Regarding policy map
HI Team,
If we use the folowing comands for QOS, what is the effect of
service-policy NIC-QOS-OUT, as i have studied service policy will be applied under physical interfaces. Here policy map has been defined and again it is referred under Parent-QoS-2.5GIG policy map. So please clarify
policy-map NIC-QoS-OUT
description #### Common Child Policy ####
class VIDEO&VOICE-OUT
police cir percent 20
priority
class NICNET-OUT
bandwidth percent 20
random-detect dscp-based
class CONTROL-OUT
bandwidth percent 10
random-detect dscp-based
class INTERNET-SURF-OUT
bandwidth percent 10
random-detect dscp-based
class class-default
random-detect
policy-map Parent-QoS-2.5GIG
description #### Parent QoS Policy for 2.5 GIG Link ####
class class-default
shape average 2300000000
service-policy NIC-QoS-OUT
policy-map NIC-QOS-OUT
Thanks in advance,
Naveen
The two ASA syslogs you posted were both from an internal host to port 80 on an external host. This would indicate that a sucessful DNS resolution has occured in these two instances.
If the cause of your problem is bad DNS lookups, you should see evidence in your AIP-SSM event log of the packets being dropped.
- Bob
Similar Messages
-
Class-Map and Policy-Map Configuration in CM Confusion
Hi,
I'm implementing a green field WAAS deployment for a customer. We currently have a Proof-of-Concept up and running.
I've got some questions regarding custom class-map and policy-map configuration in the CM. I'd like to nail-down the custom class-map and policy-map configuration (and understanding) in the PoC before cutting over the PoC branches to the production WAAS environment.
Assuming a typical WAAS Deployment using WCCP for off-path interception, branch to DC.
==> 61 in LAN (BRANCH ROUTER) <== 62 in WAN (WAN CLOUD) ==> 61 in WAN (DC ROUTER) <== 62 in LAN
We are using two distinct device groups, BRANCH and DATA CENTER.
If the customer has traffic that we need to classify in order to provide TFO only optimisation, should the single class-map include the traffic in both directions? Ie., (assume the SERVER is 10.1.1.1 TCP Port 443). Should the class-map be configured as:
Class-Map
Line 1: DST IP 10.1.1.1 DST Port 443
Line 2: SRC IP 10.1.1.1 SRC Port 443
Or in this case is only the DST line required? And in which Device Group should the custom policy be applied? Or should it be applied to both Device Groups? If it should be applied to both Device Groups, then would it make more sense to have the policy-map in the Branch DG configured to match the DST traffic, and on the Data Center DG have a different class-map match the SRC traffic?
My confusion is how to classify the traffic (SRC or DST or Both - Separate classes for each or different lines within the same class-map), and where to apply the appropriate policy (both Device Groups, just Branch, just DC) and why...
I tried to apply a custom policy and the impact in the PoC was that the TCP Summary report stopped reporting the individual traffic classes showed 'other traffic' only. Can anyone explain why this may have occurred?
I hope this makes sense.for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander -
[Trend Micro Ios content filtering] parameter-type command under policy map not available
Hi, all:
I'm trying to configure TrendMicro IOS content filtering. I have this working on a separate box, running 15.1.
On this particular testbed, I have a 2900 running:
System image file is "flash0:c2900-universalk9-mz.SPA.152-3.T1.bin"
And the following licensing:
Technology Package License Information for Module:'c2900'
Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data datak9 Permanent datak9
Configuration register is 0x2102
CUBE_GOLD_MEX#show ip trm subscription status
Package Name: Security & Productivity (Trial)
Status: Active
Status Update Time: 18:02:51 CST Mon Jul 23 2012
Expiration-Date: Mon Aug 20 02:00:00 2012
Last Req Status: Processed response successfully
Last Req Sent Time: 18:02:51 CST Mon Jul 23 2012
CUBE_GOLD_MEX#
Also, I have the following config lines on it:
ip host trps.trendmicro.com 216.104.8.100
ip name-server 4.2.2.2
ip cef
multilink bundle-name authenticated
parameter-map type urlfpolicy trend tm-pmap
allow-mode on
[snip]
parameter-map type trend-global trend-glob-map
class-map type inspect match-all http-imap
match protocol http
class-map type urlfilter trend match-any drop-category
match url category Abortion
match url category Activist-Groups
match url category Adult-Mature-Content
match url reputation ADWARE
match url reputation DIALER
match url reputation DISEASE-VECTOR
match url reputation HACKING
match url reputation PASSWORD-CRACKING-APPLICATIONS
match url reputation PHISHING
match url reputation POTENTIALLY-MALICIOUS-SOFTWARE
match url reputation SPYWARE
match url reputation VIRUS-ACCOMPLICE
policy-map type inspect urlfilter trend-policy
class type urlfilter trend drop-category
I have not been able to get to the good part of configuring the ZBF.
