QoS PreClassify Command

Hi Guys,
I hope someone can help me here. Just revising some ONT stuff before exam and realised that i do not understand when the 'qos pre-classify' command is used when implementing QoS over VPNs.
Can someone clearly expalin when exactly you use the QoS Pre-Classisfy command and when not to use it.
Forever Greatful
Stephen
PS - i'm gonna post this over in 'Certifications' also for a bit more exposure.

If the before encapsulation packets have TOS settings that you want to "analyze" after the packets have been encapsulated with a VPN packet, then you can use pre-classify to copy the TOS values to the VPN packet's TOS. NB: The copied TOS can be overwritten, but that won't change the original packet's TOS.
E.g. you have VoIP packets marked with TOS values (perhaps a DSCP EF) so QoS can give them better treatment. If the original packet's TOS isn't copied to the VPN packet's TOS, QoS could no longer tell the difference between VoIP packets and FTP packets since they are now likely to be encrypted. (Pre-Classify is the command to cause the copy.)

Similar Messages

  • Show policy-map interface | Question about QOS show command output

    I hope this is the correct place for this question. If not, please let me know.
    When I issue the show policy-map interface command (in this case on a  3845) there is some output I don't understand.  I have included some output below and formatted the lines I am confused about as "computer code" which show up as red on my screen.  A list of the individual lines i'm confused about is below, followed by those liens in the context of the show policy-map command's output.
    Any help with this will be greatly appreciated. Thanks in advance.
    5 minute offered rate 46000 bps, drop rate 0 bps
     5 minute rate 10000 bps
     bandwidth remaining 50% (768 kbps)
    show policy-map interface
    --- previous output omitted ---
    GigabitEthernet0/0
      Service-policy input: QoS_IN
    class-map: Silver (match-any)
          164691299 packets, 23570752398 bytes
          5 minute offered rate 46000 bps, drop rate 0 bps
          Match: access-group name MAINFRAME
            4371992 packets, 2311242335 bytes
            5 minute rate 0 bps
          Match: access-group name KRONOS
            13334297 packets, 3051409140 bytes
            5 minute rate 5000 bps
          Match: access-group name EMAIL
            97652823 packets, 10323856470 bytes
            5 minute rate 10000 bps
          Match: access-group name VOIP-CONTROL
            20782858 packets, 1481676784 bytes
            5 minute rate 0 bps
          Match: access-group name LOGIXWEB
            0 packets, 0 bytes
            5 minute rate 0 bps
          Match: access-group name GRINDLOG
            0 packets, 0 bytes
            5 minute rate 0 bps
          Match: access-group name CITRIX
            46895 packets, 14669179 bytes
            5 minute rate 0 bps
          Match: access-group name CORP_WEB
            28502414 packets, 6387897396 bytes
            5 minute rate 4000 bps
          QoS Set
            dscp af31
              Packets marked 164691269
    show policy-map interface s0/0/0:0
    Serial0/0/0:0
      Service-policy output: QoS_OUT
    --- previous output omitted ---
        Class-map: Silver (match-any)
          86590227 packets, 12051546524 bytes
          5 minute offered rate 3000 bps, drop rate 0 bps
          Match: access-group name MAINFRAME
            7641084 packets, 2701232492 bytes
            5 minute rate 0 bps
          Match: access-group name KRONOS
            6975052 packets, 1555404656 bytes
            5 minute rate 0 bps
          Match: access-group name EMAIL
            58438150 packets, 5433636586 bytes
            5 minute rate 3000 bps
          Match: access-group name VOIP-CONTROL
            355083 packets, 41252455 bytes
            5 minute rate 0 bps
          Match: access-group name LOGIXWEB
            0 packets, 0 bytes
            5 minute rate 0 bps
          Match: access-group name GRINDLOG
            0 packets, 0 bytes
            5 minute rate 0 bps
          Match: access-group name CITRIX
            19 packets, 4967 bytes
            5 minute rate 0 bps
          Match: access-group name CORP_WEB
            13180836 packets, 2320015236 bytes
            5 minute rate 0 bps
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/18156/0
          (pkts output/bytes output) 86421413/12004278837
          bandwidth remaining 50% (768 kbps)

