Re: mls qos rewrite ip dscp (default command, are you sure?)

From: shiran guez (shiranp3@gmail.com)
Date: Wed Nov 07 2007 - 16:05:28 ART

• Next message: oedyp: "Re: Second opinion appreciated on ACL's"
• Previous message: Joseph Brunner: "RE: ospf virtual-link over totally stubby area"
• Maybe in reply to: Alex Steer: "mls qos rewrite ip dscp (default command, are you sure?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I didn't test it but I think that the order of operation is the cause you do
not see the packets on the Switch remarked, the access list is before the
service policy, If you would put service-policy output vlan5, i assume that
you would see the switch marking his echo-replay.

but this is only my guss, I do need to test it!

On Nov 7, 2007 6:33 PM, Alex Steer <alex.steer@eison.co.uk> wrote:

> No point whatsoever. The only time I think I would use this is to prove
> that traffic is getting correctly marked in the ccie lab.
>
> I still the behaviour is very unexpected.
>
> Any thoughts?
>
> -----Original Message-----
> From: Joseph Saad [mailto:joseph.samir.saad@gmail.com]
> Sent: 07 November 2007 16:30
> To: Alex Steer
> Subject: Re: mls qos rewrite ip dscp (default command, are you sure?)
>
> How will it help anyone to rewrite DSCP values for traffic destined to
> the switch itself? i.e. not existing via an egress port/queue.
>
> On Nov 7, 2007 5:08 PM, Alex Steer <alex.steer@eison.co.uk> wrote:
> > I'm abit baffled as the the outcome of this. If you ping the SVI on
> the
> > switch no rewrite seems to occur. However if you ping another device
> on
> > the switch a rewrite does occur. Presumably on egress.
> >
> > Apparently "no mls qos rewrite ip dscp" (default command being the -no
> > variant) is supposed to produce this behaviour. I have not configured
> > it so the rewrite should be happening on ingress.
> >
> >
> >
> > I've labbed this same scenario using the alternative configuration of
> a
> > 3550 using nested class-maps and it does rewrite the ip dscp on
> ingress.
> > The svi on the 3550 does see ef packets.
> >
> >
> >
> > Can anybody think of a cause for this as I was under the impression
> that
> > no mls qos rewrite ip dscp would cause this behaviour IF I had
> > configured it.
> >
> >
> >
> > Thanks in advance
> >
> >
> >
> > Alex
> >
> >
> >
> > Btw: the config below is hand written not from the lab so if is isn't
> > perfect then that's my typing, it's here purely to show the scenario.
> >
> >
> >
> > Here is the scenario,
> >
> >
> >
> > R5-----Sw1-----R3
> >
> >
> >
> > Router3
> >
> >
> >
> > Access-list 101 permit ip any any dscp 0
> >
> > Access-list 101 permit ip any any dscp ef
> >
> > Access-list 101 permit ip any any
> >
> >
> >
> > Int e0/0
> >
> > Ip address 10.0.0.3 255.255.255.0
> >
> > Ip access-group 101 in
> >
> >
> >
> > Router5
> >
> >
> >
> > Access-list 101 permit ip any any dscp 0
> >
> > Access-list 101 permit ip any any dscp ef
> >
> > Access-list 101 permit ip any any
> >
> >
> >
> > Int e0/0
> >
> > Ip address 10.0.0.5 255.255.255.0
> >
> > Ip access-group 101 in
> >
> >
> >
> >
> >
> > Switch1
> >
> >
> >
> > Access-list 101 permit ip any any dscp 0
> >
> > Access-list 101 permit ip any any dscp 46
> >
> > Access-list 101 permit ip any any
> >
> > Access-list 110 permit ip any any
> >
> >
> >
> > Class-map vlan5
> >
> > Match access-group 110
> >
> > Policy-map vlan5
> >
> > Class vlan5
> >
> > Set dscp ef
> >
> >
> >
> > Int fa0/3
> >
> > Mls qos vlan-based
> >
> > Swi mode acc
> >
> > Swi acc vlan 5
> >
> >
> >
> > Int fa0/5
> >
> > Mls qos vlan-based
> >
> > Swi mode acc
> >
> > Swi acc vlan 5
> >
> >
> >
> > Int vlan 5
> >
> > Ip address 10.0.0.7 255.255.255.0
> >
> > Ip access-group 101 in
> >
> > Service-policy input vlan5
> >
> >
> >
> >
> >
> > Router5
> >
> > Ping 10.0.0.7 repeat 1000
> >
> > Ping 10.0.0.3 repeat 1000
> >
> >
> >
> > Switch1
> >
> > Show access-list 101 | inc matches
> >
> > 10 permit ip any any dscp default (1000 matches)
> >
> >
> >
> > Router3
> >
> > Show access-list 101 | inc matches
> >
> > 10 permit ip any any dscp ef (1000 matches)
> >
> >
> >
> >
> >
> >
> >
> >
> > ______________________________________________________________________
> > This email has been scanned by the MessageLabs Email Security System.
> > For more information please visit http://www.messagelabs.com/email
> > ______________________________________________________________________
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Shiran Guez
MCSE CCNP NCE1
http://cciep3.blogspot.com
http://www.linkedin.com/in/cciep3

• Next message: oedyp: "Re: Second opinion appreciated on ACL's"
• Previous message: Joseph Brunner: "RE: ospf virtual-link over totally stubby area"
• Maybe in reply to: Alex Steer: "mls qos rewrite ip dscp (default command, are you sure?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART