QOS-ios 12.2
6509(12.2(17d)SXB10)-->4500(12.2.25SG)
I am planning to use vlan-based-qos.
-Several VLANs are defined at 6509 and trunked to 4500. To use, vlan-based-qos, is it enough to define qos-vlan at vlan interfaces at 6509 only.
Do i have to define one interface for each vlan at 4500 ? At present only one interface (VLAN1) with IP address is configured on 4500 though ports belong to different Vlans.
Hi,
generally QoS has to be applied where there can be a lack of resources. In your case this can be f.e. trunk and access ports. The question is what you want to achieve where. In case you want a VLAN based policer you need a vlan interface to apply the policy to. For queueing you can apply per port or per switch settings, so no VLAN interfaces nessessary.
Hope this helps
Martin
Similar Messages
-
Convert Qos commands from CATOS to IOS
Hello,
i've some problems converting some Qos commands from CATos to IOS can anybody help me?
set qos drop-threshold 1q4t rx queue 1 50 60 80 100
set qos map 2q2t tx 1 1 cos 0
set qos map 1p1q4t rx 1 3 cos 4
set qos wrr 1p2q2t 50 255
set qos txq-ratio 1p2q2t 70 15 15
set qos wred 1p2q2t tx queue 1 70:100 70:100
set qos bridged-microflow-policing disable 1,50-54,100-121,500,700-702,1006-1011,1016
set qos policed-dscp-map 1:1
set qos policed-dscp-map excess-rate 0:0
set qos acl default-action ip dscp 0
set qos acl default-action ipx
set qos acl default-action mac
set qos policy-source local
set qos rsvp disable
set qos rsvp policy-timeout 30
set qos rsvp local-policy forward
!Module with GE interfaces
set port qos 3/1-16 cos 0
set port qos 3/1-16 trust trust-cos
set port qos 3/1-16 port-based
set port qos 3/1-16 policy-source local
set qos statistics export port 3/1 disable
set qos statistics export port 3/2 disable
set qos statistics export port 3/3 disable
set qos statistics export port 3/4 disable
set qos statistics export port 3/5 disable
set qos statistics export port 3/6 disable
set qos statistics export port 3/7 disable
set qos statistics export port 3/8 disable
set qos statistics export port 3/9 disable
set qos statistics export port 3/10 disable
set qos statistics export port 3/11 disable
set qos statistics export port 3/12 disable
set qos statistics export port 3/13 disable
set qos statistics export port 3/14 disable
set qos statistics export port 3/15 disable
set qos statistics export port 3/16 disableThis URL should help you:
http://www.cisco.com/warp/public/473/73.html -
E4200 V1, issue with iPad and iPhone (iOS 8.1); can't connect with QOS WMM disabled. 2014
Just starting using (again) the E4200, V1, updated to the latest 1.0.06 (May 2014).
I built defined both the 5 GHz (n only) and 2.4 GHz (b/g only) networks.
My laptop, iphone and iPad (both iOS 8.1) could successfully connect to both networks - af first.
Because I have always disabled QOS, I went to "Application and Gaming" /// QOS /// and disabled "WMM Support."
At that point, neither the iPad or iPhone could connect to the 5 GHz network (immediate failure); the 2.4 GHz network was ok.
It took a moment to figure out what I had done. I went back and "Enabled" " WMM Support" and all was OK.
I offer this input in case anyone else things about disableing QOS. I understand the purpose, but looks like in this case I cannot disable QUOS2.4Ghz and 5Ghz routers: Try Auto mode 2.4Ghz?
Channel Width set for Auto 20/40Mhz.
Try setting a manual Channel to a open or unused channel. 1, 6 or 11. 11 for single mode N if the channel is clear. 13 for EU regions. Try channel 48 or 149 on 5Ghz. http://en.wikipedia.org/wiki/List_of_WLAN_channels
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=f2625b15a5d7454b8e7fafbe65d5aa63_4009.xml&pid=80&r...
What security mode are you using? Preferred security is WPA-Personal. WPA2 Only. http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=8ce9e83bd3784001aee72da7f1ef48e8_Changing_the_basi...
http://kb.linksys.com/Linksys/ukp.aspx?pid=80&vw=1&articleid=19073
if you temporarily disable security on the WiFi, do the devices connect correctly? Re-enable after testing
Is the iPhone a 5Ghz supporting phone?
Any 2.4Ghz or 5Ghz cordless house phones or WiFi APs near by?
Any other WiFi routers in the area? Link> Use http://www.techspot.com/downloads/5936-inssider.html to find out. Use v3. How many?
WMM Support must be enabled for single wireless N mode to function.
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&articleid=5471
Router Placement
Forum User - "Well I feel really dumb. After moving the router away from other electronic devices my speeds are back to normal. Just a heads up for anyone experiencing slow speeds, you might want to move it away from other electronics and see if that helps."
3-6' feet minimum safe distance between devices.
Placement on main level floor and central in the building and WELL ventilated is preferred. Not in basements or closets as building materials, or near by electronics devices could interfere or hinder good signal propagation.
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=d9a3b1b2039741948a2365b053a93ea8_3759.xml&pid=80&r...
http://www.smallnetbuilder.com/wireless/wireless-basics/31083-smallnetbuilders-wireless-faq-the-esse... -
Unable to issue auto qos voip on CAT2950SX-24 using IOS c2950-i6q4l2-mz.121
Hi,
I am unable to issue the command auto qos voip on the interface fa0/1. I am also not able to see the command using the "?". But based on the Cisco documentation, the IOS is able to support that command. Any can help or have any ideas? Here is the documentation link
http://www.cisco.com/en/US/products/hw/switches/ps628/products_command_reference_chapter09186a00804761fd.html#wp4214415
ThanksHi
you can use the below link to find out whether the image installed in your comes with the support for auto qos or not.
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
regds -
NBAR, Netflow, QoS Policing, 6500s, IOS 12.1(26)E7, and MARS
Hello. I'm having trouble seeing the forest OR the trees, and I'd appreciate some help from someone who has a better field view than myself. We're upgrading our internet connection to 200MB and management is wanting to upgrade our Packet Shaper to meet the new bandwidth. (The Packet Shaper shows top talkers, top protocols, and rate limits protocols or users.) I'm trying to make the argument that we can do this w/ existing tools (nbar, netflow, QoS policing, and MARS), at the same time I'm trying to make the argument that we need to have our supervisors (currently SUP2 MSFC2) on a 3-4 year upgrade cycle.
To get to the 12.2 IOS, I'd require a memory or sup upgrade. What I am hoping for is someone who has gone down this road who knows what I'm lacking in 12.1 code, or if in fact I can do it all here.
While it is self-evident to most in IT why we need to regularly upgrade equipment, I'm having difficulty making this argument to management with hard facts. I'm guessing they'd still be running Windows for Workgroups to save money...but that's another story.
My plan is to use Netflow and MARS to track top users and top protocols. It appears that I lose some mgt functionality w/ MARS in conjunction w/ IOS 12.1, but I am currently unclear if I lose any tracking capability. (MARS is new to us and awaiting install.)
Then, I hope to use NBAR to identify all the latest P2P traffic and police it appropriately w/ QoS tools.
Does my thinking sound solid? Will I be able to pull this off w/ 12.1? If not, what do I need that I lack in 12.1?
