From: sabrina pittarel (sabri_esame@yahoo.com)
Date: Tue Aug 29 2006 - 02:30:32 ART
Hi,
do I need to enable CEF when marking traffic?
From Cisco documentation it seems it is required:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Prerequisites for Marking Network Traffic
b"In order to mark network traffic, Cisco Express Forwarding (CEF) must be configured on both the interface receiving the traffic and the interface sending the traffic.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
but I can see it working even without CEF.
Topology:
e0/1 e0/2 e0/0
R1 --------------------- R3 -----------------------R2
I'm pinging from R1 to R2. R3 e0/1 has a policy-map in ingress direction that marks all ingress traffic as af43.
On R2 I have an access list that permits and logs traffic with DSCP af43.
On R3:
---------
R3#sh run int e0/1
Building configuration...
Current configuration : 125 bytes
!
interface Ethernet0/1
description "to R1 e0/0"
ip address 136.1.17.7 255.255.255.0
service-policy input e0/1-in-pm <<<<<<<<<<<<<<<<<<<
end
R3#sh ser
R3#sh policy-map e0/1-in-pm
Policy Map e0/1-in-pm
Class class-default
set dscp af43 <<<<<<<<<<<<<<<<<<<<<<<<
R3#sh policy-map int e0/1
Ethernet0/1
Service-policy input: e0/1-in-pm
Class-map: class-default (match-any)
5 packets, 570 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
QoS Set
dscp af43
Packets marked 5 <<<<<<<<<<<<<<<<
R3#
R3#sh ip cef
%CEF not running
Prefix Next Hop Interface
On R2:
R2#
*Aug 29 05:26:05.931: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 136.1.17.1 -> 136.1.27.2 (0/0), 4 packets
R2#
R2#
R2#sh run int e0/0
Building configuration...
Current configuration : 117 bytes
!
interface Ethernet0/0
description "to SW1 e0/2"
ip address 136.1.27.2 255.255.255.0
ip access-group 100 in
end
R2#sh ip access
R2#sh ip access-lists 100
Extended IP access list 100
10 permit ip any any dscp af43 log (5 matches)
R2#
Sabrina
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:59 ART