I've looked over several configuration examples and can't figure out what I'm doing wrong, since I'm not able to see the command 'parameter-map' under the 'policy-map urlfiltering'
XXXXXX(config)#policy-map type inspect urlfilter trend-policy
XXXXXX(config-pmap)#?
Policy-map configuration commands:
class policy criteria
description Policy-Map description
exit Exit from policy-map configuration mode
no Negate or set default values of a command
XXXXXX(config-pmap)#
I thought it might be an issue with version 15.2.3, but according to configuration guides, commands are the same.
Can anyone provide some assistance?
TIA.
c.Hi Carlos,
I am having the same problem. I have seen a few diffenent configuration examples and they all show adding the "parameter type urlfpolicy trend parm-map-name" command but it doesn't exist, at least in 15.2(3)T1 and I see it listed in the the IOS documentation for 15.2. Maybe they forgot it :-)
I guess I will open a TAC case as I do not want to downgrade...
I will keep you posted if I find the answer.
Regards,
Troy -
Best practice for web servers behind a router (NAT, ACL, policy-map, VLAN)
Hi,
I'm a new Network admin, and I have some configuration questions about my installation (see attachment).
I have 3 web servers behind a router.
Public interface: 3 public ip adresses
Private interface: router on a stick config ( 3 sub-interfaces, 3 different networks, 3 VLAN)
I would to know the best way to redirect http traffic to the right server.
My idea is to map a public address to a private address, via NAT, but I'm not sure for the configuration. I could also redirect via Policy-map and filter by url content.
So if you have some advise for this case, it would be really appreciated.
Thank you.
Chris.Hello Christophe,
As I understand you want 1st that ;
if somebody go to A.local.com from internet then he will redirect to 192.168.1.10 in your internal network.
That means, you need static mapping between your public @ip address and your local ip address.
for this example, your local interface is Fa0/0.1 and I dont your public interface because it is not mention in your diagram. I will suppose S0/0 for public interface.
that is the config for the Web Server1. You can do the same with the remaining servers:
interface fa0/0.1
ip nat inside
interface serial0/0
ip nat outside
ip nat inside source static 192.168.1.10 172.1.2.3
static mapping from local to public.
I suppose you have done the dns mapping in your network and the ISP have done the same in his network.
ip route 171.1.2.3 interface serial0/0
or
ip route 0.0.0.0 0.0.0.0 interface serial0/0.
After these step for each web server, you will get the mapping.
Now you can restrict access to this ip only to http or https protocol on your isp and after on your local network
like
ip access-list extended ACL_WebServer1
permit ip any 192.168.1.10 eq www
deny ip any 192.168.1.10
exit
interface fa0/0.1
ip acess-group ACL_WebServer1 in
no shut
exit
That is the first step.
Second step : you want to filter traffic by url, that means layer 5 to 7 filtering.
I am not sure that it is possible using cisco router with (ZBF + Regex).
Check the first step and let us know !
Please rate and mark as correct if it is the case.
Regards, -
Hi Guys,
I need explanation on multi-match policy on ACE. How does it work ?
