Policy Map bypass issue
Hi,
I am trying to bypass some ip network from policy-map rule.It`s not working.Any one please help me to resolve the problem.
class-map match-any http
match not access-group name http-allow
match protocol http host "www.yyyy.com"
match protocol http host "www.xxxx.net"
policy-map http
class http
police 8000 conform-action drop exceed-action drop
ip access-list extended http-allow
permit ip 192.168.100.2 0.0.0.1 any
permit ip any 192.168.100.2 0.0.0.1
permit ip any any
interface FastEthernet0/0 (WAN Interface)
service-policy input http
the ACL that you have configured is sourcing from the internal host to any on the outside. So you would need to apply that on the inside interface.
If you would like to limit the return traffic towards that host, then you would need to configure ACL with source any and destination the NATed ip address of that internal host.
Similar Messages
-
Hi i have configured following Policy MAp to restrict 12.203 to use 5mb bandwidth.
Issue is that i dont recieve any hits when i apply this on outside interface like that
service-policy PM-RATELIMIT interface outside
But when i add permit ip any any in ACL then i receive hits.
Else This map work fine in inside interface but i want to apply it on outside .
Conf are as follows
access-list vlan10_rate_limit extended permit ip host 192.168.12.203 any
class-map CM-RATELIMIT
match access-list vlan10_rate_limit
policy-map PM-RATELIMIT
class CM-RATELIMIT
police input 5000000the ACL that you have configured is sourcing from the internal host to any on the outside. So you would need to apply that on the inside interface.
If you would like to limit the return traffic towards that host, then you would need to configure ACL with source any and destination the NATed ip address of that internal host. -
I have a 7507 that has policy maps for matching voice for QoS. A show access-list shows that traffic is being matched. A show interface shows that packets are being dropped. The end result is though, that latency is high and call quality is suffering. A show queueing on the interface shows that no packets are being dropped. Any suggestions?
class-map match-all 2505PlanoRd
match access-group name PlanoRd2505-voice
policy-map 2505PlanoRd
class 2505PlanoRd
priority 192
class class-default
fair-queue
interface Serial5/0/0/5:0
bandwidth 1536
ip address xx.xx.xx.xx 255.255.255.252
no ip redirects
no ip unreachables
load-interval 30
service-policy output 2505PlanoRd
ip access-list extended PlanoRd2505-voice
permit ip any any dscp ef
permit ip any any dscp cs6
permit ip any host xx.xx.xx.xx
Core-1#sh access-list PlanoRd2505-voice
Extended IP access list PlanoRd2505-voice
10 permit ip any any dscp ef (124045 matches)
20 permit ip any any dscp cs6 (9779 matches)
30 permit ip any host xx.xx.xx.xx (93010 matches)
Core-1#sh queueing int s5/0/0/5:0
Interface Serial5/0/0/5:0 queueing strategy: VIP-based fair queueing
Serial5/0/0/5:0 queue size 0
pkts output 0, wfq drops 0, nobuffer drops 0
WFQ: aggregate queue limit 384 max available buffers 384
Priority Class: limit 48 qsize 0 pkts output 0 drops 0
Non-Priority Class: limit 336 qsize 0 pkts output 0 drops 0
available bandwidth 1344
Class 0: weight 8750 limit 336 qsize 0 pkts output 0 drops 0
Core-1#sh int s5/0/0/5:0
Serial5/0/0/5:0 is up, line protocol is up
Hardware is cyBus CT3
Internet address is xx.xx.xx.xx
MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec,
reliability 255/255, txload 72/255, rxload 12/255
Encapsulation HDLC, crc 16, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/32 (size/max/drops/flushes); Total output drops: 510996
Queueing strategy: Class-based queueing
Output queue: 0/40 (size/max)
30 second input rate 77000 bits/sec, 57 packets/sec
30 second output rate 439000 bits/sec, 78 packets/sec
80041948 packets input, 17598546217 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 9 giants, 0 throttles
696964 input errors, 38821 CRC, 302664 frame, 92 overrun, 1 ignored, 355377 abort
113990388 packets output, 96683334345 bytes, 0 underruns
0 output errors, 0 collisions, 10 interface resets
0 output buffer failures, 3437585 output buffers swapped out
10 carrier transitions no alarm present
Timeslot(s) Used: 1-24, Transmitter delay is 0 flags
non-inverted data
This is standard VoIp transport selection based on dscp. -
Hi, all:
I'm trying to configure TrendMicro IOS content filtering. I have this working on a separate box, running 15.1.
