From: Bob Sinclair (bsin@cox.net)
Date: Thu Jun 02 2005 - 21:14:16 GMT-3
Gladston,
You want to trust precedence (marked to IPP 3) then mark it down if
non-conforming to IPP 2, right? IPP 3 is DSCP CS3 (decimal 24), and IPP 2 is
DSCP CS2 (decimal 16). Could you try this:
mls qos map policed-dscp 24 to 16
?
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: gladston@br.ibm.com
To: Bob Sinclair
Cc: ccielab@groupstudy.com
Sent: Thursday, June 02, 2005 6:24 PM
Subject: Re: Policie and Trust Actions
Thanks for the reply Bob,
R1 is connected to CAT2, CAT2 is connected to R2.
R1 markes packets with precedence 3.
I am trying to police traffic entering CAT2 so packets that exceeds are
marked down.
Service police is applyed INbound on CAT2. I need to trust marks from R1
and marked packets down. If I just use 'trust' under the policy, it works.
If I just use 'police' it does not works because packets from R1 are not
trusted and reset to 0.
It can be achieved using two policies, on that trust on CAT2 interface
that leads to R1 and one that police on interface that leads to R2.
I am wondering if it is not possible just using on policy IN. Tests showed
it do not work.
Cordially,
------------------------------------------------------------------
Alaerte Gladston Vidali
IBM Global Services - SO
Tel.55+11+2121-2879 Fax:55+11+2121-2449
"Bob Sinclair" <bsin@cox.net>
02/06/2005 12:27
To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR, <ccielab@groupstudy.com>
cc
Subject
Re: Policie and Trust Actions
Gladston,
Not sure of your problem. I have done a 'set' and 'police' in the same
policy, but have not tried 'trust' except on the interface. Have you
verified that each action works as expected independently? You are aware
DSCP 3 and DSCP 2 both map to IP Precedence 0?
HTH,
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: gladston@br.ibm.com
To: ccielab@groupstudy.com
Sent: Thursday, June 02, 2005 9:43 AM
Subject: Policie and Trust Actions
Do you know if it is possible to trust and police IN?
Just 'trust' work, but police with trust under the same policy applyed
inbound does not work
It is not working:
mls qos map policed-dscp 3 to 2
!
class-map match-all Set-with-police
match access-group 121
!
policy-map Set-with-police
class Set-with-police
police 8000 8000 exceed-action policed-dscp-transmit
trust ip-precedence
!
cat2#sh run int fa 0/22
Building configuration...
Current configuration : 194 bytes
!
interface FastEthernet0/22
switchport trunk encapsulation isl
switchport mode trunk
switchport nonegotiate
no ip address
service-policy input Set-with-police
spanning-tree portfast
end
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3