    this is my configuration
    DGMGRL> show configuration
    Configuration
    Name: matrix
    Enabled: YES
    Protection Mode: MaxPerformance
    Databases:
    stdby1 - Primary database
    stdby2 - Physical standby database
    stdby3 - Physical standby database
    Fast-Start Failover: DISABLED
    Current status for "matrix":
    SUCCESS
    --- this is my first successful switchover -----
    DGMGRL> switchover to stdby2
    Performing switchover NOW, please wait...
    New primary database "stdby2" is opening...
    Operation requires shutdown of instance "stdby1" on database "stdby1"
    Shutting down instance "stdby1"...
    ORA-01109: database not open
    Database dismounted.
    ORACLE instance shut down.
    Operation requires startup of instance "stdby1" on database "stdby1"
    Starting instance "stdby1"...
    ORACLE instance started.
    Database mounted.
    Switchover succeeded, new primary is "stdby2"
    -------------------this is my second switchover -------------
    DGMGRL> switchover to stdby1
    Performing switchover NOW, please wait...
    New primary database "stdby1" is opening...
    Operation requires shutdown of instance "stdby2" on database "stdby2"
    Shutting down instance "stdby2"...
    ORA-01109: database not open
    Database dismounted.
    ORACLE instance shut down.
    Operation requires startup of instance "stdby2" on database "stdby2"
    Starting instance "stdby2"...
    Unable to connect to database
    ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
    Failed.
    You are no longer connected to ORACLE
    Please connect again.
    Unable to start instance "stdby2"
    You must start instance "stdby2" manually
    Switchover succeeded, new primary is "stdby1"
    DGMGRL>
    Edited by: user6981287 on Jan 7, 2010 12:57 AM
    Edited by: user6981287 on Jan 7, 2010 1:00 AM

  • Qos pre-classify not classifying packets correctly.

    This is a little 831 router (12.4.4T) with one private and one public interface connected to a 1000/256 ADSL circuit. There is a VPN to the Head Office with a GRE tunnel and EIGRP.
    The Tunnels bandwidth is set to 1544 since there is a frame-relay backup and the service provider hasn’t configured their parameters correctly, but this shouldn’t affect the QoS.
    What’s happening is that we can only see a very small amount of traffic being classified correctly and all other traffic seems to match the last (ip any any) access-list. The fact that the data is being classified seems to indicate that the qos pre-classify is working but we don’t know why it’s not matching the correct data classes.
    Any ideas would be greatly appreciated...
    router#sh policy-map int eth1
    Ethernet1
    Service-policy output: soho01-vpn-256
    Class-map: AC-CLASS-G1 (match-any)
    14110 packets, 2414498 bytes
    5 minute offered rate 9000 bps, drop rate 0 bps
    Match: access-group name AC-G1
    14110 packets, 2414498 bytes
    5 minute rate 9000 bps
    Queueing
    Output Queue: Conversation 73
    Bandwidth 128 (kbps) Max Threshold 64 (packets)
    (pkts matched/bytes matched) 1/60
    (depth/total drops/no-buffer drops) 0/0/0
    Class-map: AC-CLASS-G2 (match-any)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group name AC-G2
    0 packets, 0 bytes
    5 minute rate 0 bps
    Queueing
    Output Queue: Conversation 74
    Bandwidth 8 (kbps) Max Threshold 64 (packets)
    (pkts matched/bytes matched) 0/0
    (depth/total drops/no-buffer drops) 0/0/0
    Class-map: AC-CLASS-G3 (match-any)
    12 packets, 968 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group name AC-G3
    12 packets, 968 bytes
    5 minute rate 0 bps
    Queueing
    Output Queue: Conversation 75
    Bandwidth 32 (kbps) Max Threshold 64 (packets)
    (pkts matched/bytes matched) 9/558
    (depth/total drops/no-buffer drops) 0/0/0
    Class-map: AC-CLASS-G4 (match-any)
    1621 packets, 266028 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group name AC-G4
    1621 packets, 266028 bytes
    5 minute rate 0 bps
    Queueing
    Output Queue: Conversation 76
    Bandwidth 64 (kbps) Max Threshold 64 (packets)
    (pkts matched/bytes matched) 19/1240
    (depth/total drops/no-buffer drops) 0/0/0
    Class-map: AC-CLASS-G5 (match-any)
    9336 packets, 693246 bytes
    5 minute offered rate 1000 bps, drop rate 0 bps
    Match: access-group name AC-G5
    9336 packets, 693246 bytes
    5 minute rate 1000 bps
    Queueing
    Output Queue: Conversation 77
    Bandwidth 16 (kbps) Max Threshold 64 (packets)
    (pkts matched/bytes matched) 8248/511990
    (depth/total drops/no-buffer drops) 0/0/0
    Class-map: AC-CLASS-G6 (match-any)
    369616 packets, 79361172 bytes
    5 minute offered rate 164000 bps, drop rate 0 bps
    Match: access-group name AC-G6
    369616 packets, 79361172 bytes
    5 minute rate 164000 bps
    Queueing
    Output Queue: Conversation 78
    Bandwidth 8 (kbps) Max Threshold 64 (packets)
    (pkts matched/bytes matched) 310/24424
    (depth/total drops/no-buffer drops) 0/0/0
    Class-map: class-default (match-any)
    4750 packets, 285000 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any