On this particular testbed, I have a 2900 running:
System image file is "flash0:c2900-universalk9-mz.SPA.152-3.T1.bin"
And the following licensing:
Technology Package License Information for Module:'c2900'
Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data datak9 Permanent datak9
Configuration register is 0x2102
CUBE_GOLD_MEX#show ip trm subscription status
Package Name: Security & Productivity (Trial)
Status: Active
Status Update Time: 18:02:51 CST Mon Jul 23 2012
Expiration-Date: Mon Aug 20 02:00:00 2012
Last Req Status: Processed response successfully
Last Req Sent Time: 18:02:51 CST Mon Jul 23 2012
CUBE_GOLD_MEX#
Also, I have the following config lines on it:
ip host trps.trendmicro.com 216.104.8.100
ip name-server 4.2.2.2
ip cef
multilink bundle-name authenticated
parameter-map type urlfpolicy trend tm-pmap
allow-mode on
[snip]
parameter-map type trend-global trend-glob-map
class-map type inspect match-all http-imap
match protocol http
class-map type urlfilter trend match-any drop-category
match url category Abortion
match url category Activist-Groups
match url category Adult-Mature-Content
match url reputation ADWARE
match url reputation DIALER
match url reputation DISEASE-VECTOR
match url reputation HACKING
match url reputation PASSWORD-CRACKING-APPLICATIONS
match url reputation PHISHING
match url reputation POTENTIALLY-MALICIOUS-SOFTWARE
match url reputation SPYWARE
match url reputation VIRUS-ACCOMPLICE
policy-map type inspect urlfilter trend-policy
class type urlfilter trend drop-category
I have not been able to get to the good part of configuring the ZBF.
I've looked over several configuration examples and can't figure out what I'm doing wrong, since I'm not able to see the command 'parameter-map' under the 'policy-map urlfiltering'
XXXXXX(config)#policy-map type inspect urlfilter trend-policy
XXXXXX(config-pmap)#?
Policy-map configuration commands:
class policy criteria
description Policy-Map description
exit Exit from policy-map configuration mode
no Negate or set default values of a command
XXXXXX(config-pmap)#
I thought it might be an issue with version 15.2.3, but according to configuration guides, commands are the same.
Can anyone provide some assistance?
TIA.
c.Hi Carlos,
I am having the same problem. I have seen a few diffenent configuration examples and they all show adding the "parameter type urlfpolicy trend parm-map-name" command but it doesn't exist, at least in 15.2(3)T1 and I see it listed in the the IOS documentation for 15.2. Maybe they forgot it :-)
I guess I will open a TAC case as I do not want to downgrade...
I will keep you posted if I find the answer.
Regards,
Troy -
Dears HI
please i want to limit Input traffic to a port c3750 to 20Mbps , by Policy-Map
#policy-map A-PM
# class A-CM
#police 20000000 ?
<8000-1000000> Normal burst bytes
#police 20000000 3750000 ?
% Unrecognized command
As you know Normal Burst Bytes of 20Mbps is 3750000 , so why i cant issue this number ?
PLEASE HELP MEHi Rawa,
I dont't agree that the normal burst size would be 3750000.
Go through the following links to calculate the correct burst size:
https://supportforums.cisco.com/thread/151681and https://learningnetwork.cisco.com/thread/53215
Thanks
Ankur
"Please rate the post if found useful" -
Policy-map going into suspended mode over a GRE
Hi
I have a GRE tunnel over another GRE tunnel. When I apply a nested policy on the Child GRE the policy map does not attach, what is the cause. The sho policy-map int Tux/x showed that it is suspended I am not making a breakthrough here. The hard ware platform is ASR 1001
Thanks
DonDownload RecBoot. You can kick it out of recovery mode with that. You may have an underlying issue though causing that. A restore may be in order.
Check out the new remodeled MacOSG website! 24-hour Apple-related news & support.
MacOSG: An Apple User Group iTunes: MacOSG Podcast Follow us on Twitter: MacOSG -
Ok I am going insane here! I have a policy map on one of my 5k's but not the other and seem to create it either. They are in an active/active pair. Here is the policy, can someone help me understand what it is and maybe why I cant create it on my other device?
policy-map type control-plane copp-system-policy-customized
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytesYes vPC pair. The issue is I enter the commands but they do not show in the running config on one of the two units...
