From: sabrina pittarel (sabri_esame@yahoo.com)
Date: Tue Aug 29 2006 - 20:29:12 ART
Mmmmh,
the IOS documentation I'm looking at is specifically for marking, so it is referring somehow to the "set/match dscp/precedence" commands
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hqos_c/part05/qsmrkpkt.htm
But in the command guides I see an explicit reference of CEF being required only for the "set/match cos" commands.
Maybe the configuration guide is talking "in a general" fashion and there are exceptions.
Anyway *thank you so much* for reminding me to enable CEF with NBAR. Even if I know about it, it is something I often overlook.
Everyone replying to my email, regardless of the topic, should always add a little note saying:
"and BTW, Sabrina, remember to enable CEF with NBAR"
:-))
Sabrina
----- Original Message ----
From: Bajo <bajoalex@gmail.com>
To: sabrina pittarel <sabri_esame@yahoo.com>
Sent: Tuesday, August 29, 2006 9:51:48 AM
Subject: Re: About marking and CEF
Hi,
If you ever need to use the "match proto" ...that is calling for "ip cef".
On 8/29/06, sabrina pittarel <sabri_esame@yahoo.com> wrote: Hi,
do I need to enable CEF when marking traffic?
From Cisco documentation it seems it is required:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prerequisites for Marking Network Traffic
b"In order to mark network traffic, Cisco Express Forwarding (CEF) must be configured on both the interface receiving the traffic and the interface sending the traffic.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
but I can see it working even without CEF.
Topology:
e0/1 e0/2 e0/0
R1 --------------------- R3 -----------------------R2
I'm pinging from R1 to R2. R3 e0/1 has a policy-map in ingress direction that marks all ingress traffic as af43.
On R2 I have an access list that permits and logs traffic with DSCP af43.
On R3:
---------
R3#sh run int e0/1
Building configuration...
Current configuration : 125 bytes
!
interface Ethernet0/1
description "to R1 e0/0"
ip address 136.1.17.7 255.255.255.0
service-policy input e0/1-in-pm <<<<<<<<<<<<<<<<<<<
end
R3#sh ser
R3#sh policy-map e0/1-in-pm
Policy Map e0/1-in-pm
Class class-default
set dscp af43 <<<<<<<<<<<<<<<<<<<<<<<<
R3#sh policy-map int e0/1
Ethernet0/1
Service-policy input: e0/1-in-pm
Class-map: class-default (match-any)
5 packets, 570 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
QoS Set
dscp af43
Packets marked 5 <<<<<<<<<<<<<<<<
R3#
R3#sh ip cef
%CEF not running
Prefix Next Hop Interface
On R2:
R2#
*Aug 29 05:26:05.931: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 136.1.17.1 -> 136.1.27.2 (0/0), 4 packets
R2#
R2#
R2#sh run int e0/0
Building configuration...
Current configuration : 117 bytes
!
interface Ethernet0/0
description "to SW1 e0/2"
ip address 136.1.27.2 255.255.255.0
ip access-group 100 in
end
R2#sh ip access
R2#sh ip access-lists 100
Extended IP access list 100
10 permit ip any any dscp af43 log (5 matches)
R2#
Sabrina
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:59 ART