    Someone please correct me if I am wrong but if you add the 5 minute offered rate for all your classes you are classifying about 175K worth of traffic throughout your service policy. If I am reading correctly your circuit is 256 up 1M down.
    From looking at your configuration it seems most of your traffic is matching the class named class AC-CLASS-G6. There is no access list defined for this class so essentially all traffic that hasn?t matched a previous class will match here. This explains why you?re not matching any traffic on the default class.
    It is recommended to only assign queues for up to 75% of the available bandwidth. IOS determines what this 75% is based on the bandwidth statement. Right now you have queues defined for all but 2K of your available bandwidth which means traffic that doesn?t match any of your classes will be tail dropped during times of congestion. I assume you are intending to do this based on the max-reserved-bandwidth command and the missing access list.
    When using qos-preclassify essentially what happens is the ToS bits are copied into the post gre or IPSEC IP header. In this case you are not matching based on DSCP marking you are matching on IP address so therefore when packets egress your E0 interface the post GRE or IPSEC IP header doesn?t have an address or type field that matches your class statements. If you were to mark traffic based on these classes with a DSCP marking (i.e. AF 31, 32, 33) at the inbound interface you could then copy these markings and provide the appropriate PHB on your egress interface E0.
    HTH
    RS

  • Router Crashes after entering "show run" or similar commands

    Hello,
    Im having a problem with my Company router C3845-ADVSECURITYK9-M, software Version 15.1(4)M. After i issue "show run" it tends to crash in middle of output, router restarts itself to be precise....same thing happened when i tried "show stack" afterwards, it happened several times when trying to show running config, so im guessing it has some problem when trying to display large outputs...i have never heard of such thing though so im asking for advice, 
    These are some informations i gathered:
    show version:....
    System returned to ROM by error - a Software forced crash, PC 0x60AD4710 at 14:10:56 CET-SUM Wed Aug 13 2014
    xxxx#sh env
     SYS PS1 is present.
            Fan status: Normal
            Input Voltage status: Normal
            DC Output Voltage status: Normal
            Type: AC
            Thermal status: Normal
     SYS PS2 is absent.
     AUX(-48V) PS1 is absent.
     AUX(-48V) PS2 is absent.
     Fan  1 OK
     Fan  2 OK
     Fan  3 OK
     Fan Speed Setting: Normal
     Alert settings:
     Intake temperature warning: Enabled, Threshold: 55
     Core temperature warning: Enabled, Threshold: 70 (CPU: 90)
     Board Temperature: Normal
     Internal-ambient temperature = 38, Normal
     CPU temperature = 50, Normal
     Intake temperature = 32, Normal
     Backplane temperature = 29, Normal
     Voltage 1(3300) is Normal, Current voltage = 3284 mV 
     Voltage 2(5150) is Normal, Current voltage = 5153 mV 
     Voltage 3(2500) is Normal, Current voltage = 2525 mV 
     Voltage 4(1200) is Normal, Current voltage = 1203 mV 
    xxxx#sh logg
    Syslog logging: enabled (0 messages dropped, 120 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
    No Active Message Discriminator.
    No Inactive Message Discriminator.
        Console logging: level debugging, 62 messages logged, xml disabled,
                         filtering disabled
        Monitor logging: level debugging, 0 messages logged, xml disabled,
                         filtering disabled
        Buffer logging:  level debugging, 178 messages logged, xml disabled,
                        filtering disabled
        Exception Logging: size (4096 bytes)
        Count and timestamp logging messages: disabled
        Persistent logging: disabled
    No active filter modules.
        Trap logging: level informational, 181 message lines logged
            Logging to 10.254.0.49  (udp port 514, audit disabled,
                  link up),
                  181 message lines logged, 
                  0 message lines rate-limited, 
                  0 message lines dropped-by-MD, 
                  xml disabled, sequence number disabled
                  filtering disabled
            Logging to 10.254.8.44  (udp port 514, audit disabled,
                  link up),
                  181 message lines logged, 
                  0 message lines rate-limited, 
                  0 message lines dropped-by-MD, 
                  xml disabled, sequence number disabled
                  filtering disabled
    Log Buffer (1000000 bytes):
    *Aug 13 12:33:24.867: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized 
    *Aug 13 12:33:24.871: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled 
    *Aug 13 12:33:25.635: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to reset
    *Aug 13 12:33:25.635: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to reset
    *Aug 13 12:33:25.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Onboard VPN, changed state to up
    *Aug 13 12:33:26.635: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
    *Aug 13 12:33:26.635: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
    *Aug 13 12:33:27.787: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
    *Aug 13 12:33:27.787: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
    *Aug 13 13:33:29.023: %SYS-6-CLOCKUPDATE: System clock has been updated from 12:33:29 UTC Wed Aug 13 2014 to 13:33:29 MET Wed Aug 13 2014, configured from console by console.
    *Aug 13 14:33:29.023: %SYS-6-CLOCKUPDATE: System clock has been updated from 13:33:29 MET Wed Aug 13 2014 to 14:33:29 CET-SUM Wed Aug 13 2014, configured from console by console.
    *Aug 13 14:33:30.471: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:0, changed state to down
    *Aug 13 14:33:30.471: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:1, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:2, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:3, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:4, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:5, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:6, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:7, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:8, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:9, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:10, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:11, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:12, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:13, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:14, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:16, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:17, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:18, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:19, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:20, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:21, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:22, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:23, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:24, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:25, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:26, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:27, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:28, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:29, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:30, changed state to down
    *Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:15, changed state to down
    *Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:0, changed state to down
    *Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:1, changed state to down
    *Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:2, changed state to down
    *Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:3, changed state to down
    *Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:4, changed state to down
    *Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:5, changed state to down
    *Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:6, changed state to down
    *Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:7, changed state to down
    *Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:8, changed state to down
    *Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:9, changed state to down
    *Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:10, changed state to down
    *Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:11, changed state to down
    *Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:12, changed state to down
    *Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:13, changed state to down
    *Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:14, changed state to down
    *Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:16, changed state to down
    *Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:17, changed state to down
    *Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:18, changed state to down
    *Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:19, changed state to down
    *Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:20, changed state to down
    *Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:21, changed state to down
    *Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:22, changed state to down
    *Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:23, changed state to down
    *Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:24, changed state to down
    *Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:25, changed state to down
    *Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:26, changed state to down
    *Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:27, changed state to down
    *Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:28, changed state to down
    *Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:29, changed state to down
    *Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:30, changed state to down
    *Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:15, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:0, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:1, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:2, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:3, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:4, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:5, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:6, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:7, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:8, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:9, changed state to down
    *Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:10, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:11, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:12, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:13, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:14, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:16, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:17, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:18, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:19, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:20, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:21, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:22, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:23, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:24, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:25, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:26, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:27, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:28, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:29, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:30, changed state to down
    *Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:15, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:0, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:1, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:2, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:3, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:4, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:5, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:6, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:7, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:8, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:9, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:10, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:11, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:12, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:13, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:14, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:16, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:17, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:18, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:19, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:20, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:21, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:22, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:23, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:24, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:25, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:26, changed state to down
    *Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:27, changed state to down
    *Aug 13 14:33:30.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:28, changed state to down
    *Aug 13 14:33:30.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:29, changed state to down
    *Aug 13 14:33:30.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:30, changed state to down
    *Aug 13 14:33:30.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:15, changed state to down
    *Aug 13 14:33:30.731: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
    *Aug 13 14:33:31.535: %LINK-3-UPDOWN: Interface Serial0/1/0:1, changed state to down
    *Aug 13 14:33:31.795: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to reset
    *Aug 13 14:33:31.999: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to reset
    *Aug 13 14:33:32.599: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0:1, changed state to down
    *Aug 13 14:33:32.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
    *Aug 13 14:33:32.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
    *Aug 13 14:33:34.811: %QOS_CLI_DEPRECATE-4-MAX_RESERVED_BW: max-reserved-bandwidth on interface has been deprecated. For further information, please consult Product Bulletin 580832, Legacy QoS CLI Commands Deprecation
    *Aug 13 14:33:34.815: Interface Serial0/1/0:1 max_reserved_bandwidth config will not
    take effect on the queueing features configured via service-policy
    *Aug 13 14:33:35.795: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
    *Aug 13 14:33:35.795: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
    *Aug 13 14:33:36.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
    *Aug 13 14:33:36.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
    *Aug 13 14:33:36.811: %LINK-5-CHANGED: Interface Serial0/1/0:1, changed state to administratively down
    *Aug 13 14:33:37.419: %LINK-5-CHANGED: Interface Dialer1, changed state to administratively down
    *Aug 13 14:33:38.055: %SYS-5-CONFIG_I: Configured from memory by console
    *Aug 13 14:33:38.491: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, 3800 Software (C3845-ADVSECURITYK9-M), Version 15.1(4)M, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2011 by Cisco Systems, Inc.
    Compiled Thu 24-Mar-11 17:29 by prod_rel_team
    *Aug 13 14:33:38.495: %SNMP-5-COLDSTART: SNMP agent on host xxxx is undergoing a cold start
    *Aug 13 14:33:38.519: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *Aug 13 14:33:38.699: %SYS-6-BOOTTIME: Time taken to reboot after reload =  158 seconds
    *Aug 13 14:33:38.859: %CONTROLLER-5-UPDOWN: Controller E1 0/0/0, changed state to up
    *Aug 13 14:33:38.867: %CONTROLLER-5-UPDOWN: Controller E1 0/0/1, changed state to up
    *Aug 13 14:33:38.875: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
    *Aug 13 14:33:38.875: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
    *Aug 13 14:33:38.879: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
    *Aug 13 14:33:38.879: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
    *Aug 13 14:33:38.879: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
    *Aug 13 14:33:38.896: %CONTROLLER-5-UPDOWN: Controller E1 1/0, changed state to up
    *Aug 13 14:33:39.140: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.254.0.49 port 514 started - CLI initiated
    *Aug 13 14:33:39.140: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.254.8.44 port 514 started - CLI initiated
    *Aug 13 14:33:40.860: %LINK-3-UPDOWN: Interface Serial0/0/0:15, changed state to up
    *Aug 13 14:33:40.868: %LINK-3-UPDOWN: Interface Serial0/0/1:15, changed state to up
    *Aug 13 14:33:40.884: %LINK-3-UPDOWN: Interface Serial1/0:15, changed state to up
    *Aug 13 14:33:41.684: %CSM-5-PRI: add PRI at 0/0/1:15 (index 0)
    *Aug 13 14:33:41.688: %CSM-5-PRI: add PRI at 0/0/0:15 (index 1)
    *Aug 13 14:33:51.648: %CSM-5-PRI: add PRI at 1/0:15 (index 2)
    *Aug 13 14:34:14.956: %HSRP-5-STATECHANGE: GigabitEthernet0/0.400 Grp 0 state Standby -> Active
    *Aug 13 14:34:15.164: %HSRP-5-STATECHANGE: GigabitEthernet0/0.400 Grp 2 state Standby -> Active
    *Aug 13 14:34:15.484: %HSRP-5-STATECHANGE: GigabitEthernet0/0.400 Grp 3 state Standby -> Active
    *Aug 13 14:34:21.600: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.85.212 on GigabitEthernet0/1.86 from LOADING to FULL, Loading Done
    *Aug 13 14:34:27.728: %HSRP-5-STATECHANGE: GigabitEthernet0/0.400 Grp 4 state Standby -> Active
    *Aug 13 14:20:02.780: %SYS-5-PRIV_AUTH_FAIL: Authentication to privilege level 15 failed by xxxx on vty0 (xxxx)
    *Aug 13 14:21:50.405: %SYS-5-CONFIG_I: Configured from console by av-vilenko on vty0 (xxxx)