Lets take this example-
policy-map multi-match CLIENT-VIPS
class VIP1-80
loadbalance vip inservice
loadbalance policy VIP1-POLICY
policy-map type loadbalance first-match VIP1-POLICY
class class-default
serverfarm SERVERFARM1
class-map match-all VIP1-80
2 match virtual-address 192.168.1.200 tcp eq http
This will work for sure looking for functional diffrence if I make POLICY CLIENT_VIPS to frist match,what difrence will come in this case. will it not just match class VIP1-80 and redirect request to serverfarm.
Or this is something where multiple class can be called under CLIENT_VIPS like Inspection ?
Thanks
AjayHI Ajay,
Say if you have 2 class-maps on different ports 80 & 443
policy-map multi-match CLIENT-VIPS
class VIP1-80
loadbalance vip inservice
loadbalance policy VIP1-POLICY1
class VIP1-443
loadbalance vip inservice
loadbalance policy VIP1-POLICY2
class-map match-all VIP1-80
2 match virtual-address 192.168.1.200 tcp eq http
class-map match-all VIP1-443
2 match virtual-address 192.168.1.200 tcp eq https
Regards,
Siva -
Sh policy-map LLQ counters showing strange results.
I've config'd LLQ for video conferencing across a dual-T1 multilink connection. When I have a video conf. session going, the Class-map counters for 'packets', 'match' and 'pkts matched' under queueing being exactly the same. This is supposed to show either that all packets are being processed switched - which they aren't, or that there is congestion on the link, but there isn't. There is nothing else going across the link except my telnet session I use to get the counters. I would have expected all counters, except Class-default, to be zero under the queueing area, and then when I flood the link with large file transfers, the other class queueing counters to begin incrementing - but all counters are equal even without congestion. This doesn't help me prove that my QOS LLQ is working properly. What gives?
Here is the config and some outputs:
policy-map WAN-multilink
class Voice
priority 90
class Video
bandwidth 460
class Call-Control
bandwidth 27
class class-default
fair-queue
random-detect
policy-map QOS_classes
class Voice
priority 90
class Video
bandwidth 460
class Call-Control
bandwidth 27
class class-default
fair-queue
interface Multilink1
ppp multilink
ppp multilink fragment delay 20
ppp multilink interleave
ppp multilink group 1
max-reserved-bandwidth 95
service-policy output WAN-multilink
interface Serial0/2/0
bandwidth 1536
encapsulation ppp
no fair-queue
service-module t1 timeslots 1-24
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 95
interface Serial0/3/0
bandwidth 1536
encapsulation ppp
no fair-queue
service-module t1 timeslots 1-24
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 95
MDF-VoIP-RT2811#sh int stats
Multilink1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 2175 179609 2436 237735
Route cache 7519 3809321 7416 2108198
Total 9694 3988930 9852 2345933
MDF-VoIP-RT2811#sh policy-map int mu 1
Multilink1
Service-policy output: WAN-multilink
Class-map: Voice (match-any)
2037 packets, 411126 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
2037 packets, 411126 bytes
5 minute rate 0 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 90 (kbps) Burst 2250 (Bytes)
(pkts matched/bytes matched) 2037/411126
(total drops/bytes drops) 0/0
Class-map: Video (match-any)
1919 packets, 1087702 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp af41 (34)
1919 packets, 1087702 bytes
5 minute rate 0 bps
Match: ip precedence 4
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 265
Bandwidth 460 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 1919/1087702
(depth/total drops/no-buffer drops) 0/0/0
Class-map: Call-Control (match-any)
430 packets, 31418 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp cs3 (24)
430 packets, 31418 bytes
5 minute rate 0 bps
Match: ip precedence 3
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 266
Bandwidth 27 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 430/31418
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
4669 packets, 612771 bytes
5 minute offered rate 3000 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 0/0/0
exponential weight: 9In accordance with the above, you would need to apply the policy to the subinterface.
As my collegue clearly depicts, you should be able to combine the two pvc's into one, that would also be the scenario where the policy comes in action. When you are sending voice over a dedicated pvc there is little need to prioritize the flow. This equals the configuration where you have a dedicated leased line for voice.
regards,
Leo -
Hi Everyone,
I have this Layer 7 Policy Map which i config using ASDM under inspects
policy-map type inspect http test4
parameters
protocol-violation action drop-connection log
class _default_GoToMyPC-tunnel
drop-connection log
class maps identify the traffic and policy maps tell us what action to take.