N5K1
N5K2
show policy-map type control-plane
policy-map type control-plane copp-system-policy-customized
class copp-system-class-igmp
police cir 1024 kbps bc 65535 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-default
class copp-system-class-igmp
police cir 1024 kbps bc 65535 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-scaled-l2
class copp-system-class-igmp
police cir 4096 kbps bc 264000 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-scaled-l3
class copp-system-class-igmp
police cir 4096 kbps bc 264000 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 4000 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 4000 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 4000 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 512 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
NEXUS5K001# show policy-map interface control-plane
Control Plane
service-policy input: copp-system-policy-customized
class-map copp-system-class-igmp (match-any)
match protocol igmp
police cir 1024 kbps , bc 65535 bytes
conformed 834102 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-pim-hello (match-any)
match protocol pim
police cir 1024 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-bridging (match-any)
match protocol bridging
police cir 20000 kbps , bc 4800000 bytes
conformed 184965072 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-arp (match-any)
match protocol arp
match protocol nd
police cir 1024 kbps , bc 3600000 bytes
conformed 1711299342 bytes; action: transmit
violated 467458 bytes;
class-map copp-system-class-dhcp (match-any)
match protocol dhcp
police cir 1024 kbps , bc 4800000 bytes
conformed 96669859 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mgmt (match-any)
match protocol mgmt
police cir 12000 kbps , bc 4800000 bytes
conformed 3420991988 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-lacp (match-any)
match protocol lacp
police cir 1024 kbps , bc 4800000 bytes
conformed 5003732 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-lldp (match-any)
match protocol lldp_dcx
police cir 2048 kbps , bc 4800000 bytes
conformed 8283269 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-udld (match-any)
match protocol udld
police cir 2048 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-isis (match-any)
match protocol isis_dce
police cir 1024 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-msdp (match-any)
match protocol msdp
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-cdp (match-any)
match protocol cdp
police cir 1024 kbps , bc 4800000 bytes
conformed 5995146 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-fip (match-any)
match protocol fip
police cir 1024 kbps , bc 4800000 bytes
conformed 7396000 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-bgp (match-any)
match protocol bgp
police cir 9600 kbps , bc 4800000 bytes
conformed 52049287 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-eigrp (match-any)
match protocol eigrp
match protocol eigrp6
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-exception (match-any)
match protocol exception
police cir 64 kbps , bc 4800000 bytes
conformed 16415315 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-glean (match-any)
match protocol glean
police cir 1024 kbps , bc 4800000 bytes
conformed 94203992002 bytes; action: transmit
violated 5920334550 bytes;
class-map copp-system-class-hsrp-vrrp (match-any)
match protocol hsrp_vrrp
match protocol hsrp6
police cir 1024 kbps , bc 256000 bytes
conformed 54227844 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-icmp-echo (match-any)
match protocol icmp_echo
police cir 64 kbps , bc 3600000 bytes
conformed 184940591 bytes; action: transmit
violated 46970 bytes;
class-map copp-system-class-ospf (match-any)
match protocol ospf
match protocol ospf3
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-pim-register (match-any)
match protocol reg
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-rip (match-any)
match protocol rip
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-l3dest-miss (match-any)
match protocol unicast
police cir 64 kbps , bc 16000 bytes
conformed 4214 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mcast-miss (match-any)
match protocol multicast
police cir 256 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-ip-frag (match-any)
match protocol ip_frag
police cir 64 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-same-if (match-any)
match protocol same-if
police cir 64 kbps , bc 3200000 bytes
conformed 17075590565 bytes; action: transmit
violated 370668351863 bytes;
class-map copp-system-class-excp-ttl (match-any)
match protocol ttl
police cir 64 kbps , bc 3200000 bytes
conformed 1243144216 bytes; action: transmit
violated 1611787 bytes;
class-map copp-system-class-default (match-any)
match protocol default
police cir 512 kbps , bc 6400000 bytes
conformed 157079876 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-rpf-fail (match-any)
police cir 512 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mcast-last-hop (match-any)
police cir 512 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
NEXUS5K001# show running copp all
!Command: show running-config copp all
!Time: Wed Mar 31 13:35:40 2010
version 6.0(2)N1(2a)
control-plane
scale-factor 1.00 module 1
scale-factor 1.00 module 2