    i made some changes, but nothing that would or could cause this. And besides according to my collegues its not a recent problem (before i joined the company), it goes back at least a year or more...but ofc. since router is working fine untill you try to show the config noone bothered to resolve the issue they just kept their hands off it -.-

  • Auto QoS Voip Trust question

    Hello,
    I am a little confused on the auto qos voip trust command. I am reading that it should be used on interior switchports like trunk ports connected to another switch. I guess my question is this: If the auto qos voip command tells the switchport to trust the incoming CoS values, then isnt it redundant to tell the port to "trust" the incoming CoS value when the auto qos voip command is already accomplishing this? Or does this have something to do with trusting DSCP values instead of CoS values? If so, why are we trusting DSCP values at the uplinks and not CoS values coming from the IP Phone? Im so confused. Thanks for any light you can shed on this topic.
    Chris.

    Chris
    Yes, the trust value used for "auto qos voip trust" depends on the operation of the port as you say.
    And yes when you use the "cisco-phone" option it will trust the values but as you say only if it detects a Cisco IP phone and it does this by using CDP. 
    What is not entirely clear, at least to me, is exactly which markings the "cisco-phone" option trusts. There seems to be conflicting information but the configuration guide talk about DSCP markings so it may be those but i can't say for sure as i have limited experience in that area.
    Jon

  • Mls qos trust

    Hello, if the command 'mls qos trust xxxxx' is not issued, and qos is turned on for the interface, does this mean the switch will erase all cos and dscp markings received, therefore preventing me from testing packets/frames against these cos/dscp values ?
    So if I want to set up class maps, policy maps, and then service policies, it is essential that I:
    1. turn on mls qos ?
    2. enter a trust statement in order to preserve the cos or dscp values that I want to test against ?
    3. now I can test against against cos or dscp values ?
    Thanks for clarification.

    That is correct, when you would use for instance mls qos trust cos. You would need to define you cos<>dscp mappings on the switch and the switch will apply qos accordingly.
    So really if you have an ingress switch port and you trust cos or dscp, you can still have egress policies on a port (on the same switch), using these cos or dscp values.
    the mls qos trus command is just a way to make it easier to rely on existing cos/dscp values that a phone sends (based on your CUCM configuration,), without the need for you having to configure it explicitly on each access port.
    =============================
    Please remember to rate useful posts, by clicking on the stars below. 
    =============================

  • QOS on Port-channel

    Can someone please confirm, I'm configuring a Cisco 3750 running 12.2(25)SEE2 and I can not use the "mls qos trust cos" command on the port-channels, I can on the physical interfaces that make up the port-channel eg Gi 1/0/1, I've been looking round the Cisco web site and think that you only need to put the mls commands on the physical interface but would like a second opinion.

    Hi
    That's correct - you'll apply QoS (priority-queue, mls qos trust commands) on the physical port..
    Then apply other things (like switchport mode trunk etc) on the port-channel... which then cascade down to the physical ports. All very confusing... it would be nicer to see some consistency with these configurations.
    You do have it right as it is though.
    Regards
    Aaron
    Please rate helpful posts...