Need to know on above config class map which matches the trafic is
class _default_GoToMyPC-tunnel
Regards
Mahesh
Message was edited by: mahesh parmarHi julio,
I tried below commands but seems it does not work
ASA1# show run class-map type inspect _default_GoToMyPC-tunnel
^
ERROR: % Invalid input detected at '^' marker.
ASA1# show run class-map type inspect ?
dns Configure a class-map of type DNS
ftp Configure a class-map of type FTP
h323 Configure a class-map of type H323
http Configure a class-map of type HTTP
im Configure a class-map of type IM
rtsp Configure a class-map of type RTSP
scansafe Configure a class-map of type SCANSAFE
sip Configure a class-map of type SIP
ASA1# show run class-map type inspect default_GoToMyPC-tunnel
^
ERROR: % Invalid input detected at '^' marker.
ASA1# show run class-map type inspect_default_GoToMyPC-tunnel
^
ERROR: % Invalid input detected at '^' marker.
ASA1#
Thanks
Mahesh -
Greets. I have a scenario where the rservers are located on two different VLAN's in One Arm Mode.
My question is, am I able to assign two different NAT commands in my policy map (as written below)? Will the NAT command only kick off for the selected rservers vlan?
policy-map multi-match PM_Loadbalance
class VIP_Farm
loadbalance vip inservice
loadbalance vip icmp-reply active
nat dynamic 7 vlan 7
nat dynamic 741 vlan 741
Thanks,
-bHello Brian-
You can apply 2 different NAT statements, yes.
The way it works:
1.) A client sends a SYN into a vlan where the vip is applied as a service-policy input.
2.) The ACE matches the SYN to the class in question, the loadbalance policy is checked, and eventually a server in the associated serverfarm is chosen.
3.) ACE prepares to forward the SYN out of the appropriate VLAN based on the route table.
4.) Before the packet leaves, if the packet will egress either vlan 7 or 741, the the packet would be source NATted by the group number mentioned in the statement. This occurs because the "vlan 7" and "vlan 741" in the NAT statements under the class are filters. If the destination matches either vlan, then the nat group for that statement is used.
i.e.
rserver host server_1
ip address 10.0.0.10
inservice
rserver host server_2
ip address 172.16.35.60
inservice
serverfarm host SF_1
rserver server_1
inservice
class-map match-any VIP_80
2 match virtual-address 172.16.35.80 tcp eq 80
policy map type loadbalance first-match LB
class class-default
serverfarm SF_1
policy map multi-match X
class VIP_80
loadbalance policy LB
loadbalance vip inservice
nat dynamic 5 vlan 7
nat dynamic 7 vlan 741
interface vlan 7
ip address 172.16.35.2 255.255.255.0
nat 5 172.16.35.100 172.16.35.100 netmask 255.255.255.0 pat
service-policy input X
Interface vlan 741
ip address 10.0.0.2 255.255.255.0
nat 7 10.0.0.100 10.0.0.100 netmask 255.255.255.0 pat
service-policy input X
If a packet comes into either vlan destine to 172.16.35.80 on port 80, it will be balanced to either 10.0.0.10 or 172.16.35.60. If 10.0.0.10 was chosen, then natpool 7 under vlan 741 would be used because 10.0.0.10 is layer 2 adjacent to vlan 741. If 172.16.35.60 was chosen, then natpool 5 would be chosen because that server is layer 2 adjacent to vlan 7.
Regards,
Chris Higgins -
Map-class frame-relay , policy map
Does a service-policy output have to be applied to an interface for qos to work?
here is the config but there is nothing applied to the serial interface..