scale-factor 1.00 module 3
control-plane
service-policy input copp-system-policy-customized
NEXUS5K001#
Nexus 5000 Switch
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2013, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
NEXUS5K002# show policy-map type control-plane
policy-map type control-plane copp-system-policy-customized
class copp-system-class-igmp
police cir 1024 kbps bc 65535 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-default
class copp-system-class-igmp
police cir 1024 kbps bc 65535 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-scaled-l2
class copp-system-class-igmp
police cir 4096 kbps bc 264000 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 1024 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 64 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 256 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
policy-map type control-plane copp-system-policy-scaled-l3
class copp-system-class-igmp
police cir 4096 kbps bc 264000 bytes
class copp-system-class-pim-hello
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bridging
police cir 20000 kbps bc 4800000 bytes
class copp-system-class-arp
police cir 4000 kbps bc 3600000 bytes
class copp-system-class-dhcp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-mgmt
police cir 12000 kbps bc 4800000 bytes
class copp-system-class-lacp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-lldp
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-udld
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-isis
police cir 2048 kbps bc 4800000 bytes
class copp-system-class-msdp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-cdp
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-fip
police cir 1024 kbps bc 4800000 bytes
class copp-system-class-bgp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-eigrp
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-exception
police cir 64 kbps bc 4800000 bytes
class copp-system-class-glean
police cir 4000 kbps bc 4800000 bytes
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-icmp-echo
police cir 4000 kbps bc 3600000 bytes
class copp-system-class-ospf
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-pim-register
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-rip
police cir 9600 kbps bc 4800000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
class copp-system-class-mcast-miss
police cir 512 kbps bc 3200000 bytes
class copp-system-class-excp-ip-frag
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-same-if
police cir 64 kbps bc 3200000 bytes
class copp-system-class-excp-ttl
police cir 64 kbps bc 3200000 bytes
class copp-system-class-default
police cir 512 kbps bc 6400000 bytes
class copp-system-class-rpf-fail
police cir 512 kbps bc 3200000 bytes
class copp-system-class-mcast-last-hop
police cir 512 kbps bc 3200000 bytes
NEXUS5K002# show policy-map interface control-plane
Control Plane
service-policy input: copp-system-policy-customized
class-map copp-system-class-igmp (match-any)
match protocol igmp
police cir 1024 kbps , bc 65535 bytes
conformed 1099702577173 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-pim-hello (match-any)
match protocol pim
police cir 1024 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-bridging (match-any)
match protocol bridging
police cir 20000 kbps , bc 4800000 bytes
conformed 1117682720167 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-arp (match-any)
match protocol arp
match protocol nd
police cir 1024 kbps , bc 3600000 bytes
conformed 7392073468 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-dhcp (match-any)
match protocol dhcp
police cir 1024 kbps , bc 4800000 bytes
conformed 1554060880 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mgmt (match-any)
match protocol mgmt
police cir 12000 kbps , bc 4800000 bytes
conformed 3360293230 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-lacp (match-any)
match protocol lacp
police cir 1024 kbps , bc 4800000 bytes
conformed 1100653025235 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-lldp (match-any)
match protocol lldp_dcx
police cir 2048 kbps , bc 4800000 bytes
conformed 1101335075091 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-udld (match-any)
match protocol udld
police cir 2048 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-isis (match-any)
match protocol isis_dce
police cir 1024 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-msdp (match-any)
match protocol msdp
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-cdp (match-any)
match protocol cdp
police cir 1024 kbps , bc 4800000 bytes
conformed 1100822976136 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-fip (match-any)
match protocol fip
police cir 1024 kbps , bc 4800000 bytes
conformed 1334982352 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-bgp (match-any)
match protocol bgp
police cir 9600 kbps , bc 4800000 bytes
conformed 55322608 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-eigrp (match-any)
match protocol eigrp
match protocol eigrp6
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-exception (match-any)
match protocol exception
police cir 64 kbps , bc 4800000 bytes
conformed 7678996 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-glean (match-any)
match protocol glean
police cir 1024 kbps , bc 4800000 bytes