  • GRE Tunnel QoS

    Hi
    I am looking for adding QoS for GRE Tunnel and found this info
    Where Do I Apply the Service Policy?
    You can apply a service policy to either the tunnel interface or to the underlying physical interface. The decision of where to apply the policy depends on the QoS objectives. It also depends on which header you need to use for classification.
    Apply the policy to a physical interface and enable qos-preclassify on a tunnel interface when you want to classify packets based on the pre-tunnel header.
    In our environment, I am using service policy under serial interface, the source interface of Tunnel is F0/0, so from above info, which interface is "physical interface" for my case, serial or F0/0 ?
    Thanks. Leo

    Hello
    You should determine which one is the physical interface by checking which interface (again, physical) will be used to router GRE packets towards the destination.
    For instance, you state that your tunnel configuration is as follows:
    interface Tunnel0
    ip address 10.0.0.1 255.255.255.252
    tunnel source FastEthernet0/0
    tunnel destination 192.168.1.1
    If the destination ip 192.168.1.1 is routed via your serial interface, then the physical interface that you will use to apply your Output service policy is SerialX/X.
    Your setup seems correct. You only need to review if your policies are correctly configured for the pre-gre header or the GRE encapsulated packets (as stated in the documentation
    Adolfo

  • How to set up Qos for Microsoft Lyncs 2013 in cisco Switches and Router

    Hi
    as i am new to Qos part , please send the complete qos configuration command has to apply in my cisco 2960s switchs as well as 4506 chassis(L3 mode act as my router).
    as i know from microsoft, DSCP 46 and 34 should give highest priory
    please send the completed configuration for priorities this DSCP
    thanks
    Sujish

    Hi,there,
    The rule setting should be same as in Exchange 2010,you can configure it via outlook or OWA if you have full access permission. I also believe it should be something related to Repliation,would you please check the event log to see if the
    AD and Exchange replication has completed.
    In some cases, replication can take longer depending on how many AD sites and Exchange servers in the environment:
    http://support.microsoft.com/kb/148381
    http://support.microsoft.com/kb/158989
    Hope these useful!
    Regards,
    Sharon
    Sharon Shen
    TechNet Community Support
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

  • QoS in C6500 Sup2T

    Hi Everyone,
    I've got a C6504 Chassis with Sup2T with default qos configuration (auto qos default gobal command). When I use the "show platform qos ip" command I can see the following output:
    QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module, Sid - Switch Id, E - service instance)
                         (^ - class-copp keyword)
              Int  Sid Mod Dir  Class-map DSCP  Agg  Trust Fl      AgForward      AgPoliced
                                                Id         Id                            
               CPP   1  1  In ^mcast-v4-    0    1     No  0              0              0
               CPP   1  1  In ^match-igm   48    2     No  0              0              0
               All   1  1   -    Default    0    0*    No  0 11780258945376              0
               All   1  4   -    Default    0    0*    No  0 28254137334635              0
    1. ¿Why I can only see traffic with DSCP=0 if I know there are traffic with different DSCP markings passing through my C6504?
    The interfaces are properly configured to trust cos markings and queue traffic
    MLS#show queueing interface gi1/1/1
    Interface GigabitEthernet1/1/1 queueing strategy:  Weighted Round-Robin
    Port QoS is enabled globally
      Queueing on Gi1/1/1: Tx Enabled Rx Enabled
    MLS#interface GigabitEthernet1/1/1
    switchport
    platform qos trust cos
    2. Does the Sup2T with default qos configuration rewrite to 0 all DSCP markings by default?
    Thank you in advance.

    What is the IOS version you are running & what is the line card in your chassis module  1 ?, the commands output seems different what I am seeing in one of my Sup2T.
    CR01#sh ver | in Soft
    Cisco IOS Software, s2t54 Software (s2t54-ADVENTERPRISEK9-M), Version 15.1(2)SY, RELEASE SOFTWARE (fc4)
    CR01#show platform qos ip
       QoS is in queueing-only mode
    CR01#show queueing interface g6/1
    Interface GigabitEthernet6/1 queueing strategy:  Weighted Round-Robin
      Port QoS is enabled globally
      Queueing on Gi6/1: Tx Enabled Rx Enabled
    Trust boundary disabled
      Trust state: trust DSCP
      Trust state in queueing: trust COS
      Extend trust state: not trusted [COS = 0]
      Default COS is 0
        Queueing Mode In Tx direction: mode-cos
        Transmit queues [type = 1p3q4t]:
        Queue Id    Scheduling  Num of thresholds
           01         WRR                 04
           02         WRR                 04
           03         WRR                 04
           04         Priority            01
        WRR bandwidth ratios:  100[queue 1] 150[queue 2] 200[queue 3]
        queue-limit ratios:     50[queue 1]  20[queue 2]  15[queue 3]  15[Pri Queue]
        queue tail-drop-thresholds
        1     70[1] 100[2] 100[3] 100[4]
        2     70[1] 100[2] 100[3] 100[4]
        3     100[1] 100[2] 100[3] 100[4]
        queue random-detect-min-thresholds
          1    40[1] 70[2] 70[3] 70[4]
          2    40[1] 70[2] 70[3] 70[4]
          3    70[1] 70[2] 70[3] 70[4]
        queue random-detect-max-thresholds
          1    70[1] 100[2] 100[3] 100[4]
          2    70[1] 100[2] 100[3] 100[4]
          3    100[1] 100[2] 100[3] 100[4]
        WRED disabled queues:   
        queue thresh cos-map
        1     1      0
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • ToS Preservation with egress remarking on inner packet