Thanks for your help
policy-map 256/128KVoice
class 256/128KVoice
priority 112
class class-default
fair-queue
map-class frame-relay 256/128KVoice
frame-relay cir 128000
frame-relay bc 1280
frame-relay be 600
frame-relay mincir 128000
no frame-relay adaptive-shaping
frame-relay fair-queue
frame-relay fragment 150
frame-relay ip rtp priority 16384 16380 210
interface Serial0/0
bandwidth 1544
ip address xxx.xxx.xxx.xxx 255.255.255.255
ip route-cache flow
no fair-queue
service-module t1 timeslots 1-24Hello,
Will QOS will work in this way where class is put on WAN interface where it should be service policy.
router#sh run interface Se0/0/0.1
Building configuration...
Current configuration : 239 bytes
interface Serial0/0/0.1 point-to-point
bandwidth 2048
ip address XXXX
ip nat outside
frame-relay interface-dlci 555
class COS-OUT-S0/0/0.1
end
COS-OUT-S0/0/0.1 is defined as policy map with class of voice and video.
When checking on WAN int #sh policy-map interface Se0/0/0.1 , can see output of service policy input/output with policy map recpective classes and packets match entries.Is QOS working with this configuration?
Appreciate any input on this.
Regards,
Brajesh. -
QoS Atm subinterface to Internet Policy Map Help
I have a 40meg connection to the Internet via 7200 router using ATM ubr. I have been trying to design a Strict priorty for a particular subnet, then a 1 percent Scavenger Class the rest being class default with fair queue and random detect.
I can build the classes and policy maps yet the service-policy will not allow and inbound or outbound placement on the sub-interface. Any help on this would be most appreciated.
Thanks
JasonThat's correct, CBWFQ or LLQ is not supported on the PVC configured as UBR ATM class of service because of the nature of UBR service, there is no guarantee that any traffic will get through, the actual traffic rate can be anything.
Some documentation mention that this is not supported, here is one for 12.4T train:
"CBWFQ is supported on variable bit rate (VBR) and available bit rate (ABR) ATM connections. It is not supported on unspecified bit rate (UBR) connections."
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/congstion_mgmt_oview_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1001237
Regards,
Raphael -
QoS on 3560, 2960 and 3750 does not work (Policy-map).
Hi
I am tryng to configure QoS on 3 switches (2960, 3560 and 3750) with this configuration:
mls qos
class-map match-all QOS_DATA_CLASS
match access-group name QOS-DATA
class-map match-all QOS_DEFAULT_CLASS
match access-group name QOS-DEFAULT
class-map match-all QOS_VOICE_CLASS
match access-group name QOS-VOICE
class-map match-all QOS_SIGNALING_CLASS
match access-group name QOS-SIGNALING
policy-map QOS-SOFTPHONE-POLICY
class QOS_DEFAULT_CLASS
set dscp default
class QOS_SIGNALING_CLASS
set dscp cs2
class QOS_DATA_CLASS
set dscp cs1
class QOS_VOICE_CLASS
set dscp cs3
interface GigabitEthernet0/34
no switchport
ip address 10.10.11.1 255.255.255.252
ip ospf network point-to-point
priority-queue out
service-policy input QOS-SOFTPHONE-POLICY
interface GigabitEthernet0/47
switchport access vlan 150
spanning-tree portfast
service-policy input QOS-SOFTPHONE-POLICY
ip access-list extended QOS-DATA
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended QOS-DEFAULT
permit ip any any
ip access-list extended QOS-SIGNALING
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended QOS-VOICE
permit udp any any range 16384 32767
but when I check the show commands I see that QoS is not working.
CoreA#sh policy-map interface g0/34
GigabitEthernet0/34
Service-policy input: QOS-SOFTPHONE-POLICY
Class-map: QOS_DEFAULT_CLASS (match-all)
3 packets, 198 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DEFAULT
Class-map: QOS_SIGNALING_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-SIGNALING
Class-map: QOS_DATA_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DATA
Class-map: QOS_VOICE_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-VOICE
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
CoreA#sh policy-map interface g0/47
GigabitEthernet0/47
Service-policy input: QOS-SOFTPHONE-POLICY
Class-map: QOS_DEFAULT_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DEFAULT
Class-map: QOS_SIGNALING_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-SIGNALING
Class-map: QOS_DATA_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DATA
Class-map: QOS_VOICE_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-VOICE
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
What do I do bad?