conformed 22710843199 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-hsrp-vrrp (match-any)
match protocol hsrp_vrrp
match protocol hsrp6
police cir 1024 kbps , bc 256000 bytes
conformed 12316200612 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-icmp-echo (match-any)
match protocol icmp_echo
police cir 64 kbps , bc 3600000 bytes
conformed 50470007 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-ospf (match-any)
match protocol ospf
match protocol ospf3
police cir 9600 kbps , bc 4800000 bytes
conformed 3366 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-pim-register (match-any)
match protocol reg
police cir 9600 kbps , bc 4800000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-rip (match-any)
match protocol rip
police cir 9600 kbps , bc 4800000 bytes
conformed 12510 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-l3dest-miss (match-any)
match protocol unicast
police cir 64 kbps , bc 16000 bytes
conformed 15136 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mcast-miss (match-any)
match protocol multicast
police cir 256 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-ip-frag (match-any)
match protocol ip_frag
police cir 64 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-same-if (match-any)
match protocol same-if
police cir 64 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-excp-ttl (match-any)
match protocol ttl
police cir 64 kbps , bc 3200000 bytes
conformed 8531281 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-default (match-any)
match protocol default
police cir 512 kbps , bc 6400000 bytes
conformed 33212075608 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-rpf-fail (match-any)
police cir 512 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
class-map copp-system-class-mcast-last-hop (match-any)
police cir 512 kbps , bc 3200000 bytes
conformed 0 bytes; action: transmit
violated 0 bytes;
NEXUS5K002# show running copp all
!Command: show running-config copp all
!Time: Wed Mar 31 13:38:37 2010
version 6.0(2)N1(2a)
control-plane
scale-factor 1.00 module 1
scale-factor 1.00 module 2
scale-factor 1.00 module 3
policy-map type control-plane copp-system-policy-customized
class copp-system-class-hsrp-vrrp
police cir 1024 kbps bc 256000 bytes
class copp-system-class-l3dest-miss
police cir 64 kbps bc 16000 bytes
control-plane
service-policy input copp-system-policy-customized
NEXUS5K002# -
Tracback and reload after "sh policy-map type inspect zone-pair"
Hi all
hitting the issue that the device reloads after issueing "sh policy-map type inspect zone-pair"
Patrick
For image:
Cisco IOS Software, ISR4400 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 26-Mar-14 21:38 by mcpre
Uptime = 00:09:36
Happens in isr4400-universalk9.03.12.00.S.154-2.S-std.SPA.bin and isr4400-universalk9.03.11.01.S.154-1.S1-std.SPA.bin.
CMD: 'h policy-map type inspect zone-pair'' 15:25:08 CET Fri May 23 2014
Exception to IOS Thread:
Frame pointer 0x7FE738ADCE70, PC = 0x2824D9F
UNIX-EXT-SIGNAL: Segmentation fault(11), Process = SSH Process
-Traceback= 1#0f900c654b45d2459c0c267ce51d6164 :400000+2424D9F :400000+974FE12 :400000+974FAB8 :400000+974F5E2 :400000+27A9BB0 :400000+28297C6 :400000+281182C :400000+2810189 :400000+975962A :400000+9759522 :400000+98645DA :400000+975991D :400000+AC061C :400000+ABF735 :400000+ABDAAD :400000+3FCC510
Fastpath Thread backtrace:
-Traceback= 1#0f900c654b45d2459c0c267ce51d6164 c:7FE7877A2000+BE012
Auxiliary Thread backtrace:
-Traceback= 1#0f900c654b45d2459c0c267ce51d6164 pthread:7FE782EFD000+A7C9
RAX = 00007FE738ADCEC4 RBX = 00007FE735F40608
RCX = 0000000000000001 RDX = 000000000000001F
RSP = 00007FE738ADCE70 RBP = 00007FE738ADCE70
RSI = 0000000000000000 RDI = 00007FE738ADCEC4
R8 = 0000000000000001 R9 = 0000000000000000
R10 = 0000000000000002 R11 = 0000000000000002
R12 = 000000000000001D R13 = C88E990B00000000
R14 = C4CEAD38E77F0000 R15 = A0ED3436E77F0001
RFL = 0000000000010202 RIP = 0000000002824D9F
CS = 0033 FS = 0000 GS = 0000
ST0 = 0000 0000000000000000 ST1 = 0000 0000000000000000
ST2 = 0000 0000000000000000 ST3 = 0000 0000000000000000
ST4 = 0000 0000000000000000 ST5 = 0000 0000000000000000
ST6 = 0000 0000000000000000 ST7 = 0000 0000000000000000
X87CW = 037F X87SW = 0000 X87TG = 0000 X87OP = 0000
X87IP = 0000000000000000 X87DP = 0000000000000000
XMM0 = 00000000000000000000000000000000
XMM1 = 00000000000000000000000000000000
XMM2 = 00000000000000000000000000000000
XMM3 = 00000000000000000000000000000000
XMM4 = 00000000000000000000000000000000
XMM5 = 00000000000000000000000000000000
XMM6 = 00000000000000000000000000000000
XMM7 = 5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C
XMM8 = 36363636363636363636363636363636
XMM9 = 36363636363636363636363636363636
XMM10 = 5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C
XMM11 = 5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C
XMM12 = 00000000000000000000000000000000
XMM13 = 00000000000000000000000000000000
XMM14 = 00000000000000006F6F6B6B67676767
XMM15 = 00000000000000000000000020202020
MXCSR = 00001F80Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I believe tracebacks are normally indicative of a bug. This might be something more suitable to raise with TAC. -
DMVPN per tunnel QOS. show policy-map multipoint not working
Hi All,
I have a DMVPN hub which is a 1841 with image c1841-advsecurityk9-mz.151-4.M1.bin .
