I don't think you need it, as you're manually marking the traffic, not
accepting the marked traffic from the host.
I think
Sent from my iPhone
On Sep 9, 2011, at 5:41 PM, BALAKRISHNAN Balaji <
Balaji.BALAKRISHNAN_at_swift.com> wrote:
All,
Thanx for the response.. I think access-list is the best option.
One more question..Where do we need to apply the command �mls qos trust
dscp� Inbound or outbound interface to preserve the DSCP marking ?
Rgds
Bala
*From:* Joe Astorino [mailto:joeastorino1982_at_gmail.com]
*Sent:* Friday, September 09, 2011 1:18 AM
*To:* James Poplawski
*Cc:* BALAKRISHNAN Balaji; ccielab_at_groupstudy.com
*Subject:* Re: checking DSCP marking on the traffic
I agree a good way to do this is to create an ACL with logging in the
transit path like below.
! ACL MATCHES WHATEVER DSCP YOU ARE LOOKING FOR
access-list 101 permit ip any any dscp 26 log
access-list 101 permit ip any any dscp 34 log
access-list 101 permit ip any any dscp 46 log
access-list 101 permit ip any any
!
int fa0/0
! APPLY TO TRANSIT ROUTER
ip access-group 101 in
On Thu, Sep 8, 2011 at 6:15 PM, James Poplawski <jb.poplawski_at_gmail.com>
wrote:
Can you implement an acl in transit somewhere? Permit a route any any
eq dscp af41 and then permit ip any any?
Sent from my iPhone
On Sep 8, 2011, at 5:12 PM, BALAKRISHNAN Balaji
<Balaji.BALAKRISHNAN_at_swift.com> wrote:
> Problem is I can't do show command on the originating switch.. I want to
check on the intermediate router or switch to confirm that the dscp marking
is preserved and not lost during the transit.
> No wireshark is not an option.
>
> Rgds
> Bala
>
>
>> -----Original Message-----
>> From: JB Poplawski [mailto:jb.poplawski_at_gmail.com]
>> Sent: Thursday, September 08, 2011 5:57 PM
>> To: BALAKRISHNAN Balaji
>> Cc: ccielab_at_groupstudy.com
>> Subject: Re: checking DSCP marking on the traffic
>>
>> Well the hitcounts should show you it's happening. Narbik has a good
>> lab where you create an ACL with every marking and perform various
>> pings.
>>
>> The other option would be to span a port and use Wireshark. By the
>> way you worded that last comment, I'm assuming that's what you meant.
>> http://www.wireshark.org/
>>
>>
>> On Thu, Sep 8, 2011 at 4:52 PM, BALAKRISHNAN Balaji
>> <Balaji.BALAKRISHNAN_at_swift.com> wrote:
>>> Thanx..
>>>
>>> But I am looking for something that shows that marking on the traffic
>>>
>>>
>>>
>>>> -----Original Message-----
>>>> From: JB Poplawski [mailto:jb.poplawski_at_gmail.com]
>>>> Sent: Thursday, September 08, 2011 5:20 PM
>>>> To: BALAKRISHNAN Balaji
>>>> Subject: Re: checking DSCP marking on the traffic
>>>>
>>>> show policy-map int
>>>>
>>>> You should see hit counts on the show commands.
>>>> JB
>>>>
>>>>
>>>> On Thu, Sep 8, 2011 at 3:49 PM, BALAKRISHNAN Balaji
>>>> <Balaji.BALAKRISHNAN_at_swift.com> wrote:
>>>>> Hi all,
>>>>>
>>>>> Struggling to find any show or debug commands that would tell you the
DSCP
>>>>> setting/marking on the traffic. Following is the sample configs,
>>>>>
>>>>>
>>>>> policy-map PM-FIN
>>>>> class class-default
>>>>> set ip dscp af11
>>>>> !
>>>>> interface GigabitEthernet1/3
>>>>> service-policy input PM-FIN
>>>>> !
>>>>> class-map match-all CM-FIN
>>>>> match ip dscp af11
>>>>> !
>>>>> policy-map PM-child
>>>>> class CM-FIN
>>>>> bandwidth percent 40
>>>>> class class-default
>>>>> bandwidth percent 60
>>>>> !
>>>>> policy-map PM-parent
>>>>> class class-default
>>>>> shape average 1000000
>>>>> service-policy PM-child
>>>>>
>>>>> !
>>>>> interface GigabitEthernet0/3
>>>>> service-policy output PM-parent
>>>>>
>>>>>
>>>>>
>>>>> How do I verify that the traffic coming on the Gig 1/3 correctly
marked with
>>>>> af11 and correctly matched by the class CM-FIN ??
>>>>>
>>>>> Thanx for the help.
>>>>>
>>>>>
>>>>> Rgds
>>>>> Bala
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>>
Received on Sat Sep 10 2011 - 09:23:09 ART