Thank you for your time,
JoshuaHi,
First of all - you need to be clear that although MARS uses netflow data, it uses it for the purpose of identifying security issues. If you want to use netflow for reporting and/or accounting purposes MARS isn't the tool you need, try one of the following freeware netflow tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
or one of the following commercial tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/index.shtml
The freeware ones are generally more difficult to set up but once running are just as good as the commercial ones.
However, this means you need two netflow destinations - one for MARS and one for your netflow tool, and this feature is called "Netflow Multiple Export Destinations" and initially appeared at 12.1(3)T, but it seems to be VERY platform specific - for example, because we only run GD software on our 3660's we had to upgrade to 12.3(20) to get it.
Looking at the Feature Navigator for SUP2/MSFC2 it appears that you need at least 12.2(18)SXF6 to get this feature so that might help your case.
I'd personally keep the PacketShaper for it's reporting capability if nothing else (IOS can do the job, but not as elegantly as the PacketShaper).
HTH - plz rate if useful.
Andrew. -
CATOS QOS commands - what are they in IOS?
I have the following commands in CATOS on a 6500 but I need to know what they should be in IOS 12.2(17d)SXB10?
set qos enable
set qos cos-dscp-map 0 8 16 24 32 46 50 56
set qos map 2q2t tx 2 2 cos 5
set qos acl ip TRUST-DSCP trust-dscp any
commit qos acl TRUST-DSCP
set qos acl map TRUST-DSCP 8/1-48
Please can someone help???!!set qos enable
Router(config)# mls qos
!!set qos cos-dscp-map 0 8 16 24 32 46 50 56
Router(config)# mls qos map cos-dscp
!!set qos map 2q2t tx 2 2 cos 5
Router(config)# interface gigabitethernet 1/1
Router(config-if)# rcv-queue cos-map queue_# threshold_# cos1 [cos2 [cos3 [cos4 [cos5 [cos6 [cos7 [cos8]]]]]]]
Router(config)# interface gigabitethernet 1/1
Router(config-if)# wrr-queue cos-map 1 1 0 1
!!set qos acl ip TRUST-DSCP trust-dscp any
!!commit qos acl TRUST-DSCP
!!set qos acl map TRUST-DSCP 8/1-48
Router(config)# class-map class_name
Router(config-cmap)# match access-group name acl_index_or_name
Router(config)# policy-map policy_name
Router(config-pmap)# class class_name
Router(config-pmap-c)# trust dscp
Router(config)# interface fastethernet 1/1
Router(config-if)# service-policy [input | output] policy_map_name
I believe this is right. If you need further clarification please ask or refer to
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00801679f8.html -
I'm configuring QoS on a 3850 and came across the "queue-buffers ratio" command. Does anyone know what the ratio is? I am also assuming that this is software buffers that I'm configuring. Also, what does the command affect in the IOS? If anyone can find a source for it to, that would be awesome. I couldn't find anything online. Here is the documentation on the command I'm referring to. Thank you!
http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/qos/command_reference/b_mqc_qt_32se_3850_cr_chapter_010.html#wp3514062886Hi John,
Here is my source of reference for this response
End to End QoS Design- Quality of Service for Rich-Media & Cloud Networks
Here is the extract from above reference, which I hope useful to you.
- Hardware allocation of buffers is provided only to the priority queues on both wired & wireless queues of this platform.
- The other queues are allocated bufferes on as-needed basis, making it more flexible within the system to support several queues at once.
- Each queue (class) can leverage additional buffering capacity from the shared buffer pool based on a "queue-buffer ratio x" command.
- This command sets the ratio of buffers received by the class and these are allocated on an as-needed basis
- In general the max rate for the class is upto four times the configured value, the queue-buffer ratio command skew this value based on the overall ratio provided to the queue.
- By default these use 1:1:1... for a wired port & 10:20:50:20 for a wireless port on this platform.
- The recommended buffer allocation for wired interface queue 7 to 1 are 10:10:10:10:10:10:25 in percentage (%). Wireless port should use the default values.
- 3850 does not provide reserve thresholds and maximum(overload) thresholds are based on the queue buffer's ratio for non priority queues.
This post may also help you on this
http://mrncciew.com/2013/12/23/3850-qos-part-2-queuing-models/
HTH
Rasika
**** Pls rate all useful responses **** -
Hello Masters ,
While trying to configure QOS in ASR 9001 , I am getting the below error . Kindly help me to find a solution for it.
interface GigabitEthernet0/0/1/3.824897
service-policy output ######PARENT-256K
!!% 'qos-ea' detected the 'warning' condition 'Minimum value for bandwidth configuration is 64 kbps'
Thanking You,
Ram.Hello Xander ,
I have pasted the template config QOS , which i have tried to config on ASR 9K.Is there any other ways to implement the same ?. Thanks in advance.
class-map match-all XYZ-GOLD
match dscp af41
class-map match-all XYZ-SILVER
match dscp af31
class-map match-all XYZ-BRONZE
match precedence 0
policy-map XYZ-CHILD
class XYZ-GOLD
bandwidth percent 20
class XYZ-SILVER
bandwidth percent 60
class XYZ-BRONZE
bandwidth percent 20
policy-map XYZ-PARENT-128K
class class-default
shape average 128000
service-policy XYZ-CHILD
Regards,
Ram -
Looking for config example for qos marking on IOS edge router for UCCE
I was going through the UCCE SRND for QOS config, and found the following sample, wondering if someone can provide a tested config example to configur the QOS on edge router for UCCE.
access-list 100 permit tcp host Public_High_IP any
access-list 100 permit tcp any host Public_High_IP
access-list 101 permit tcp host Public_NonHigh_IP any
access-list 101 permit tcp any host Public_NonHigh_IPSecond, classify the traffic using a class map:class-map match-all ICM_Public_High
match access-group 100
class-map match-all ICM_Public_Low
match access-group 101
policy-map ICM_Public_Marking
class ICM_Public_High
set ip dscp af31
class ICM_Public_Low
set ip dscp af11Finally, apply the marking policy to the incoming interface:interface mod/port
service-policy input ICM_Public_MarkingDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If you're going to use only two queues, and if you want to guarantee the one queue 35% of your egress bandwidth, you need to assign your two queues the ratio of 65:35; you'll need to adjust the four queue percentages to provide those two queues the same ratio. Ideally you'll want something like share 0 65 35 0, but if you cannot assign zero, something like 40 13 7 40, 20 39 21 20, 10 52 28 10 should do. -
Question Summary:
How do I set the p-bit (COS value) for multicast traffic ingressing on an interface?
Additional details:
Although I have had success matching all IP traffic ingressing from the encoder/streamer (multicast source) I want to match only multicast traffic.
I see no obvious reason why my attempts with ACL's for multicast are failing to match. Help!
I verified failing or work by output of policy-map information, wireshark from port mirror, and remote client receiving the multicast.