The flow is the next:
Computer with CIPC --------> Switch 2960 or 3560 or 3750 ------------------> switch core ---------------> CIPC
I have wireshark in a port mirror on switch 2960, 3560 and 3750. In wireshark I always see the packets marked with default label.
I hope you can help me.
Regards.Try this config:
policy-map QOS-SOFTPHONE-POLICY
class QOS_VOICE_CLASS
set dscp cs3
class QOS_SIGNALING_CLASS
set dscp cs2
class QOS_DATA_CLASS
set dscp cs1
class class-default
set dscp default
BR -
Redirection class overlap on policy-map
Hello.
I was asked to implement some rules and one of them is overlaping the other I think becasue is shorter and it´s using the regular expression .*
Regarding the configuration below I always get redirected to http://SITE1 instead of http://SITE2 when I type www.AAA/fr/pages/AAA/index.php because the class REDIRECT_NM_LORO_PMUR_CLASS always win even it´s in the bottom of the policy-map.
Is there some way to order the classes in a policy-map to act as an access-list does? (from the top to the bottom and stop looking up when a match is found), In other words, make the class REDIRECT_PMUR_RAPPORTS_CLASS is done before REDIRECT_NM_LORO_PMUR_CLASS
which is more generic.
Config example:
rserver redirect REDIRECT_PMUR
webhost-redirection http://SITE1 301
inservice
rserver redirect REDIRECT_PMUR_RAPPORTS
webhost-redirection http://SITE2 301
inservice
rserver redirect REDIRECT_PMUR_RESULTATS
webhost-redirection http://SITE3 301
inservice
serverfarm redirect REDIRECT_NM_LORO_PMUR_FARM
rserver REDIRECT_PMUR
inservice
serverfarm redirect REDIRECT_PMUR_RAPPORTS_FARM
rserver REDIRECT_PMUR_RAPPORTS
inservice
serverfarm redirect REDIRECT_PMUR_RESULTATS_FARM
rserver REDIRECT_PMUR_RESULTATS
inservice
class-map type http loadbalance match-any REDIRECT_NM_LORO_PMUR_CLASS
4 match http url /fr/pages.*
class-map type http loadbalance match-any REDIRECT_PMUR_RAPPORTS_CLASS
3 match http url www.AAA/fr/pages/AAA/index.php
class-map type http loadbalance match-any REDIRECT_PMUR_RESULTATS_CLASS
3 match http url www.BBB/fr/pages/BBB/index.php
policy-map type loadbalance first-match POLICY_REDIRECT_NM_LORO_CAT2_FARM
class REDIRECT_PMUR_RESULTATS_CLASS
serverfarm REDIRECT_PMUR_RESULTATS_FARM
class REDIRECT_PMUR_RAPPORTS_CLASS
serverfarm REDIRECT_PMUR_RAPPORTS_FARM
class REDIRECT_NM_LORO_PMUR_CLASS
serverfarm REDIRECT_NM_LORO_PMUR_FARM
class class-default
serverfarm NM_LoRo_CAT2_FARM
Thank you very much,
MiquelHi Miquel,
This is what it seems is happening. Your class-map condition is based on URL and not host-header value so ACE is not even considering www.AAA or www.BBB. It is only looking for fr/pages/xxxxxxxx which only matches 3rd class map and that's why you get the match and hence the corresponding redirection.
Can you try using class map condition based on Host ?
switch/Admin(config-cmap-http-lb)# 2 match http header Host header-value ?
Please try and let me know how it goes.
You can also test my removing that /fr/pages/.* condition and see if it matches or not as well.
Regards,
Kanwal -
Policy map not show results in Cat6500
I have configured QoS in Catalyst 6513 for telepresence service and when I do "show policy interface gix/y" don't show the traffic is being marked.
I think that the QoS is marked the traffic correctly because I am sawing packets marked with AF41 in the next hop for that suspect that the problem is in the "show comand".
It´s normal this behaviour or it could be a IOS bug?