I have been using DMVPN and its awesome but now trying to get the QOS sorted out and having issues.
I have configured the interface like so.
interface Tunnel1
ip address 10.255.255.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxx
ip nhrp map multicast dynamic
ip nhrp map group ADSL1 service-policy output ADSL1
ip nhrp network-id 1
ip nhrp redirect
ip tcp adjust-mss 1360
no ip split-horizon
ip ospf 1 area 0
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 1
tunnel path-mtu-discovery
tunnel protection ipsec profile VPN
end
policy-map ADSL1
class class-default
shape average 1000000
service-policy Classes
policy-map Classes
class Silver
bandwidth percent 25
fair-queue
class Gold
bandwidth percent 50
fair-queue
class Scavanger
bandwidth percent 5
class class-default
fair-queue
The output of show dmvpn detail shows it has applied the QOS rule.
NG-SR-WE-RT-2#show dmvpn detail
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface Tunnel1 is up/up, Addr. is 10.255.255.1, VRF ""
Tunnel Src./Dest. addr: 10.32.0.100/MGRE, Tunnel VRF ""
Protocol/Transport: "multi-GRE/IP", Protect "VPN"
Interface State Control: Disabled
Type:Hub, Total NBMA Peers (v4/v6): 1
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb Target Network
1 x.x.x.x 10.255.255.2 UP 1d18h D 10.255.255.2/32
NHRP group: ADSL1
Output QoS service-policy applied: ADSL1
but my router cannot run show policy-map multipoint... it doesnt come up with a tab but i can write it in by hand. Even when i write it in by hand it outputs blank.
I cut the ADSL1 shape down to 512k and it didnt take affect so i dont think the qos is working at all.
Is my feature set too low?
Cheers,
SimonRay,
There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
Also coexistance of other service-policy etc etc.
The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
M. -
Have similar issues with 12.2(50)SE4....
Service-policy command has taken but cann't see in running config. Eventually no output "show policy-map interface fa0/x".Try this config:
policy-map QOS-SOFTPHONE-POLICY
class QOS_VOICE_CLASS
set dscp cs3
class QOS_SIGNALING_CLASS
set dscp cs2
class QOS_DATA_CLASS
set dscp cs1
class class-default
set dscp default
BR -
Show policy-map interface | Question about QOS show command output
I hope this is the correct place for this question. If not, please let me know.
When I issue the show policy-map interface command (in this case on a 3845) there is some output I don't understand. I have included some output below and formatted the lines I am confused about as "computer code" which show up as red on my screen. A list of the individual lines i'm confused about is below, followed by those liens in the context of the show policy-map command's output.
Any help with this will be greatly appreciated. Thanks in advance.