Traffic Type (Multicast):
Source IP: 10.0.0.1
Source Port: 1025
Destination IP: 239.100.0.5
Destination Port: 8208
Destination MAC: 01:00:5e:64:00:05
Here is my configuration:
class-map IPTV
match access-group <ATTEMPT X>
policy-map MARK_INBOUND_IPTV
class IPTV
set dscp cs4
interface GigabitEthernet3/9
service-policy input MARK_INBOUND_IPTV
Individually attempted the following ACL's for the match statement<ATTEMPT X>:
FAIL:
access-list 81 permit 224.0.0.0 15.255.255.255
access-list 4 permit 239.100.0.5
access-list 700 permit 0100.5e13.05b8 0000.00ff.ffff
access-list 700 permit 0100.5e00.0000 0000.00ff.ffff
SUCCESS: (inadequate because it is all IP traffic not just multicast)
access-list 7 permit any
Command output from Fails:
sho policy-map int g3/9 detailed
GigabitEthernet3/9
Service-policy input: MARK_INBOUND_IPTV
class-map: IPTV (match-all)
Match: access-group 4
set dscp 32:
Earl in slot 5 :
Traffic: Total bytes 30-s bytes peak bytes 5-min avg bps peak bps
Offered 0 0 0 0 0
Agg-fwd 0 0 0 0 0
Exceed 0 0 0 0 0
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bps
sho policy-map int g3/9 input
GigabitEthernet3/9
Service-policy input: MARK_INBOUND_IPTV
class-map: IPTV (match-all)
Match: access-group 4
set dscp 32:
Earl in slot 5 :
0 bytes
30 second offered rate 0 bps
aggregate-forwarded 0 bytes
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bpsI found that matching on the destination port number works as well:
access-list 104 permit udp any any eq 8208
sho policy-map int g3/9 input
GigabitEthernet3/9
Service-policy input: MARK_INBOUND_IPTV
class-map: IPTV (match-all)
Match: access-group 104
set dscp 32:
Earl in slot 5 :
64144752 bytes
30 second offered rate 3980472 bps
aggregate-forwarded 64144752 bytes
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bps
I'd really like to match on all multicast though. The destination IP or MAC makes the most sense but they fail. -
IOS support for MPLS QoS as stated in RFC 3270 L-LSP
Hi,
does anybody know something about the degree of implementation of RFC 3270 (Multi-Protocol Label Switching (MPLS) Support of Differentiated Services), particularly on the classification based on Labels (L-LSP)?
From what is detailed on the CCO it seems that only Exp-bits based LSP are supported (configuring all links along the path for the proper data plane behaviour based on the Exp-bits values): E-LSP
Thanx in advance
FrancescoI guess, in PPP and LAN environments, E-LSP is the preferred method and in the ATM only L-LSP is possible. Maybe cisco chose to implement only the E-LSP for the LAN and PPP environments, i am not sure though.
Anyone knows this for sure?
Check out http://www.cisco.com/warp/public/732/Tech/mpls/docs/mpls_qos_jayk.ppt for more details on MPLS-QoS -
Cisco 7206 has with LLQ QOS and cpu 85 %
hi all ,
i want to mention issue about cisco router 7206 npeg2 :
can this router handle traffic 780 Mbps as download and 75 MBps as upload ?? with cpu 85 % and with LLQ qos ??
im asking this question because my QOS althoug it matched alot of traffic , it some time get slow and seems that QOS not working fine , im sure that my work is fine, because it was fine , but recent days i added more bw ???!!!!!
dont know if need more memory for router for QOS :
===============================================================
7200Gateway#sh memory
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 6B97A80 1883669308 114125456 1769543852 1768174580 1760364316
I/O 78000000 67108864 4482572 62626292 62598896 62617884
Transient 77000000 16777216 22196 16755020 16222412 16728368
Processor memory
Address Bytes Prev Next Ref PrevF NextF Alloc PC what
06B97A80 0000010004 00000000 06B9A1C4 001 -------- -------- 01A493D8 CEF: fib
06B9A1C4 0000000028 06B97A80 06B9A210 000 87F3D04 87FD620 015FC24C AAA Attr Binary/String
06B9A210 0000004700 06B9A1C4 06B9B49C 001 -------- -------- 01AC85B4 ADJ: adjacency
06B9B49C 0000004100 06B9A210 06B9C4D0 001 -------- -------- 0011245C HTTP CORE
06B9C4D0 0000004100 06B9B49C 06B9D504 001 -------- -------- 00112548 HTTP CORE
06B9D504 0000004100 06B9C4D0 06B9E538 001 -------- -------- 00112548 HTTP CORE
06B9E538 0000004100 06B9D504 06B9F56C 001 -------- -------- 00112548 HTTP CORE
06B9F56C 0000004100 06B9E538 06BA05A0 001 -------- -------- 00112548 HTTP CORE
06BA05A0 0000000756 06B9F56C 06BA08C4 001 -------- -------- 0343C38C Process
06BA08C4 0000000204 06BA05A0 06BA09C0 001 -------- -------- 0343FAB4 Process Events
06BA09C0 0000022764 06BA08C4 06BA62DC 001 -------- -------- 04055CB4 IPSM Octet Str
06BA62DC 0000014488 06BA09C0 06BA9BA4 001 -------- -------- 0405C0C4 ipsm IPSEC Fai
06BA9BA4 0000004100 06BA62DC 06BAABD8 001 -------- -------- 00112548 H
===========================================================================
==========================================
7200Gateway#sh version
Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.4(24)T7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 28-Feb-12 12:53 by prod_rel_team
ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
7200Gateway uptime is 2 weeks, 5 days, 19 hours, 43 minutes
System returned to ROM by power-on
System image file is "disk2:/c7200p-adventerprisek9-mz.124-24.T7.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 7206VXR (NPE-G2) processor (revision A) with 1966080K/65536K bytes of memory.
Processor board ID 13252317
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.0
Last reset from power-on
PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb1 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
1 FastEthernet interface
3 Gigabit Ethernet interfaces
2045K bytes of NVRAM.
