configs are as follows:
 
SW2:
 
mls qos
 
access-list 170 permit icmp any any echo
access-list 170 permit icmp any any echo-reply
 
class-map match-any ICMP
  match access-group 170
class-map match-all VLAN12
  match vlan 12
  match class-map ICMP
 
policy-map MARKING
  class VLAN12
    set ip precedence 5
 
interface FastEthernet0/13
 switchport mode dynamic desirable
 mls qos cos 3
 service-policy input MARKING
 
interface Vlan12
 ip address 20.20.12.8 255.255.255.0
 
 
SW1:
 
mls qos
 
interface FastEthernet0/13
 switchport mode dynamic desirable
  mls qos trust cos
 
interface Vlan12
 ip address 20.20.12.7 255.255.255.0
 
SVI vlan 12 is being used for testing.
 
Checking method:
Created a VLAN access-map on SW1 as follows:
 
vlan access-map MARKING 10
 action forward
 match ip address 150
 
vlan filter MARKING vlan-list 12
 
access-list 150 permit icmp any any echo precedence critical
access-list 150 permit icmp any any echo-reply precedence critical
access-list 150 permit ip any any

 
I'm pinging 20.20.12.7 from SW2. All echoes area sourced using SVI VLAN12 of SW2 (20.20.12.8).
Rack1SW2#ping
Protocol [ip]:
Target IP address: 20.20.12.7
Repeat count [5]: 1000000
Datagram size [100]:
Timeout in seconds [2]: 1
Extended commands [n]: y
Source address or interface: vlan12
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
 
On SW1 I only see the following
Rack1SW1(config-ext-nacl)#do sh ip access-list 150
Extended IP access list 150
    permit icmp any any echo precedence critical
    permit icmp any any echo-reply precedence critical
    permit ip any any
 
What am I missing?
Thanks
 
 
 
 
 

This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002.

• Next message: Schulz, Dave: "RE: Redistribution option (NMC Lab#1- 1.3.4)"
• Previous message: Schulz, Dave: "RE: Redistribution option (NMC Lab#1- 1.3.4)"
• Next in thread: Victor Cappuccio: "Re: 3550 marking verification doubt"
• Maybe reply: Victor Cappuccio: "Re: 3550 marking verification doubt"
• Maybe reply: Daniel Berlinski: "RE: 3550 marking verification doubt"
• Maybe reply: Chris Lewis: "RE: 3550 marking verification doubt"
• Maybe reply: Niche: "Re: 3550 marking verification doubt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3