5 minute offered rate 46000 bps, drop rate 0 bps
5 minute rate 10000 bps
bandwidth remaining 50% (768 kbps)
show policy-map interface
--- previous output omitted ---
GigabitEthernet0/0
Service-policy input: QoS_IN
class-map: Silver (match-any)
164691299 packets, 23570752398 bytes
5 minute offered rate 46000 bps, drop rate 0 bps
Match: access-group name MAINFRAME
4371992 packets, 2311242335 bytes
5 minute rate 0 bps
Match: access-group name KRONOS
13334297 packets, 3051409140 bytes
5 minute rate 5000 bps
Match: access-group name EMAIL
97652823 packets, 10323856470 bytes
5 minute rate 10000 bps
Match: access-group name VOIP-CONTROL
20782858 packets, 1481676784 bytes
5 minute rate 0 bps
Match: access-group name LOGIXWEB
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name GRINDLOG
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name CITRIX
46895 packets, 14669179 bytes
5 minute rate 0 bps
Match: access-group name CORP_WEB
28502414 packets, 6387897396 bytes
5 minute rate 4000 bps
QoS Set
dscp af31
Packets marked 164691269
show policy-map interface s0/0/0:0
Serial0/0/0:0
Service-policy output: QoS_OUT
--- previous output omitted ---
Class-map: Silver (match-any)
86590227 packets, 12051546524 bytes
5 minute offered rate 3000 bps, drop rate 0 bps
Match: access-group name MAINFRAME
7641084 packets, 2701232492 bytes
5 minute rate 0 bps
Match: access-group name KRONOS
6975052 packets, 1555404656 bytes
5 minute rate 0 bps
Match: access-group name EMAIL
58438150 packets, 5433636586 bytes
5 minute rate 3000 bps
Match: access-group name VOIP-CONTROL
355083 packets, 41252455 bytes
5 minute rate 0 bps
Match: access-group name LOGIXWEB
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name GRINDLOG
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name CITRIX
19 packets, 4967 bytes
5 minute rate 0 bps
Match: access-group name CORP_WEB
13180836 packets, 2320015236 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/18156/0
(pkts output/bytes output) 86421413/12004278837
bandwidth remaining 50% (768 kbps)this is my configuration
DGMGRL> show configuration
Configuration
Name: matrix
Enabled: YES
Protection Mode: MaxPerformance
Databases:
stdby1 - Primary database
stdby2 - Physical standby database
stdby3 - Physical standby database
Fast-Start Failover: DISABLED
Current status for "matrix":
SUCCESS
--- this is my first successful switchover -----
DGMGRL> switchover to stdby2
Performing switchover NOW, please wait...
New primary database "stdby2" is opening...
Operation requires shutdown of instance "stdby1" on database "stdby1"
Shutting down instance "stdby1"...
ORA-01109: database not open
Database dismounted.
ORACLE instance shut down.
Operation requires startup of instance "stdby1" on database "stdby1"
Starting instance "stdby1"...
ORACLE instance started.
Database mounted.
Switchover succeeded, new primary is "stdby2"
-------------------this is my second switchover -------------
DGMGRL> switchover to stdby1
Performing switchover NOW, please wait...
New primary database "stdby1" is opening...
Operation requires shutdown of instance "stdby2" on database "stdby2"
Shutting down instance "stdby2"...
ORA-01109: database not open
Database dismounted.
ORACLE instance shut down.
Operation requires startup of instance "stdby2" on database "stdby2"
Starting instance "stdby2"...
Unable to connect to database
ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
Failed.
You are no longer connected to ORACLE
Please connect again.
Unable to start instance "stdby2"
You must start instance "stdby2" manually
Switchover succeeded, new primary is "stdby1"
DGMGRL>
Edited by: user6981287 on Jan 7, 2010 12:57 AM
Edited by: user6981287 on Jan 7, 2010 1:00 AM -
Is there a policy map difference from 8.0 to 9.0?
We have been testing blocking a few select websites (no web filtering yet) with some of our smaller location ASA's. Following the document at:
https://supportforums.cisco.com/docs/DOC-1268
I have been successful at sites which run ASA's with version 8.0 of the IOS on them, but not with 9.0. With 9.0 (2) it appears that when you institute the policy map to make it take effect, it blocks all web traffic, not just the ones specified.
So, I guess I'm asking, is there that large of a difference between 8.0 and 9.0 that would cause this to no longer work properly?You went to the same page I did 7 hours ago. Use the "FILES TYPE EDIT" solution and follow almost all of the instructions...Edit FIREFOX URL, HYPERTEXT TRANSFER PROTOCOL and HYPERTEXT TRANSFER PROTOCOL WITH PRIVACY....It isn't necessary to take the step of "unchecking the "DDE BOX", just follow the instructions to delete the characters in the "DDE Message Box" and the problem is fixed. If you uncheck the "DDE BOX", as instructed, it may come back to bite you.
Thank you for helping,
Sel Warren -
Policy map/ class map/ service policy for IOS xr
Hi,
I need to create a policy map and class map/service policy to limit the amount of bandwidth that can be used on one interface both in and out.
I need the cap for the bandwidth to traverse this circuit to ne 10 Meg.
the IOS xr version we are using is 4.3.4
I was hoping someone could help me out by giving me a configuration example I could follow.
Thank you.for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander -
Class-Map and Policy-Map Configuration in CM Confusion
Hi,
I'm implementing a green field WAAS deployment for a customer. We currently have a Proof-of-Concept up and running.
