Re: checking DSCP marking on the traffic

I agree a good way to do this is to create an ACL with logging in the
transit path like below.

! ACL MATCHES WHATEVER DSCP YOU ARE LOOKING FOR
access-list 101 permit ip any any dscp 26 log
access-list 101 permit ip any any dscp 34 log
access-list 101 permit ip any any dscp 46 log
access-list 101 permit ip any any
!
int fa0/0
 ! APPLY TO TRANSIT ROUTER
 ip access-group 101 in

On Thu, Sep 8, 2011 at 6:15 PM, James Poplawski <jb.poplawski_at_gmail.com>wrote:

> Can you implement an acl in transit somewhere? Permit a route any any
> eq dscp af41 and then permit ip any any?
>
> Sent from my iPhone
>
> On Sep 8, 2011, at 5:12 PM, BALAKRISHNAN Balaji
> <Balaji.BALAKRISHNAN_at_swift.com> wrote:
>
> > Problem is I can't do show command on the originating switch.. I want to
> check on the intermediate router or switch to confirm that the dscp marking
> is preserved and not lost during the transit.
> > No wireshark is not an option.
> >
> > Rgds
> > Bala
> >
> >
> >> -----Original Message-----
> >> From: JB Poplawski [mailto:jb.poplawski_at_gmail.com]
> >> Sent: Thursday, September 08, 2011 5:57 PM
> >> To: BALAKRISHNAN Balaji
> >> Cc: ccielab_at_groupstudy.com
> >> Subject: Re: checking DSCP marking on the traffic
> >>
> >> Well the hitcounts should show you it's happening. Narbik has a good
> >> lab where you create an ACL with every marking and perform various
> >> pings.
> >>
> >> The other option would be to span a port and use Wireshark. By the
> >> way you worded that last comment, I'm assuming that's what you meant.
> >> http://www.wireshark.org/
> >>
> >>
> >> On Thu, Sep 8, 2011 at 4:52 PM, BALAKRISHNAN Balaji
> >> <Balaji.BALAKRISHNAN_at_swift.com> wrote:
> >>> Thanx..
> >>>
> >>> But I am looking for something that shows that marking on the traffic
> >>>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: JB Poplawski [mailto:jb.poplawski_at_gmail.com]
> >>>> Sent: Thursday, September 08, 2011 5:20 PM
> >>>> To: BALAKRISHNAN Balaji
> >>>> Subject: Re: checking DSCP marking on the traffic
> >>>>
> >>>> show policy-map int
> >>>>
> >>>> You should see hit counts on the show commands.
> >>>> JB
> >>>>
> >>>>
> >>>> On Thu, Sep 8, 2011 at 3:49 PM, BALAKRISHNAN Balaji
> >>>> <Balaji.BALAKRISHNAN_at_swift.com> wrote:
> >>>>> Hi all,
> >>>>>
> >>>>> Struggling to find any show or debug commands that would tell you
> the DSCP
> >>>>> setting/marking on the traffic. Following is the sample configs,
> >>>>>
> >>>>>
> >>>>> policy-map PM-FIN
> >>>>> class class-default
> >>>>> set ip dscp af11
> >>>>> !
> >>>>> interface GigabitEthernet1/3
> >>>>> service-policy input PM-FIN
> >>>>> !
> >>>>> class-map match-all CM-FIN
> >>>>> match ip dscp af11
> >>>>> !
> >>>>> policy-map PM-child
> >>>>> class CM-FIN
> >>>>> bandwidth percent 40
> >>>>> class class-default
> >>>>> bandwidth percent 60
> >>>>> !
> >>>>> policy-map PM-parent
> >>>>> class class-default
> >>>>> shape average 1000000
> >>>>> service-policy PM-child
> >>>>>
> >>>>> !
> >>>>> interface GigabitEthernet0/3
> >>>>> service-policy output PM-parent
> >>>>>
> >>>>>
> >>>>>
> >>>>> How do I verify that the traffic coming on the Gig 1/3 correctly
> marked with
> >>>>> af11 and correctly matched by the class CM-FIN ??
> >>>>>
> >>>>> Thanx for the help.
> >>>>>
> >>>>>
> >>>>> Rgds
> >>>>> Bala
> >>>>>
> >>>>>
> >>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>
> >>>>>
> _______________________________________________________________________
> >>>>> Subscription information may be found at:
> >>>>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Regards,
Joe Astorino
CCIE #24347
Blog: http://astorinonetworks.com
"He not busy being born is busy dying" - Dylan
Blogs and organic groups at http://www.ccie.net