250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
==============================================================
7200Gateway#sh processes cpu
CPU utilization for five seconds: 85%/84%; one minute: 84%; five minutes: 84%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 32 416 76 0.00% 0.00% 0.00% 0 Chunk Manager
2 32788 342520 95 0.00% 0.05% 0.05% 0 Load Meter
3 0 1 0 0.00% 0.00% 0.00% 0 chkpt message ha
4 0 1 0 0.00% 0.00% 0.00% 0 EDDRI_MAIN
5 2624584 213262 12306 0.00% 0.03% 0.04% 0 Check heaps
6 56 373 150 0.00% 0.00% 0.00% 0 Pool Manager
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
8 0 2 0 0.00% 0.00% 0.00% 0 ATM AutoVC Perio
9 0 2 0 0.00% 0.00% 0.00% 0 ATM VC Auto Crea
10 16 28543 0 0.00% 0.00% 0.00% 0 IPC Dynamic Cach
11 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager
12 688 1670887 0 0.00% 0.00% 0.00% 0 IPC Periodic Tim
13 520 1670887 0 0.00% 0.00% 0.00% 0 IPC Deferred Por
14 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager
15 0 1 0 0.00% 0.00% 0.00% 0 IPC BackPressure
16 9007072 30711869 293 1.35% 0.15% 0.11% 0 EnvMon
17 0 1 0 0.00% 0.00% 0.00% 0 OIR Handler
18 0 1 0 0.00% 0.00% 0.00% 0 Crash writer
19 1380 3892 354 0.00% 0.00% 0.00% 0 ARP Input
20 1584 1784473 0 0.00% 0.00% 0.00% 0 ARP Background
21 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
22 0 1 0 0.00% 0.00% 0.00% 0 CEF MIB API
23 4 134 29 0.00% 0.00% 0.00% 0 AAA high-capacit
24 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
25 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
26 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
27 0 5 0 0.00% 0.00% 0.00% 0 Entity MIB API
28 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
29 0 1 0 0.00% 0.00% 0.00% 0 RO Notify Timers
30 0 1 0 0.00% 0.00% 0.00% 0 RMI RM Notify Wa
31 28 281 99 0.00% 0.00% 0.00% 0 EEM ED Syslog
32 0 2 0 0.00% 0.00% 0.00% 0 SMART
33 724 1712571 0 0.00% 0.00% 0.00% 0 GraphIt
34 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
35 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
36 0 2 0 0.00% 0.00% 0.00% 0 XML Proxy Client
37 0 2 0 0.00% 0.00% 0.00% 0 VSA background
38 0 1 0 0.00% 0.00% 0.00% 0 VSA Cleanup Proc
39 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
40 4348 444483 9 0.00% 0.00% 0.00% 0 Net Background
41 0 2 0 0.00% 0.00% 0.00% 0 IDB Work
42 32 501 63 0.00% 0.00% 0.00% 0 Logger
43 1236 1710802 0 0.00% 0.00% 0.00% 0 TTY Background
44 16504 1712627 9 0.07% 0.00% 0.00% 0 Per-Second Jobs
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
45 20 34 588 0.00% 0.00% 0.00% 0 IF-MGR control p
46 8 40 200 0.00% 0.00% 0.00% 0 IF-MGR event pro
47 0 1 0 0.00% 0.00% 0.00% 0 Inode Table Dest
48 0 1 0 0.00% 0.00% 0.00% 0 IKE HA Mgr
49 0 1 0 0.00% 0.00% 0.00% 0 IPSEC HA Mgr
50 4 4 1000 0.00% 0.00% 0.00% 0 rf task
51 12808 179149 71 0.00% 0.00% 0.00% 0 Net Input
52 1304 342532 3 0.00% 0.00% 0.00% 0 Compute load avg
53 610136 28974 21058 0.00% 0.00% 0.00% 0 Per-minute Jobs
54 0 1 0 0.00% 0.00% 0.00% 0 Token Daemon
55 4 10570 0 0.00% 0.00% 0.00% 0 Transport Port A
56 1272 505453 2 0.00% 0.00% 0.00% 0 HC Counter Timer
57 0 1 0 0.00% 0.00% 0.00% 0 Coproc Event Pro
58 0 1 0 0.00% 0.00% 0.00% 0 POS APS Event Pr
59 0 1 0 0.00% 0.00% 0.00% 0 SONET alarm time
60 0 1 0 0.00% 0.00% 0.00% 0 CSP Timer
61 204 4 51000 0.00% 0.00% 0.00% 0 USB Startup
62 0 2 0 0.00% 0.00% 0.00% 0 FPD Management P
63 0 1 0 0.00% 0.00% 0.00% 0 FPD Action Proce
64 0 2 0 0.00% 0.00% 0.00% 0 VNM DSPRM MAIN
65 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_DELA
66 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_SCTP
67 464 1712577 0 0.00% 0.00% 0.00% 0 ISA Common Helpe
68 0 2 0 0.00% 0.00% 0.00% 0 Flash MIB Update
69 0 58 0 0.00% 0.00% 0.00% 0 Flash Card Oir
70 0 1 0 0.00% 0.00% 0.00% 0 CES Line Conditi
71 0 1 0 0.00% 0.00% 0.00% 0 CF_INTERDEV_SCTP
72 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
73 0 2 0 0.00% 0.00% 0.00% 0 Ethernet CFM
74 736 1670893 0 0.00% 0.00% 0.00% 0 Ethernet Timer C
75 0 1 0 0.00% 0.00% 0.00% 0 delayed evt hand
76 28 112 250 0.00% 0.00% 0.00% 0 AAA Server
77 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc
78 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
79 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
80 744 1670882 0 0.00% 0.00% 0.00% 0 BGP Scheduler
81 0 2 0 0.00% 0.00% 0.00% 0 Ethernet OAM Pro
82 0 2 0 0.00% 0.00% 0.00% 0 Ethernet LMI
83 0 2 0 0.00% 0.00% 0.00% 0 CEF switching ba
84 3684 14726 250 0.00% 0.00% 0.00% 0 ADJ resolve proc
85 8 30 266 0.00% 0.00% 0.00% 0 IP ARP Adjacency
86 0 1 0 0.00% 0.00% 0.00% 0 IP ARP Retry Age
87 3481296 6804010 511 0.00% 0.02% 0.01% 0 IP Input
88 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
89 0 9 0 0.00% 0.00% 0.00% 0 TurboACL
90 0 2 0 0.00% 0.00% 0.00% 0 TurboACL chunk
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
91 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Echo event
92 16 2854 5 0.00% 0.00% 0.00% 0 MOP Protocols
93 0 1 0 0.00% 0.00% 0.00% 0 LSP Tunnel FRR
94 0 1 0 0.00% 0.00% 0.00% 0 MPLS Auto-Tunnel
95 0 3 0 0.00% 0.00% 0.00% 0 PPP Hooks
96 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
97 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager
98 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Mana
99 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Time
100 0 2 0 0.00% 0.00% 0.00% 0 Spanning Tree
101 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
102 20 96 208 0.00% 0.00% 0.00% 0 SSM connection m
103 0 1 0 0.00% 0.00% 0.00% 0 AC Switch
104 4 5709 0 0.00% 0.00% 0.00% 0 Authentication P
105 0 1 0 0.00% 0.00% 0.00% 0 Auth-proxy AAA B
106 0 2 0 0.00% 0.00% 0.00% 0 EAPoUDP Process
107 0 2 0 0.00% 0.00% 0.00% 0 IP Host Track Pr
108 0 2 0 0.00% 0.00% 0.00% 0 KRB5 AAA
109 1152 49386 23 0.00% 0.00% 0.00% 0 IP Background
110 2276 28582 79 0.00% 0.00% 0.00% 0 IP RIB Update
111 60 34442 1 0.00% 0.00% 0.00% 0 CEF background p
112 6784 2485297 2 0.00% 0.00% 0.00% 0 CEF: IPv4 proces
113 12 104 115 0.00% 0.00% 0.00% 0 ADJ background
114 0 2 0 0.00% 0.00% 0.00% 0 PPP IP Route
115 0 2 0 0.00% 0.00% 0.00% 0 PPP IPCP
116 0 1 0 0.00% 0.00% 0.00% 0 IP Traceroute
117 7292 7550370 0 0.00% 0.00% 0.00% 0 TCP Timer
118 1300 10511 123 0.00% 0.00% 0.00% 0 TCP Protocols
119 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
120 18228 11429 1594 0.00% 0.00% 0.00% 0 HTTP CORE
121 0 2 0 0.00% 0.00% 0.00% 0 RLM groups Proce
122 0 1 0 0.00% 0.00% 0.00% 0 L2X Data Daemon
123 0 1 0 0.00% 0.00% 0.00% 0 ac_atm_state_eve
124 0 2 0 0.00% 0.00% 0.00% 0 SNMP Timers
125 1320 1710737 0 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc
126 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers
127 568 1710728 0 0.00% 0.00% 0.00% 0 bsm_xmt_proc
128 0 1 0 0.00% 0.00% 0.00% 0 COPS
129 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
130 0 3 0 0.00% 0.00% 0.00% 0 Flow Exporter Ti
131 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM Input
132 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM TIMER
133 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
134 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Inspect Tim
135 0 1 0 0.00% 0.00% 0.00% 0 LAPB Process
136 0 2 0 0.00% 0.00% 0.00% 0 LFDp Input Proc
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
137 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
138 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
139 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind
140 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
141 0 1 0 0.00% 0.00% 0.00% 0 MQC Flow Event B
142 35504 424737438 0 0.23% 0.25% 0.23% 0 HQF Shaper Backg
143 4068 17031478 0 0.00% 0.00% 0.00% 0 RBSCP Background
144 0 2 0 0.00% 0.00% 0.00% 0 SCTP Main Proces
145 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
146 0 1 0 0.00% 0.00% 0.00% 0 CHKPT EXAMPLE
147 0 1 0 0.00% 0.00% 0.00% 0 CHKPT DevTest
148 0 1 0 0.00% 0.00% 0.00% 0 IPS Process
149 0 2 0 0.00% 0.00% 0.00% 0 IPS Auto Update
150 0 2 0 0.00% 0.00% 0.00% 0 SDEE Management
151 948 3338807 0 0.00% 0.00% 0.00% 0 Inspect process
152 0 1 0 0.00% 0.00% 0.00% 0 xcpa-driver
153 52 136947 0 0.00% 0.00% 0.00% 0 FW DP Inspect pr
154 1112 3338806 0 0.00% 0.00% 0.00% 0 CCE DP URLF cach
155 0 2 0 0.00% 0.00% 0.00% 0 URL filter proc
156 0 1 0 0.00% 0.00% 0.00% 0 XSM_EVENT_ENGINE
157 144 171238 0 0.00% 0.00% 0.00% 0 XSM_ENQUEUER
158 68 171238 0 0.00% 0.00% 0.00% 0 XSM Historian
159 0 1 0 0.00% 0.00% 0.00% 0 Select Timers
160 4 2 2000 0.00% 0.00% 0.00% 0 HTTP Process
161 0 2 0 0.00% 0.00% 0.00% 0 CIFS API Process
162 0 2 0 0.00% 0.00% 0.00% 0 CIFS Proxy Proce
163 0 1 0 0.00% 0.00% 0.00% 0 Crypto HW Proc
164 56 114166 0 0.00% 0.00% 0.00% 0 ACE policy loade
165 156 68505 2 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_
166 36688 172862 212 0.00% 0.00% 0.00% 0 BGP I/O
167 0 2 0 0.00% 0.00% 0.00% 0 AAA Cached Serve
168 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
169 0 1 0 0.00% 0.00% 0.00% 0 EM Background Pr
170 0 1 0 0.00% 0.00% 0.00% 0 Key chain liveke
171 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
172 44 112 392 0.00% 0.00% 0.00% 0 LOCAL AAA
173 0 42 0 0.00% 0.00% 0.00% 0 MPLS Auto Mesh P
174 0 2 0 0.00% 0.00% 0.00% 0 TPLUS
175 0 2 0 0.00% 0.00% 0.00% 0 VSP_MGR
176 0 1 0 0.00% 0.00% 0.00% 0 FW_TEST_TRP
177 0 1 0 0.00% 0.00% 0.00% 0 EPM MAIN PROCESS
178 4 3 1333 0.00% 0.00% 0.00% 0 Crypto WUI
179 0 2 0 0.00% 0.00% 0.00% 0 Crypto Support
180 0 1 0 0.00% 0.00% 0.00% 0 IPSECv6 PS Proc
181 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_HTSP
182 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_R2
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
183 0 1 0 0.00% 0.00% 0.00% 0 EPHONE MWI Refre
184 0 1903 0 0.00% 0.00% 0.00% 0 FB/KS Log HouseK
185 0 2 0 0.00% 0.00% 0.00% 0 EPHONE MWI BG Pr
186 0 1 0 0.00% 0.00% 0.00% 0 Skinny HW confer
187 0 1 0 0.00% 0.00% 0.00% 0 CCSWVOICE
188 206492 114180 1808 0.00% 0.00% 0.00% 0 BGP Scanner
189 0 1 0 0.00% 0.00% 0.00% 0 http client proc
190 0 3 0 0.00% 0.00% 0.00% 0 BGP Event
191 0 1 0 0.00% 0.00% 0.00% 0 QOS_MODULE_MAIN
192 0 1 0 0.00% 0.00% 0.00% 0 RPMS_PROC_MAIN
193 0 1 0 0.00% 0.00% 0.00% 0 VoIP AAA
194 0 2 0 0.00% 0.00% 0.00% 0 Dialog Manager
195 184 104 1769 0.00% 0.00% 0.00% 0 crypto engine pr
196 0 4 0 0.00% 0.00% 0.00% 0 Crypto CA
197 0 1 0 0.00% 0.00% 0.00% 0 Crypto PKI-CRL
198 28008 64288 435 0.00% 0.00% 0.00% 0 encrypt proc
199 384768 28300 13596 0.00% 0.00% 0.00% 0 crypto sw pk pro
200 8 27 296 0.00% 0.00% 0.00% 0 Crypto INT
201 456 2019 225 0.00% 0.00% 0.00% 0 Crypto IKE Dispa
202 2128 2714 784 0.00% 0.00% 0.00% 0 Crypto IKMP
203 0 1 0 0.00% 0.00% 0.00% 0 IPSEC manual key
204 180 85737 2 0.00% 0.00% 0.00% 0 IPSEC key engine
205 0 1 0 0.00% 0.00% 0.00% 0 CRYPTO QoS proce
206 28 142 197 0.00% 0.00% 0.00% 0 Crypto ACL
207 0 1 0 0.00% 0.00% 0.00% 0 Crypto PAS Proc
208 0 1 0 0.00% 0.00% 0.00% 0 GDOI GM Process
209 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY
210 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY AC
211 0 1 0 0.00% 0.00% 0.00% 0 MV64 TDR Process
212 0 1 0 0.00% 0.00% 0.00% 0 IMA Traps
213 0 1 0 0.00% 0.00% 0.00% 0 SYSMGT Events
214 0 2 0 0.00% 0.00% 0.00% 0 Control-plane ho
215 0 1 0 0.00% 0.00% 0.00% 0 DATA Transfer Pr
216 0 1 0 0.00% 0.00% 0.00% 0 DATA Collector
217 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
218 116 292 397 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
219 136 171243 0 0.00% 0.00% 0.00% 0 RMON Recycle Pro
220 0 2 0 0.00% 0.00% 0.00% 0 RMON Deferred Se
221 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
222 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Resource
223 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Routing
224 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Track
225 80 53575 1 0.00% 0.00% 0.00% 0 Crypto cTCP proc
226 0 1 0 0.00% 0.00% 0.00% 0 IP SLAs Ethernet
227 4 1 4000 0.00% 0.00% 0.00% 0 RMON Packets
228 820 1709984 0 0.00% 0.00% 0.00% 0 trunk conditioni
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
229 0 1 0 0.00% 0.00% 0.00% 0 trunk conditioni
230 12 120 100 0.00% 0.00% 0.00% 0 EEM Server
231 4 2 2000 0.00% 0.00% 0.00% 0 Call Home proces
232 52 260 200 0.00% 0.00% 0.00% 0 Syslog
233 0 1 0 0.00% 0.00% 0.00% 0 VPDN Test
234 0 2 0 0.00% 0.00% 0.00% 0 EEM Policy Direc
235 0 2 0 0.00% 0.00% 0.00% 0 EEM ED CLI
236 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Counter
237 0 3 0 0.00% 0.00% 0.00% 0 EM ED GOLD
238 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Interface
239 0 3 0 0.00% 0.00% 0.00% 0 EEM ED IOSWD
240 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Ipsla
241 0 3 0 0.00% 0.00% 0.00% 0 EEM ED None
242 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Nf
243 0 3 0 0.00% 0.00% 0.00% 0 EEM ED OIR
244 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RF
