RE: Question on QoS

From: Simon Grace (SimonG@pcsystems.gr)
Date: Mon Oct 15 2007 - 04:07:48 ART

• Next message: Simon Grace: "RE: ip nat enable , NVI0 stays administratively down"
• Previous message: Gary Lee: "ODR / proxy-arp problem"
• Maybe in reply to: Simon Grace: "RE: Question on QoS"
• Next in thread: Scott Morris: "RE: Question on QoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just so I get this straight (sorry if I'm repeating what's already been
said).

Even if the acl said permit ip any any and then we have a match NOT in
the class-map, it's not going to match everything BUT IP traffic.

Which would make me think that the only time for match not would be with
the default-class.

Getting back to the OP, I suppose if you want to match voice traffic
then have an ACL that permits tcp 1720 and udp range 16384 32767 and
deny's everything else.

Cheers,
Simon

-----Original Message-----
From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
Sent: Sunday, October 14, 2007 7:21 PM
To: Simon Grace
Cc: Jeff Koh; ccielab@groupstudy.com
Subject: Re: Question on QoS

Don't confuse "match not" with "don't match". The acl in the class
will not match non-IP traffic, instead it will not match IP traffic.
The deny in an acl says don't match, not match the opposite. In this
particular case then the acl does effectively nothing. Only dscp 43
and 46 will be matched.

HTH,

Brian McGahan, CCIE #8593 (R&S/SP/Security)
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.internetworkexpert.com

On Oct 14, 2007, at 10:49 AM, "Simon Grace" <SimonG@pcsystems.gr> wrote:

> HI Jef
>
> I'm just about to finish up for the day but a quick one from me.
>
> The access list will not match anything as you don't have any permit
> statements and there is a explicit deny everythin at the end. You need
> the ACL to match something if you are stating it with the match
> statement in the class-map.
>
> Off the top of my head, have you thought about permitting IP with the
> ACL and then doing a "match not" in the class-map.
>
> All of the above is a bit rushed but I thought I'd jot a couple of
> things down in case they gave you some other things to think about
>
> Cheers,
> Simon.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> Jeff Koh
> Sent: Sunday, October 14, 2007 5:33 PM
> To: ccielab@groupstudy.com
> Subject: Re: Question on QoS
>
> Hi there,
>
> class-map match-any DSCP-IN-Voice
> match access-group name DSCP-IN-Voice
> match ip dscp ef
> match ip dscp 43
>
> policy-map COS-IN
> class DSCP-IN-Voice
> set ip dscp ef
>
> ip access-list extended DSCP-IN-Voice
> deny ip any any
>
> interface Vlan200
> service-policy input COS-IN
>
> in the class-map, the first match statement is infact deny any ip, my
> question is, does this condition match and it will move out of this
> class and set ip dscp ef?
>
> Or it should never be matched since the access-list will only be
> matched
> for a permit statement else it wont? Since i have the match-any on the
> class-map it will go to the next statement? thanks!!
>
> thanks!
>
> jef
> _________________________________________________________________
> Get your free suite of Windows Live services!
> http://www.get.live.com/wl/all
>
>

• Next message: Simon Grace: "RE: ip nat enable , NVI0 stays administratively down"
• Previous message: Gary Lee: "ODR / proxy-arp problem"
• Maybe in reply to: Simon Grace: "RE: Question on QoS"
• Next in thread: Scott Morris: "RE: Question on QoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:14 ART