    Hi, I am using DMVPN/IPSEC/VRFs. On the egress of the DMVPN/VRF tunnel interfaces, I have applied a Service Policy to remark traffic. Hence the remarking occurs on the inner packet header.
    Assuming qos-preclassify is NOT enabled. Does anyone know how 12.4T IOS code should operate (options)
    1. Copy the "remarked" TOS value to the outer headers as part of the TOS preservation feature
    2. Copy the original (pre remarking) TOS value of the inner packet header as part of the TOS preservation feature
    3. Egress inner packet header remarking disables TOS preservation feature.
    4. Other ?
    Problem Space : At remote sites, I can easily perform the QOS remarking on the router LAN ingress interface, rather than on the egress DMVPN tunnel interface. However at the head end, the DMVPN/IPSEC/VRF routers also happen to be MPLS PE devices. Hence remarking on Layer3/4 (IP/Ports) criteria on the ingress interface is not possible as we are dealing with MPLS labels. Hence why I am attempting to do this on the egress on the DMVPN tunnel/VRF interface.
    thanks
    George

    After testing. I can confirm that 2. appears to apply.
    TOS preservation operation utilises the original inner header TOS values, rather than the remarked TOS value.
    Hence even if the inner header is remarked (lets say from CS1 to AF11)on egress, the outer IPSEC header will still have the original TOS settings ie. CS1.
    This aligns with the QoS Order of Operation.
    http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml
    which states -
    "On the outbound path, common classification happens before any QoS features are applied. A result of this approach is that any QoS features applied on the outbound policy act upon the original priority value. If you need to take actions based on a remarked value on the same router, then you must mark the packets on the incoming interface and apply other QoS actions based on this new priority on the outgoing interface"
    Hopefully the "qos pre-classify" feature should provide the capability to remark both the inner header and outer IPSEC header...back to testing...???
    cheers
    George
    CCIE2980

  • UCS-CUCM Swicthport configuration

    Hi There,
    I just wanted to ask for best practice port config on BE6K servers.
    The BE6K(UCS) is only hosting CUCM server. The switch port is configured as ether-channels.
    Below is the config that I am planning to apply. I am just wondering whether we should apply the qos trust command as well  " mls qos trust dscp". No other servers will be running on this UCS.
    Config:
    interface Port-channel1
    description ****** UCS1 ports ******
    switchport access vlan 18
    switchport mode access
    speed 1000
    duplex full
    spanning-tree portfast
    Interface gig 1/0/1
    description ****** UCS1 port1  ******
    switchport access vlan 18
    switchport mode access
    speed 1000
    duplex full
    spanning-tree portfast
    Interface gig 1/0/2
    description ****** UCS1 port2 ******
    switchport access vlan 18
    switchport mode access
    speed 1000
    duplex full
    spanning-tree portfast

    Hi David,
    Yes add the mls qos trust dscp command to set these ports to trust the dscp markings coming from your CUCM server. Also set the trunk links to trust as well to propagate the dscp markings over the network.
    -Terry

  • Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages

    Hi All,
    I get following log message on my spoke 881 router from time to time.
    For instance today I got 80 messages like this.
    Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages
    This is dual hub DMVPN connectivity and both tunnels are stable during the day and EIGRP never dropped.
    User behind this router also never complained. They run mainly voip traffic and I have QoS both on HUB and Spokes defined under tunnel as qos-preclassify and policy-map is applied on the physical interface.
    I have also increased replay window size up to 1024, but it did not help.
    Wondering what else can be done here.
    IOS ver both on spokes and hub is 15.2.3(T3)

    Don't know where they came from, but you could turn on debugging ipsec and isakmp to see if there is a relation with other events like rekeying.
    Michael
    Please rate all helpful posts

  • Cat3550 and statistics

    hi ! is there someone who know if it's possible to display the amount of bandwidth a qos class-mapp is using !
    in a router you can see it with the sh policy-map interface command

    No. As you have already seen you can show what policy-map is attached to an interface but none of the statistics are displayed. The 'show mls qos interface' command will show what traffic is in and out of policy but that is about it.
    I have asked this question a few times before and QoS statistics on most of the Catalyst switching platforms are very limited.
    HTH
    Andy

  • Policy-map on tunnel or physical interface?