245 0 3 0 0.00% 0.00% 0.00% 0 EEM ED SNMP
246 0 2 0 0.00% 0.00% 0.00% 0 EEM ED SNMP Noti
247 36 42890 0 0.00% 0.00% 0.00% 0 EEM ED Timer
248 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Test
249 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Config
250 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Env
251 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RPC
252 0 2 0 0.00% 0.00% 0.00% 0 cpf_process_msg_
253 0 1 0 0.00% 0.00% 0.00% 0 Key Proc
254 36 28543 1 0.00% 0.00% 0.00% 0 Call Home Timer
255 0 1 0 0.00% 0.00% 0.00% 0 tHUB
256 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
257 104 953 109 0.00% 0.00% 0.00% 0 SSH Event handle
258 16 28543 0 0.00% 0.00% 0.00% 0 Secure Login
259 84 54 1555 0.00% 0.00% 0.00% 0 Tunnel Security
260 56 67 835 0.00% 0.00% 0.00% 0 Crypto SS Proces
261 0 1 0 0.00% 0.00% 0.00% 0 cpf_process_tpQ
262 0 1 0 0.00% 0.00% 0.00% 0 TCP Listener
263 0 2 0 0.00% 0.00% 0.00% 0 IP Flow Top Talk
264 1180 3338804 0 0.00% 0.00% 0.00% 0 IP NAT Ager
265 0 1 0 0.00% 0.00% 0.00% 0 IP NAT WLAN
266 24 28563 0 0.00% 0.00% 0.00% 0 IP SLAs Event Pr
267 434504 1489526 291 0.00% 0.00% 0.00% 0 IP SNMP
268 170304 877961 193 0.00% 0.00% 0.00% 0 PDU DISPATCHER
269 495704 877992 564 0.00% 0.00% 0.00% 0 SNMP ENGINE
270 0 2 0 0.00% 0.00% 0.00% 0 IP SNMPV6
271 0 1 0 0.00% 0.00% 0.00% 0 SNMP ConfCopyPro
272 0 1 0 0.00% 0.00% 0.00% 0 SNMP Traps
273 1185420 1715196 691 0.00% 0.00% 0.00% 0 NTP
274 412 29 14206 0.00% 0.00% 0.00% 0 VTEMPLATE Backgr
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
275 18608 174262 106 0.00% 0.00% 0.00% 0 BGP Router
276 36 27171 1 0.00% 0.00% 0.00% 0 DFS flush period
277 8 12 666 0.00% 0.00% 0.00% 0 Collection proce
278 16 651 24 0.00% 0.00% 0.00% 0 CRYPTO IKMP IPC
279 1724 850 2028 0.00% 0.00% 0.00% 2 SSH Process
281 0 1 0 0.00% 0.00% 0.00% 0 Skinny MOH Event
282 64 173856 0 0.00% 0.00% 0.00% 0 Skinny Socket Se
283 0 1451 0 0.00% 0.00% 0.00% 0 Web Write Housek
==============================================================
wish to help ASAPJosephDoherty wrote:DisclaimerThe Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.Liability DisclaimerIn no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.PostingThe fact you are matching with any ACLs, will decrease maximum performance.The fact you are using a policy-may, will decrease maximum performance.The fact is a -G2 only has finite capacity.In other words, what you're seeing might be completely normal for your traffic volume, your traffic composition and your configuration.If you believe your router is overloaded, and generally above 75% CPU might be so considered, either you'll need a faster device (see ASR 1Ks), or you might try changing your configuration to decrease your configuration load on the router.What's your CPU load if your remove the policy-map from the interface?If removing the policy-map from the interface shows a significant CPU loading decrease - QED.If you need/desire such QoS, then you'll want a "faster" router.You might be also able to decrease your CPU a little by some "tuning". I already mention the TurboACL feature statement. With ACLs, fewer are faster, and how they ordered (especially without TurboACL) impacts CPU. How you order you class-maps, within a policy, and how the match statements are ordered will also have some impact on the CPU load. If buffers are being allocated/deallocated, that too will impact CPU loading. I assume CEF is enabled, but for some traffic, flow caching might decrease CPU load.Remember a software based router, like the 7200s, are, more or less, a computer that takes your configuration and determines what's to be done with every packet it "sees". The more your configuration requires for per packet analysis, the more load for each packet.There are whitepapers addressing high CPU load caused by "process switching", but what you posted appears to be mostly all interrupt processing, which is "fast path", or optimal, packet forwarding. There's not much you can normally do to improve against that, other than insuring your configuration is as optimal as possible for your needs (again, things like sequencing/ordering of statements).
hi ,
thanks very very much for this nice information,
let me answer you :
you said that NPE G2 has finite capacity , but how to know this full capacity ???
i mean that my policy map is matching the traffic , but the matched traffic is not being enhancemend ??!!!
last about two weeks , the matched traffic of youtube was excellent and no interrupt durting the my rush hour.
i didnt change any thing, but my bw increased from 730 Mbps to 760Mbps ,
im un able to make sure that i need to chnage my platform to faster one.
agian
my cpu is 60 % without QOS
after QOS it increase to 80-85 %
agian ,
about NBAR
i want to tell you that i cant depend on NBAR , as an example , im matching the ips of videos of facebook , i cant depend on NBAR because it is https videos.
but in summary ,
my qos is matching well , but i have no real enhancement for my traffic.
did you face my issue before ???
i mean have you see like my problem ?
like my router platform with cpu over 80 % and 750Mbps , and matched qos without good result ??
note that i upgraded to iso 15 , but seems same issue !!!
regards -
Version 03.03.00.XO - MLS QOS not supported
Hi All,
Anyone face the same problem with the following IOS Version?
MLS QOS is not supported in global command.
Switch#sh ver
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.03.00.XO RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 14-Aug-13 07:26 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: 15.1(1r)SG2
Switch uptime is 6 minutes
System returned to ROM by power-on
Running default software
Jawa Revision 3, RadTrooper Revision 0x0.0x41, Conan Revision 0x1449
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Information for 'WS-X45-SUP8-E'
License Level: entservices Type: Permanent
Next reboot license Level: entservices
cisco WS-C4506-E (P5040) processor (revision 2) with 4194304K bytes of physical memory.
Processor board ID FXS1812Q346
P5040 CPU at 2.2GHz, Supervisor 8-E
Last reset from PowerUp
1 Virtual Ethernet interface
20 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.
Configuration register is 0x2101
SWITCH(config)#mls qos
^
% Invalid input detected at '^' marker.
SWITCH(config)#
SWITCH(config)#?
