From: Alex Steer (alex.steer@eison.co.uk)
Date: Wed Nov 07 2007 - 13:33:56 ART
No point whatsoever. The only time I think I would use this is to prove
that traffic is getting correctly marked in the ccie lab.
I still the behaviour is very unexpected.
Any thoughts?
-----Original Message-----
From: Joseph Saad [mailto:joseph.samir.saad@gmail.com]
Sent: 07 November 2007 16:30
To: Alex Steer
Subject: Re: mls qos rewrite ip dscp (default command, are you sure?)
How will it help anyone to rewrite DSCP values for traffic destined to
the switch itself? i.e. not existing via an egress port/queue.
On Nov 7, 2007 5:08 PM, Alex Steer <alex.steer@eison.co.uk> wrote:
> I'm abit baffled as the the outcome of this. If you ping the SVI on
the
> switch no rewrite seems to occur. However if you ping another device
on
> the switch a rewrite does occur. Presumably on egress.
>
> Apparently "no mls qos rewrite ip dscp" (default command being the -no
> variant) is supposed to produce this behaviour. I have not configured
> it so the rewrite should be happening on ingress.
>
>
>
> I've labbed this same scenario using the alternative configuration of
a
> 3550 using nested class-maps and it does rewrite the ip dscp on
ingress.
> The svi on the 3550 does see ef packets.
>
>
>
> Can anybody think of a cause for this as I was under the impression
that
> no mls qos rewrite ip dscp would cause this behaviour IF I had
> configured it.
>
>
>
> Thanks in advance
>
>
>
> Alex
>
>
>
> Btw: the config below is hand written not from the lab so if is isn't
> perfect then that's my typing, it's here purely to show the scenario.
>
>
>
> Here is the scenario,
>
>
>
> R5-----Sw1-----R3
>
>
>
> Router3
>
>
>
> Access-list 101 permit ip any any dscp 0
>
> Access-list 101 permit ip any any dscp ef
>
> Access-list 101 permit ip any any
>
>
>
> Int e0/0
>
> Ip address 10.0.0.3 255.255.255.0
>
> Ip access-group 101 in
>
>
>
> Router5
>
>
>
> Access-list 101 permit ip any any dscp 0
>
> Access-list 101 permit ip any any dscp ef
>
> Access-list 101 permit ip any any
>
>
>
> Int e0/0
>
> Ip address 10.0.0.5 255.255.255.0
>
> Ip access-group 101 in
>
>
>
>
>
> Switch1
>
>
>
> Access-list 101 permit ip any any dscp 0
>
> Access-list 101 permit ip any any dscp 46
>
> Access-list 101 permit ip any any
>
> Access-list 110 permit ip any any
>
>
>
> Class-map vlan5
>
> Match access-group 110
>
> Policy-map vlan5
>
> Class vlan5
>
> Set dscp ef
>
>
>
> Int fa0/3
>
> Mls qos vlan-based
>
> Swi mode acc
>
> Swi acc vlan 5
>
>
>
> Int fa0/5
>
> Mls qos vlan-based
>
> Swi mode acc
>
> Swi acc vlan 5
>
>
>
> Int vlan 5
>
> Ip address 10.0.0.7 255.255.255.0
>
> Ip access-group 101 in
>
> Service-policy input vlan5
>
>
>
>
>
> Router5
>
> Ping 10.0.0.7 repeat 1000
>
> Ping 10.0.0.3 repeat 1000
>
>
>
> Switch1
>
> Show access-list 101 | inc matches
>
> 10 permit ip any any dscp default (1000 matches)
>
>
>
> Router3
>
> Show access-list 101 | inc matches
>
> 10 permit ip any any dscp ef (1000 matches)
>
>
>
>
>
>
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
>
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART