mls qos rewrite ip dscp (default command, are you sure?)

From: Alex Steer (alex.steer@eison.co.uk)
Date: Wed Nov 07 2007 - 10:08:18 ART

• Next message: Joseph Brunner: "RE: CCIE create TAC support will bypass the first level"
• Previous message: Guyler, Rik: "RE: CCIE create TAC support will bypass the first level"
• Next in thread: Alex Steer: "RE: mls qos rewrite ip dscp (default command, are you sure?)"
• Maybe reply: Alex Steer: "RE: mls qos rewrite ip dscp (default command, are you sure?)"
• Maybe reply: shiran guez: "Re: mls qos rewrite ip dscp (default command, are you sure?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm abit baffled as the the outcome of this. If you ping the SVI on the
switch no rewrite seems to occur. However if you ping another device on
the switch a rewrite does occur. Presumably on egress.

Apparently "no mls qos rewrite ip dscp" (default command being the -no
variant) is supposed to produce this behaviour. I have not configured
it so the rewrite should be happening on ingress.

I've labbed this same scenario using the alternative configuration of a
3550 using nested class-maps and it does rewrite the ip dscp on ingress.
The svi on the 3550 does see ef packets.

Can anybody think of a cause for this as I was under the impression that
no mls qos rewrite ip dscp would cause this behaviour IF I had
configured it.

Thanks in advance

Alex

Btw: the config below is hand written not from the lab so if is isn't
perfect then that's my typing, it's here purely to show the scenario.

Here is the scenario,

R5-----Sw1-----R3

Router3

Access-list 101 permit ip any any dscp 0

Access-list 101 permit ip any any dscp ef

Access-list 101 permit ip any any

Int e0/0

Ip address 10.0.0.3 255.255.255.0

Ip access-group 101 in

Router5

Access-list 101 permit ip any any dscp 0

Access-list 101 permit ip any any dscp ef

Access-list 101 permit ip any any

Int e0/0

Ip address 10.0.0.5 255.255.255.0

Ip access-group 101 in

Switch1

Access-list 101 permit ip any any dscp 0

Access-list 101 permit ip any any dscp 46

Access-list 101 permit ip any any

Access-list 110 permit ip any any

Class-map vlan5

 Match access-group 110

Policy-map vlan5

 Class vlan5

  Set dscp ef

Int fa0/3

Mls qos vlan-based

Swi mode acc

Swi acc vlan 5

Int fa0/5

Mls qos vlan-based

Swi mode acc

Swi acc vlan 5

Int vlan 5

Ip address 10.0.0.7 255.255.255.0

Ip access-group 101 in

Service-policy input vlan5

Router5

Ping 10.0.0.7 repeat 1000

Ping 10.0.0.3 repeat 1000

Switch1

Show access-list 101 | inc matches

    10 permit ip any any dscp default (1000 matches)

Router3

Show access-list 101 | inc matches

    10 permit ip any any dscp ef (1000 matches)

• Next message: Joseph Brunner: "RE: CCIE create TAC support will bypass the first level"
• Previous message: Guyler, Rik: "RE: CCIE create TAC support will bypass the first level"
• Next in thread: Alex Steer: "RE: mls qos rewrite ip dscp (default command, are you sure?)"
• Maybe reply: Alex Steer: "RE: mls qos rewrite ip dscp (default command, are you sure?)"
• Maybe reply: shiran guez: "Re: mls qos rewrite ip dscp (default command, are you sure?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART