From: gladston@br.ibm.com
Date: Wed Jun 22 2005 - 11:11:06 GMT-3
Hi Bob,
Sorry to take so long to test it. I have access to that lab just today.
I want to trust and mark down precedence using service-policy IN.
It seems IOS gets lost when changing commands under police. If the
interface is reset (clear interface) or shut and "no shut" it starts to
work correctly. (at least on version C3550-I5K2L2Q3-M it happened more
than once)
After doing that (reset on the interface after changing) and confirm (as
you recommended) that police mapping is fine, it is working:
class-map match-all Set-with-police
match access-group 121
!
policy-map Set-with-police
class Set-with-police
police 8000 8000 exceed-action policed-dscp-transmit
trust ip-precedence
CAT2 trust traffic from the router and mark down it, using IN
service-policy
I changed a little bit the precedence. R5 is monitoring. R7 marks packets
with prec 5. CAT2 trust and mark it down to 1 when exceeding the reate.
r5#sh int e 0/0 precedence
Ethernet0/0
Input
Precedence 0: 103668 packets, 11790233 bytes
Precedence 1: 312 packets, 35568 bytes
Precedence 5: 12010 packets, 1365281 bytes
r5#sh int e 0/0 precedence
Ethernet0/0
Input
Precedence 0: 103668 packets, 11790233 bytes
Precedence 1: 342 packets, 38948 bytes
Precedence 5: 12018 packets, 1366193 bytes
r5#sh int e 0/0 precedence
Ethernet0/0
Input
Precedence 0: 103668 packets, 11790233 bytes
Precedence 1: 401 packets, 45674 bytes
Precedence 5: 12036 packets, 1368245 bytes
Thanks
------------------------------------------------------------------
Gladston
"Bob Sinclair" <bsin@cox.net>
02/06/2005 21:14
To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR
cc
<ccielab@groupstudy.com>
Subject
Re: Policie and Trust Actions
Gladston,
You want to trust precedence (marked to IPP 3) then mark it down if
non-conforming to IPP 2, right? IPP 3 is DSCP CS3 (decimal 24), and IPP
2 is DSCP CS2 (decimal 16). Could you try this:
mls qos map policed-dscp 24 to 16
?
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: gladston@br.ibm.com
To: Bob Sinclair
Cc: ccielab@groupstudy.com
Sent: Thursday, June 02, 2005 6:24 PM
Subject: Re: Policie and Trust Actions
Thanks for the reply Bob,
R1 is connected to CAT2, CAT2 is connected to R2.
R1 markes packets with precedence 3.
I am trying to police traffic entering CAT2 so packets that exceeds are
marked down.
Service police is applyed INbound on CAT2. I need to trust marks from R1
and marked packets down. If I just use 'trust' under the policy, it works.
If I just use 'police' it does not works because packets from R1 are not
trusted and reset to 0.
It can be achieved using two policies, on that trust on CAT2 interface
that leads to R1 and one that police on interface that leads to R2.
I am wondering if it is not possible just using on policy IN. Tests
showed
it do not work.
Cordially,
------------------------------------------------------------------
Alaerte Gladston Vidali
IBM Global Services - SO
Tel.55+11+2121-2879 Fax:55+11+2121-2449
"Bob Sinclair" <bsin@cox.net>
02/06/2005 12:27
To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR, <ccielab@groupstudy.com>
cc
Subject
Re: Policie and Trust Actions
Gladston,
Not sure of your problem. I have done a 'set' and 'police' in the same
policy, but have not tried 'trust' except on the interface. Have you
verified that each action works as expected independently? You are
aware
DSCP 3 and DSCP 2 both map to IP Precedence 0?
HTH,
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: gladston@br.ibm.com
To: ccielab@groupstudy.com
Sent: Thursday, June 02, 2005 9:43 AM
Subject: Policie and Trust Actions
Do you know if it is possible to trust and police IN?
Just 'trust' work, but police with trust under the same policy applyed
inbound does not work
It is not working:
mls qos map policed-dscp 3 to 2
!
class-map match-all Set-with-police
match access-group 121
!
policy-map Set-with-police
class Set-with-police
police 8000 8000 exceed-action policed-dscp-transmit
trust ip-precedence
!
cat2#sh run int fa 0/22
Building configuration...
Current configuration : 194 bytes
!
interface FastEthernet0/22
switchport trunk encapsulation isl
switchport mode trunk
switchport nonegotiate
no ip address
service-policy input Set-with-police
spanning-tree portfast
end
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:42 GMT-3