I've got some questions regarding custom class-map and policy-map configuration in the CM. I'd like to nail-down the custom class-map and policy-map configuration (and understanding) in the PoC before cutting over the PoC branches to the production WAAS environment.
Assuming a typical WAAS Deployment using WCCP for off-path interception, branch to DC.
==> 61 in LAN (BRANCH ROUTER) <== 62 in WAN (WAN CLOUD) ==> 61 in WAN (DC ROUTER) <== 62 in LAN
We are using two distinct device groups, BRANCH and DATA CENTER.
If the customer has traffic that we need to classify in order to provide TFO only optimisation, should the single class-map include the traffic in both directions? Ie., (assume the SERVER is 10.1.1.1 TCP Port 443). Should the class-map be configured as:
Class-Map
Line 1: DST IP 10.1.1.1 DST Port 443
Line 2: SRC IP 10.1.1.1 SRC Port 443
Or in this case is only the DST line required? And in which Device Group should the custom policy be applied? Or should it be applied to both Device Groups? If it should be applied to both Device Groups, then would it make more sense to have the policy-map in the Branch DG configured to match the DST traffic, and on the Data Center DG have a different class-map match the SRC traffic?
My confusion is how to classify the traffic (SRC or DST or Both - Separate classes for each or different lines within the same class-map), and where to apply the appropriate policy (both Device Groups, just Branch, just DC) and why...
I tried to apply a custom policy and the impact in the PoC was that the TCP Summary report stopped reporting the individual traffic classes showed 'other traffic' only. Can anyone explain why this may have occurred?
I hope this makes sense.for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander -
1 policy-map for more than 1 physical interface
Hi,
the situation I want to achieve is, that 2 physical interfaces (here 2 TP GigbitEthernet Ports of a 3750) are limited together from one 'service-policy'/'policy-map'.
In the example below I have 2 Ports on one switch and the traffic coming in on both ports in total (traffic port #1 + traffic port #2) should be limited to the 'policy-map 5MBits'.
Right now I have configured a 3750 with:
class-map match-all EveryMAC
match access-group name everythingL2
policy-map 5MBits
class EveryMAC
police 5000000 32768 exceed-action drop
policy-map TEST
class EveryMAC
set dscp default
mac access-list extended everythingL2
permit any any
interface GigabitEthernet1/0/1
description port #1
switchport access vlan 123
switchport mode access
speed 10
duplex auto
interface GigabitEthernet1/0/2
description port #2
switchport access vlan 123
switchport mode access
speed 10
duplex auto
interface Vlan123
service-policy input TEST
And at the 'other side' a 2950 works with the following config:
class-map match-all EveryMAC
match access-group name everythingL2
policy-map 5MBits
class EveryMAC
police 5000000 32768 exceed-action drop
mac access-list extended everythingL2
permit any any
interface FastEthernet0/1
description port #A
switchport access vlan 123
switchport mode access
speed 10
duplex auto
As far as I can see this seems to work. But it would be nice if someone can confirm this or provide an other suggestion.
thanks in advance
MarkOnly thing i can think of is instead of using a MAC ACL , u cud jus use the default class
Policy Map Test
class class-default
police 56000 8000 exceed-action drop
Class Map match-any class-default (id 0)
Match any
You would be saving a MAC-ACL ;-).
Maybe you are looking for
-
Vendor wise Rejected Purchase Material List
Dear Sir, Kindly guide us , as which Tcode or Report is available to see the Vendor wise Rejected Material deatils for the Purchases . Full marks are assured for the suggested solution Regards B Mittal
-
How can I get a PDF file?
I tried to SAVE a PDF file on my local. But that PDF file is broken. Even I cannot read it on Oracle web site. Please fix and provide it. I really would like to read it. http://otn.oracle.com/deploy/availability/pdf/Oracle8i_Parallel_Server_Whitepape
-
Difference between Print Immediately and Send to Spool for later print
I'm having an issue in my R3 4.7 with printing. I have recently migrated to unicode, but I decided not to stick this into the Unicode section for now. The value of parameter rspo/host_spool/print is: /usr/local/bin/multiprint &P &F &C "&R" "&T" &c "&
-
Everything has disappeared in my iPhoto 4 I have a good backup which tells me that iPhoto was "modified" a few days ago. before I realised this I asked it to export my photos to iPhoto, which it has been trying to do ever since to no avail, Dor days
-
How do i update firefox on my '03 apple powerbook g4?
i want to update, but this computer cant support the new version of firefox. what can i do?