    Hi all,
    I have a 3800 headend router which has a number of ipsec tunnels to remote office sites. Our current QoS design applies a policy-map to each tunnel interface to prioritise and shape outbound traffic.
    My question is how does the physical egress interface queue and transmit traffic from tunnel interfaces with this design? For example, if a mixture of large data packets and voice packets from different tunnel interfaces hit the physical interface around the same time what will happen to the voice packets?
    Furthermore, would it be a better to apply the policy-map to the physical interface instead of the tunnel interfaces? What advantages if any would this bring?
    Many thanks.

    If you're shaping each tunnel to the outbound physical bandwidth, yes it would be better to just have the policy, without any shaping, on the physical interface. Again, you'll will either need to depend on a copied ToS value in the outbound packet or use qos pre-classify. (A single physical policy would be much like your QUEUE_DATA if using qos pre-classify.)
    e.g.
    !assumes qos-preclassify
    interface Ethernet0
    service-policy output QUEUE_DATA
    What I thought you might be doing, and you could also do, was shape each tunnel to the far side's ingress bandwidth. This would require a distinct policy, if the shaper values change, for every tunnel interface, or a policy on the physical interface that has a class per tunnel (matches against tunnel destination address).
    e.g.
    !assume local outbound interface not oversubscribed
    policy-map NESTED_QOS_512K
    class class-default
    shape average 512000
    service-policy QUEUE_DATA
    policy-map NESTED_QOS_768K
    class class-default
    shape average 768000
    service-policy QUEUE_DATA
    policy-map NESTED_QOS_1500K
    class class-default
    shape average 1500000
    service-policy QUEUE_DATA
    interface Tunnel1
    service-policy output NESTED_QOS_786K
    interface Tunnel2
    service-policy output NESTED_QOS_512K
    interface Tunnel3
    service-policy output NESTED_QOS_1500K
    interface Tunnel4
    service-policy output NESTED_QOS_512K
    e.g.
    !assume local outbound interface not oversubscribed
    class-map match-all Tunnel1
    match group (ACL that matches tunnel1 destination address)
    class-map match-all Tunnel2
    match group (ACL that matches tunnel2 destination address)
    policy-map outbound_tunnels
    class Tunnel1
    shape average 768000
    service-policy output QUEUE_DATA
    class Tunnel2
    shape average 512000
    service-policy output QUEUE_DATA
    Interface Ethernet 0
    service-policy outbound outbound_tunnels
    If all the far side bandwidths exceed your local outbound physical bandwidth, then you should have both tunnel policies, that shape each tunnel, and a physical interface policy.
    e.g.
    !assume local outbound interface is oversubscribed
    policy-map NESTED_QOS_512K
    class class-default
    shape average 512000
    service-policy QUEUE_DATA
    policy-map NESTED_QOS_768K
    class class-default
    shape average 768000
    service-policy QUEUE_DATA
    policy-map NESTED_QOS_1500K
    class class-default
    shape average 1500000
    service-policy QUEUE_DATA
    interface Tunnel1
    service-policy output NESTED_QOS_786K
    interface Tunnel2
    service-policy output NESTED_QOS_512K
    interface Tunnel3
    service-policy output NESTED_QOS_1500K
    interface Tunnel4
    service-policy output NESTED_QOS_512K
    !assumes qos-preclassify
    interface Ethernet0
    service-policy output QUEUE_DATA

Maybe you are looking for

  • The furture for my ibook ?

    Whats the future for my ibook ? i mean will it be excluded from future software/updates including Operating system updates ? I've owned my ibook awhile now and only used it lighly till recently. But strangely starting to use it a bit more often(basic

  • Here's what I

    As I stated in a prior post, I reformatted my system and reinstalled Windows XP Pro. After everything was installed and in good working order I installed version 4.0 of the Vista Transformation Pack. I know that it's not the same as Vista Beta 2, but

  • Sloooooooooow Start Up Times.....any ideas?

    I used to boot in 13 seconds, then online in 23 or so. Now it takes about 27 seconds to see the main screen, and about another minute (almost) before I can get online. I also looked in activity monitor, the only thing non intel is the Microsoft offic

  • Migrating Stickies content and Safari Reading List from Snow Leopard to Mavericks

    I am about to upgrade from Snow Leopard to Mavericks but am concerned about maintaining the integrity of two collections of important material: the contents of hundreds of Stickies notes, and the collection of Reading List bookmarks in Safari. I want

  • Can't import custom class!

    I have no idea why as3 is so stupid but it is and I have to deal with it. Basically, I creatd a Server.as file with the Server class but I can't import it into my .fla! Both are in the same folder and when I change properties to use AS2 it works! But