Configure commands:
aaa Authentication, Authorization and Accounting.
access-list Add an access list entry
access-session Access Sesion Global Configuration Commands
agent-server Modify DNS server properties
alias Create command alias
ancp Configure ANCP
archive Archive the configuration
arp Set a static ARP entry
async-bootp Modify system bootp parameters
audit Router Audit
authentication Auth Manager Global Configuration Commands
auto Configure Automation
banner Define a login banner
beep Configure BEEP (Blocks Extensible Exchange
Protocol)
bfd BFD configuration commands
bfd-template BFD template configuration
boot Modify system boot parameters
bridge Bridge Group.
buffers Adjust system buffer pool parameters
bulkstat Bulkstat Application
call-home Enter call-home configuration mode
cdp Global CDP configuration subcommands
cef Cisco Express Forwarding
cisp Set CISP parameters
class-map Configure CPL Class Map
clns Global CLNS configuration subcommands
clock Configure time-of-day clock
cluster Cluster configuration commands
cns CNS agents
comet-server Configure comet-server properties
config-register Define the configuration register
configuration Configuration access
control-plane Configure control plane services
crypto Encryption module
cts Cisco Trusted Security commands
default Set a command to its defaults
default-value Default character-bits values
define interface range macro definition
device-sensor IOS Sensor Commands
diagnostic Configure diagnostic information
dns-server Modify DNS server properties
dnsix-dmdp Provide DMDP service for DNSIX
dnsix-nat Provide DNSIX service for audit trails
do-exec To run exec commands in config mode
dot1x IEEE 802.1X Global Configuration Commands
downward-compatible-config Generate a configuration compatible with older
software
eap EAP Global Configuration Commands
emm Specify pre-loading of MDF
enable Modify enable password parameters
end Exit from configure mode
energywise EnergyWise Global Configuration Commands
epm EPM Global Configuration Commands
errdisable Error disable
ethernet Ethernet configuration
event Event related configuration commands
exception Exception handling
exit Exit from configure mode
fallback Fallback configuration commands
fhrp Configure First Hop Redundancy Protocols
file Adjust file system parameters
fips FIPS mode after next reload
flow Global Flow configuration subcommands
format Format the output
global-address-family Enter address-family base routing topology mode
help Description of the interactive help system
hostname Set system's network name
hw-module Apply command (e.g. shutdown) to specified
hardware target
hw-module Control of individual components in the system
hw-switch Control of individual components in the switch
id-manager ID Pool Manager
identity Identity Configuration Commands
infra-test Configure end2end properties
interface Select an interface to configure
ip Global IP configuration subcommands
ipc Configure IPC system
ipv6 Global IPv6 configuration commands
isis Global ISIS configuration subcommands
issu no description
key Key management
kron Kron interval Facility
l2 Layer 2
l2protocol-tunnel Tunnel Layer2 protocols
lacp LACP configuration
li-view LI View
license Configure License
line Configure a terminal line
link Enable Link State Tracking feature
lldp Global LLDP configuration subcommands
location Global location configuration commands
logging Modify message logging facilities
login Enable secure login checking
mab MAC Authentication Bypass Global Configuration
Commands
mac Global MAC configuration subcommands
macro Macro configuration
media-proxy Global media proxy configuration
mediatrace Mediatrace Application
memory Configure memory management
metadata Metadata Application
mka MACsec Key Agreement (MKA) configuration
module Module
monitor Monitoring different system events
mvr Enable/Disable MVR on the switch
netconf Configure NETCONF
Thank you.Hi,
QOS implementation has radically changed since the advent of
sup-7 & later
You no longer set mls qos as qos is on the engine by default.
Please see the following links
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/white_paper_c11-539588.html
"Ingress QoS: Default Actions
First and foremost, QoS does not need to be enabled on the Supervisor Engine, it is on by default in compliance with the MQC construct.
When a packet arrives at an interface, there are two options to take into consideration: is there a policy attached or not? If the packet arrives with or without a marking and there is not a policy attached to the interface, packets will flow through the switch untouched. There are no questions as to where the packet came from or if it has a valid marking. If the packet arrives with or without a marking, and a policy is attached to the interface, the packet will only then be subject to the policy classification."
And the config guide
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1/XE_330SG/configuration/guide/config/qos_mrg.html#wp1461453
Hope this helps
Regards
Alex -
Router Dead , when i applied QOS on virtual-temp interface for vpn !!
hi all ,
i have a simple brief topology below :
PSTN======(R1-7206)>F1=======F2>(R2-7604 catalyst)>>>F1=========Internet
i have two router
R2========>MLS 7604
R1======>cisco 7204
on R2 , Im doing matching to QOS by dscp , im matching acls ips from internet with dscp values :
here is CONFIG for matching :
Gateway7600#sh policy-map LLQX
Policy Map LLQX
Class YOUTUBE
set ip dscp af43
Class FACEBOOKVIDEOS
set ip dscp af33
Class HTTP
set dscp af23
Class DNSQOS
set dscp af13
Class class-default
set ip dscp af11
================
Gateway7600#sh class-map
Class Map match-all FACEBOOKVIDEOS (id 7)
Match access-group name facebookvideos
Class Map match-all DNSQOS (id 8)
Match access-group name dnsqos
Class Map match-all HTTP (id 6)
Match access-group name browsing
Class Map match-any class-default (id 0)
Match any
Class Map match-all YOUTUBE (id 5)
Match access-group name youtube
Gateway7600#
=========================================================
on this router i applied this policy map on interfaxce F1 in direction
and here matching is well :
Gateway7600#sh policy-map interface gigabitEthernet 1/5 in
GigabitEthernet1/5
Service-policy input: LLQX
class-map: rate-limit (match-all)
Match: access-group name rate-limit
police :
4088000 bps 384000 limit 384000 extended limit
Earl in slot 1 :
139044930 bytes
30 second offered rate 143032 bps
aggregate-forwarded 134420937 bytes action: transmit
exceeded 4623993 bytes action: drop
aggregate-forward 22544 bps exceed 0 bps
class-map: YOUTUBE (match-all)
Match: access-group name youtube
set dscp 38:
Earl in slot 1 :
132693939697 bytes
30 second offered rate 212144928 bps
aggregate-forwarded 132693939697 bytes
class-map: FACEBOOKVIDEOS (match-all)
Match: access-group name facebookvideos
set dscp 30:
Earl in slot 1 :
10726758352 bytes
30 second offered rate 20682720 bps
aggregate-forwarded 10726758352 bytes
class-map: HTTP (match-all)
Match: access-group name browsing
set dscp 22:
Earl in slot 1 :
56874058537 bytes
30 second offered rate 92669832 bps
aggregate-forwarded 56874058537 bytes
class-map: DNSQOS (match-all)
Match: access-group name dnsqos
set dscp 14:
Earl in slot 1 :
160308954 bytes
30 second offered rate 303552 bps
aggregate-forwarded 160308954 bytes
class-map: class-default (match-any)
Match: any
set dscp 10:
Earl in slot 1 :
67394864030 bytes
30 second offered rate 126884864 bps
aggregate-forwarded 67394864030 bytes
=================================================================================
now the problem is below
on router 7200 , it is LNS router connected with LAC roiuter for ADSL customers.
now here is config of policy map on 7200 router:
R11#sh policy-map
Policy Map MATCH_MARKS
Class MATCH_YOUTUBE
bandwidth 220000 (kbps)
Class MATCH_FACEBOOKVIDEOS
bandwidth 20000 (kbps)
Class MATCH_HTTP
bandwidth 100000 (kbps)
=========================================================
R1#sh class-map
Class Map match-all MATCH_FACEBOOKVIDEOS (id 2)
Match ip dscp af33 (30)
Class Map match-all MATCH_HTTP (id 3)
Match ip dscp af23 (22)
Class Map match-any class-default (id 0)
Match any
Class Map match-all MATCH_YOUTUBE (id 1)
Match ip dscp af43 (38)
==========================================================
here is virtual-template interface before i apply the QOS
R1#sh running-config interface virtual-template 1
Building configuration...
