From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Tue Nov 15 2005 - 18:48:24 GMT-3
Hola Dani..
I can not see why you have this double matching criteria
> class-map match-any ICMP
> match access-group 170
> class-map match-all VLAN12
> match vlan 12
> match class-map ICMP
Sin the first and the second class are the same
And
> policy-map MARKING
> class VLAN12
> set ip precedence 5
>
I think you are missing to put the class default and setting the IP
Precedence to the value that you want
HTH
Thanks!
----- Original Message -----
From: "Daniel Berlinski" <Daniel.Berlinski@telecom.co.nz>
To: <ccielab@groupstudy.com>
Sent: Tuesday, November 15, 2005 5:25 PM
Subject: 3550 marking verification doubt
> Still on this Marking issue. Please someone have a look and let me know
if I'm testing/configuring this correctly:
>
> Trying to mark ICMP packets from VLAN12 with precedence 5 e other traffic
with precedence 3.
>
> Now I have the policy map applied on a trunk port. Scenario is:
> SW1 (Root bridge for VLAN 12) --- TRUNK --- SW2 (Root port is fa0/13
for VLAN 12)
>
> The configs are as follows:
>
> SW2:
>
> mls qos
>
> access-list 170 permit icmp any any echo
> access-list 170 permit icmp any any echo-reply
>
> class-map match-any ICMP
> match access-group 170
> class-map match-all VLAN12
> match vlan 12
> match class-map ICMP
>
> policy-map MARKING
> class VLAN12
> set ip precedence 5
>
> interface FastEthernet0/13
> switchport mode dynamic desirable
> mls qos cos 3
> service-policy input MARKING
>
> interface Vlan12
> ip address 20.20.12.8 255.255.255.0
>
>
> SW1:
>
> mls qos
>
> interface FastEthernet0/13
> switchport mode dynamic desirable
> mls qos trust cos
>
> interface Vlan12
> ip address 20.20.12.7 255.255.255.0
>
> SVI vlan 12 is being used for testing.
>
> Checking method:
> Created a VLAN access-map on SW1 as follows:
>
> vlan access-map MARKING 10
> action forward
> match ip address 150
>
> vlan filter MARKING vlan-list 12
>
> access-list 150 permit icmp any any echo precedence critical
> access-list 150 permit icmp any any echo-reply precedence critical
> access-list 150 permit ip any any
>
>
> I'm pinging 20.20.12.7 from SW2. All echoes area sourced using SVI VLAN12
of SW2 (20.20.12.8).
> Rack1SW2#ping
> Protocol [ip]:
> Target IP address: 20.20.12.7
> Repeat count [5]: 1000000
> Datagram size [100]:
> Timeout in seconds [2]: 1
> Extended commands [n]: y
> Source address or interface: vlan12
> Type of service [0]:
> Set DF bit in IP header? [no]:
> Validate reply data? [no]:
> Data pattern [0xABCD]:
> Loose, Strict, Record, Timestamp, Verbose[none]:
> Sweep range of sizes [n]:
>
> On SW1 I only see the following
> Rack1SW1(config-ext-nacl)#do sh ip access-list 150
> Extended IP access list 150
> permit icmp any any echo precedence critical
> permit icmp any any echo-reply precedence critical
> permit ip any any
>
> What am I missing?
> Thanks
>
>
>
>
>
>
> This communication, including any attachments, is confidential. If you are
not the intended recipient, you should not read it - please contact me
immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it. Thank you. Please note that
this communication does not designate an information system for the purposes
of the Electronic Transactions Act 2002.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3