Re: "match vlan" on a 3550....

Hi Bryan,

Just had a real quick play with this, and it seems the IOS is _very_
finicky about the order of commands. I couldn't get it to work either,
initially, then started getting %QM-4-CLASS_NOT_SUPPORTED messages,
service-policy removing itself etc. So to clean up I just:

no policy-map PER_PORT_PER_VLAN
no class-map match-all VLAN_300_IP
no class-map match-all IP_ANY
no ip access-list extended 120
!
access-list 120 permit ip any any
!
class-map match-all IP_ANY
  match access-group 120
class-map match-all VLAN_300_IP
  match vlan 300
  match class-map IP_ANY
!
policy-map PER_PORT_PER_VLAN
  class VLAN_300_IP
   set ip precedence 1

int fa0/13
 service-policy input PER_PORT_PER_VLAN

And voila! it's working now. The order of the "match" statements in
class-map VLAN_300_IP seemed to be the key to avoiding the errors --
but I'm not sure you were getting those in the first place.

SW4#clear mls qos interface fa0/13 statistics

<< start ping from R1 >>

SW4#sh mls qos int fa0/13 stat
FastEthernet0/13
Ingress
  dscp: incoming no_change classified policed dropped (in bytes)
Others: 823468 64 823404 0 0

SW4#sh mls qos int fa0/13 stat
FastEthernet0/13
Ingress
  dscp: incoming no_change classified policed dropped (in bytes)
Others: 1026492 128 1026364 0 0

SW4#sh mls qos int fa0/13 stat
FastEthernet0/13
Ingress
  dscp: incoming no_change classified policed dropped (in bytes)
Others: 1435308 192 1435116 0 0

SW4#sh mls qos int fa0/13 stat
FastEthernet0/13
Ingress
  dscp: incoming no_change classified policed dropped (in bytes)
Others: 1744114 192 1743922 0 0

To verify:

SW4(config)#access-list 150 permit ip any any precedence 0
SW4(config)#access-list 150 permit ip any any precedence 1
SW4(config)#access-list 150 permit ip any any precedence 2
SW4(config)#access-list 150 permit ip any any precedence 3
SW4(config)#access-list 150 permit ip any any precedence 4
SW4(config)#access-list 150 permit ip any any precedence 5
SW4(config)#access-list 150 permit ip any any precedence 6
SW4(config)#access-list 150 permit ip any any precedence 7
SW4(config)#int vlan300
SW4(config-if)#ip access-group 150 in

SW4#sh access-list 150
Extended IP access list 150
    10 permit ip any any precedence routine
    20 permit ip any any precedence priority (4575 matches)
    30 permit ip any any precedence immediate
    40 permit ip any any precedence flash
    50 permit ip any any precedence flash-override
    60 permit ip any any precedence critical
    70 permit ip any any precedence internet
    80 permit ip any any precedence network
SW4#sh access-list 150
Extended IP access list 150
    10 permit ip any any precedence routine
    20 permit ip any any precedence priority (27522 matches)
    30 permit ip any any precedence immediate
    40 permit ip any any precedence flash
    50 permit ip any any precedence flash-override
    60 permit ip any any precedence critical
    70 permit ip any any precedence internet
    80 permit ip any any precedence network

cheers,
Dale

On Mon, Apr 20, 2009 at 11:31 AM, Modular <modulartx_at_gmail.com> wrote:
>
> yes.... mls qos is enabled.... and set ip prec is under the class. As I was
> composing the email it occurred to me
> that it might require an action, so I added it to the config and tried
> it.... but it failed. I went ahead and typed it into the
> config in the email that I was composing, but typed it into the wrong spot.
>
> Thanks for the help...
>
> Bryan R.
>
> On 4/19/09, Dale Shaw <dale.shaw_at_gmail.com> wrote:
>>
>> Hi,
>>
>> It's just a stab in the dark, but do you have 'mls qos' enabled on Cat2?
>>
>> And I assume your policy-map is actually:
>>
>> policy-map test
>> class vlan
>> set ip precedence 1
>>
>> Per-Port Per-VLAN QoS is definitely supported on the c3550.. what does
>> "sh mls qos" say?
>>
>> cheers,
>> Dale
>>
>> On Mon, Apr 20, 2009 at 11:05 AM, Modular <modulartx_at_gmail.com> wrote:
>> >
>> > Has anyone here had any luck using match vlan on a 3550? No matter
>> > what I
>> > do
>> > I can t seem to get it to run or even show that it s working. I m
>> > running
>> > 12.2(44)SE3
>> > and I ll paste my config below.
>> >
>> > I have two routers set up in the same VLAN. One router is in switch 1
>> > and
>> > the second
>> > in switch 2. There is only one trunk link between switch 1 & 2. (FE
>> > 0/23)
>> > I ve placed the service-policy on the FE 0/23 trunk port of switch 2.
>> > So, if
>> > I telnet from R1 in switch 1 to R2 in switch 2 that traffic, Vlan 300,
>> > should be matched by the policy but it doesn t.??
>> >
>> >
>> > class-map match-all ipall
>> > match access-group 101
>> > class-map match-all vlan
>> > match vlan 300
>> > match class-map ipall
>> > !
>> > policy-map test
>> > set ip precedence 1
>> > class vlan
>> > !
>> > access-list 101 permit ip any any
>> >
>> > interface FastEthernet0/23
>> > switchport trunk encapsulation dot1q
>> > switchport mode trunk
>> > service-policy input test
>> >
>> >
>> > This is the output after I both pinged and telneted to R6
>> >
>> > Cat2#show policy-map interface fast 0/23
>> > FastEthernet0/23
>> >
>> > Service-policy input: test
>> >
>> > Class-map: vlan (match-all)
>> > 0 packets, 0 bytes
>> > 5 minute offered rate 0 bps, drop rate 0 bps
>> > Match: vlan 300
>> > Match: class-map match-all ipall
>> > Match: access-group 101
>> >
>> > Class-map: class-default (match-any)
>> > 0 packets, 0 bytes
>> > 5 minute offered rate 0 bps, drop rate 0 bps
>> > Match: any
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> >
>> > Thanks,
>> >
>> > Bryan R.

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 20 2009 - 11:46:39 ART