Current configuration : 352 bytes
interface Virtual-Template1
bandwidth 1000000
ip unnumbered Loopback0
ip tcp adjust-mss 1412
ip policy route-map private
no logging event link-status
qos pre-classify
peer default ip address pool bitsead1 bitsead2
ppp mtu adaptive
ppp authentication pap vpdn
ppp authorization vpdn
ppp accounting vpdn
max-reserved-bandwidth 90
end
=========================================
when i apply the command
(service-poliy output MATCH_MAKRS ) under virtual-template interface i have console logs :
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
also i have
*Jul 9 22:28:38.242: Interface Virtual-Access2551 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.250: Interface Virtual-Access627 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.258: Interface Virtual-Access786 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.266: Interface Virtual-Access623 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.274: Interface Virtual-Access2559 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.282: Interface Virtual-Access2281 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.290: Interface Virtual-Access142 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:40.262: %SYS-2-INTSCHED: 'suspend' at level 3 -Process= "VTEMPLATE Background Mgr", ipl= 3, pid= 278, -Traceback= 0x756FF0z 0x3439C58z 0x2778D70z 0x2CACCD0z 0x2CC63E0z 0x2CC7FF8z 0x2CADC74z 0x2CBE058z 0x2CA0340z 0x2CA04F8z 0x2E0BB18z 0x2D23378z 0x2D1825Cz 0x2D18738z 0x2E66FE0z 0x2D971ACz
*Jul 9 22:28:40.262: %SYS-2-INTSCHED: 'suspend' at level 3 -Process= "VTEMPLATE Background Mgr", ipl= 3, pid= 278, -Traceback= 0x756FF0z 0x3439C58z 0x2778D70z 0x2CACD28z 0x2CC63E0z 0x2CC7FF8z 0x2CADC74z 0x2CBE058z 0x2CA0340z 0x2CA04F8z 0x2E0BB18z 0x2D23378z 0x2D1825Cz 0x2D18738z 0x2E66FE0z 0x2D971ACz
after i apply it ,
the cpu is 100 % and the router got down !!!
now
what is the problem ????
here is ios for 7200 router
R1#sh version
Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.4(24)T7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 28-Feb-12 12:53 by prod_rel_team
ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
Bras1 uptime is 13 weeks, 1 day, 9 hours, 24 minutes
System returned to ROM by reload at 16:24:51 GMT+3 Tue Jun 17 2003
System image file is "disk2:c7200p-adventerprisek9-mz.124-24.T7.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 7206VXR (NPE-G2) processor (revision A) with 917504K/65536K bytes of memory.
Processor board ID 36858624
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.11
Last reset from power-on
PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb1 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
1 FastEthernet interface
3 Gigabit Ethernet interfaces
2045K bytes of NVRAM.
250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
==============================================================================
wish to Help ASAP
regardshi ,
i did
the same issue ,
i did a TEST policymap that has 30 percent gurantee
but the same result!!!!!!!!!!!!!!!!
the router god down agian !
here is logs :
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.605: Interface Virtual-Access1896 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.797: Interface Virtual-Access1317 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.809: Interface Virtual-Access993 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.817: Interface Virtual-Access1699 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.981: Interface Virtual-Access254 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.993: Interface Virtual-Access687 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.001: Interface Virtual-Access35 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.009: Interface Virtual-Access160 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.017: Interface Virtual-Access1337 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.029: Interface Virtual-Access1670 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.037: Interface Virtual-Access1948 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.049: Interface Virtual-Access1669 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.109: Interface Virtual-Access1334 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.117: Interface Virtual-Access151 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.125: Interface Virtual-Access761 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.137: Interface Virtual-Access810 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.197: Interface Virtual-Access1522 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.237: Interface Virtual-Access1692 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.257: Interface Virtual-Access368 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.305: Interface Virtual-Access1758 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.317: Interface Virtual-Access2061 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.325: Interface Virtual-Access1203 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.337: Interface Virtual-Access188 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.345: Interface Virtual-Access1975 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.357: Interface Virtual-Access1172 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.509: Interface Virtual-Access1647 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.517: Interface Virtual-Access458 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.609: Interface Virtual-Access608 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.621: Interface Virtual-Access2128 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.633: Interface Virtual-Access1167 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.641: Interface Virtual-Access487 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.653: Interface Virtual-Access1793 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.665: Interface Virtual-Access2280 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.769: Interface Virtual-Access839 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.781: Interface Virtual-Access2311 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.793: Interface Virtual-Access1788 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.857: Interface Virtual-Access8 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.869: Interface Virtual-Access2243 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.881: Interface Virtual-Access580 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.057: Interface Virtual-Access6 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.065: Interface Virtual-Access1331 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.077: Interface Virtual-Access1235 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.177: Interface Virtual-Access1748 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.189: Interface Virtual-Access2262 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.205: Interface Virtual-Access2136 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
i want to ask a question , could this be from IOS ???? -
QoS: Multiple acl entries cannot be used in match-any in class Match_XY
Hello All,
I'm getting below error while trying to add the two extended ACL in the class-map for classifying the traffic. Is there any way I can add two extenteded ACL in the same class-map for classifying the traffic.
Error log: "QoS: Multiple acl entries cannot be used in match-any in class Tag_AF13"
device details: cisco WS-C6506-E with Supervisor Engine 2T
IOS version -s2t54-adventerprisek9-mz.SPA.150-1.SY1.bin
R1(config)#class-map match-any Tag_AF13
#match access-group name XX
#match access-group name XY
QoS: Multiple acl entries cannot be used in match-any in class Tag_AF13
Regards,
ThiyaguHi Rajan,
Thats because of the logic used for ACl operations, as per your config you are class-map match-any. The match any argument says that the class map must match either of the two arguments supplied.So lets take a look at how the sequence of operations of how this will be interpreted by your class map.
1> Any particular packet will be first matched against the first ACL "XX".
2> Suppose there are 10 entries there if it matches any of those entries the appropriate action will be talen.
3> If none of those entried match the packet there will be an implicit deny at the end of the ACL( default behaviour of ACL's)
4> In that case the packet will match the implicit deny and will get dropped.
5> The packet will under no circumstances go to the next ACL "XY"
Thats the reason multiple ACL's aren't allowed by the IOS.
You can try to collate both ACL's and put them in just one ACL that should work well. If you need help please pots both the ACL's.
Please do let me know if you have any further questions
HTH
Regards
Umesh
Maybe you are looking for
-
How can i change all the purple links in safari back to blue
I am having trouble figuring out how to change the links ive visited in safari back to blue. I have turned on PRIVATE so now my links dont turn purple onces ive visited the webpage but i can't figure out how to remove/change the already visited sites
-
Problem with RSS Feed & iTunes U
Hello: The following RSS feed passes feedvalidator with two minor errors, and other feeds have these similar two minor errors but work with iTunes U. But, the following feed doesn't work with iTunes U. http://www.kued.org/productions/utahnow/?action=
-
List Region with Dynamic Table name
Trying to build a page that is similar to Query Builder. On the left side of my page, I need to populate a list of table names from a SQL statement. Once the list is created, will need to perform some addtional actions when user clicks onthe specific
-
Getting error when removing Oracle Home
Hi, I'm in the process of removing un used oracle home, while executing the detachHome.sh script am getting the below error. Oracle version : 10.2.0.3 Os : Linux -2.6.9-42.ELsmp Error: xxxx+ASM2@xxxora05 /home/oracle > /oracle/product/10.2.0.3oct07/o
-
HT204406 I'm stuck in Step 1 for days, after I had subscribed iTunes Match
I restarted my Mac, logout then log in, try again but still in step 1. What should I do now ?