From: shiran guez (shiranp3@gmail.com)
Date: Thu Aug 14 2008 - 17:04:14 ART
I suggest you will sniff the traffic going out from your interface to the
router and you will understand why it is matched by the class default.
hint: fragment is not identified as icmp
On 8/14/08, Joseph Brunner <joe@affirmedsystems.com> wrote:
>
> I suspect the fragments are not being matched by NBAR and therefore the
> fragment baby pings are being matched by class default.
>
> Can you try reading this link; it explains the behavior
>
> Thanks,
>
> Joe
>
>
> http://www.ubookcase.com/book/Cisco/Cisco.Router.Firewall.Security/index.htm
> l?page=source/1587051753/ch10lev1sec3.html
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of KS
> Anpu
> Sent: Thursday, August 14, 2008 12:43 AM
> To: Cisco certification; anpu samp
> Subject: QoS - Policing
>
> I am facing one issue with qos police command . i have configured a
> class-map (TESTCLASS) to identify the icmp and some other traffics , then
> police the traffic. but when i am testing , if the icmp pkt size is less
> than 1500 the TESTCLASS hit count is increasing , but if i increase the
> icmp
> packet size more than 1600 KB , still it is pinging but default-class
> (class-default) hit count is increasing.
> ANY ONE CAN HELP ME TO FIND ....WHY ?
>
>
> Class Map match-any *TESTCLASS *
> Match protocol icmp
> Match protocol ftp
> Match protocol tftp
>
> Policy Map *TestPolicy*
> Class TESTCLASS
> police cir 8000000 bc 4000 be 4000
> conform-action transmit
> exceed-action drop
>
> R1#SHow RUN INT ETH 0/0
> Building configuration...
>
> Current configuration : 158 bytes
> !
> interface Ethernet0/0
> bandwidth 100000
> ip address 131.1.12.1 255.255.255.0
> full-duplex
> max-reserved-bandwidth 90
> *service-policy output TestPolicy*
> end
>
> R1#show policy-map int eth 0/0
> Ethernet0/0
>
> Service-policy output: TestPolicy
>
> Class-map: TESTCLASS (match-any)
> *0 packets, 0 bytes*
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol icmp
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol ftp
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol tftp
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> police:
> cir 8000000 bps, bc 4000 bytes
> conformed 0 packets, 0 bytes; actions:
> transmit
> exceeded 0 packets, 0 bytes; actions:
> drop
> conformed 0 bps, exceed 0 bps
>
> Class-map: class-default (match-any)
> 22 packets, 16870 bytes
> 5 minute offered rate 2000 bps, drop rate 0 bps
> Match: any
>
> Regards,
> Anbu
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Shiran Guez MCSE CCNP NCE1 CCIE #20572 http://cciep3.blogspot.com http://www.linkedin.com/in/cciep3Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:30 ART