This is the configuration:
ip access-list extended ACLtelepresencia_in
permit ip any any
class-map match-any telepresencia
match access-group name ACLtelepresencia_in
policy-map telepresencia_in
class telepresencia
set dscp af41
D08MNSSRS0#sh policy-map interface GigabitEthernet3/13
GigabitEthernet3/13
Service-policy input: telepresencia_in
Class-map: telepresencia (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group name ACLtelepresencia_in
0 packets, 0 bytes
30 second rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
Regards
AlbertoTry the query as
select sum(t.total) from
SELECT T0.DocNum, T0.DocTotal,T0.DocTotal - T0.VatSum, T0.DocDate, Sum(T0.DocTotal) as Total,Sum(T0.DocTotal - T0.VatSum) as withoutTax FROM ORDR T0 INNER JOIN OSLP T1 ON T0.SlpCode = T1.SlpCode
WHERE T1.SlpName ='Rajesh Nair' and T1.SlpCode -1
GROUP BY T0.DocNum, T0.DocDate, T0.VatSum, T0.DocTotal
) t
or in one query at the end as sum as
SELECT T0.DocNum, T0.DocTotal,T0.DocTotal - T0.VatSum, T0.DocDate, Sum(T0.DocTotal) as Total,Sum(T0.DocTotal - T0.VatSum) as withoutTax FROM ORDR T0 INNER JOIN OSLP T1 ON T0.SlpCode = T1.SlpCode
WHERE T1.SlpName ='Rajesh Nair' and T1.SlpCode -1
GROUP BY T0.DocNum, T0.DocDate, T0.VatSum, T0.DocTotal
UNION
select null, null, null, null, sum(t.total), null from
SELECT T0.DocNum, T0.DocTotal,T0.DocTotal - T0.VatSum, T0.DocDate, Sum(T0.DocTotal) as Total,Sum(T0.DocTotal - T0.VatSum) as withoutTax FROM ORDR T0 INNER JOIN OSLP T1 ON T0.SlpCode = T1.SlpCode
WHERE T1.SlpName ='Rajesh Nair' and T1.SlpCode -1
GROUP BY T0.DocNum, T0.DocDate, T0.VatSum, T0.DocTotal
) t -
CBWFQ: Question about the output of "show policy-map interface" command
Hi everyone,
I have a question about the output of "show policy-map interface" command.
The following is the output of this command and lower side of the output shows
(total queued/total drops/no-buffer drops) 0/342/0
If the packets drop occur due to the situation of no enough buffer,
"no-buffer drops" counted up. But "no-buffer drops" has not been counted up.
The "no-buffer drops" is 0 (zero) but "total drops" are counted as 342.
I guess there are other factors except "no-buffer drops" to add "total drops".
But I can not find any information about "other factors".
So I would like to know the "other factors" added to "total drops".
reserch-3725#sh policy-map interface fastethernet0/1
FastEthernet0/1
Service-policy output: shaping
Class-map: kdpc (match-all)
146956873 packets, 115209221595 bytes
5 minute offered rate 156000 bps, drop rate 0 bps
Match: access-group name YOKOHAMA_to_CHINO
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
9360000/9360000 58500 234000 234000 25 29250
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 146956724 3539850811 2960247 3851843541 no
Class-map: class-default (match-any)
552458414 packets, 249687580329 bytes
5 minute offered rate 242000 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
3072000/3072000 19200 76800 76800 25 9600
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 552453209 573909865 30358216 2926188156 no
Service-policy : policy1
Class-map: dlsw (match-all)
979578 packets, 264843255 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name acl-dlsw
Queueing
Output Queue: Conversation 137
Bandwidth 128 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 20922/17371500
(depth/total drops/no-buffer drops) 0/0/0
Class-map: telnet (match-all)
29938 packets, 1806058 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name acl-telnet
Queueing
Output Queue: Conversation 138
Bandwidth 64 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 639/38900
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
551448911 packets, 249420939729 bytes
5 minute offered rate 242000 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 128
(total queued/total drops/no-buffer drops) 0/342/0
Your information would be appreciated.Details infomatiuon regarding show policy-map interface
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008010dd6a.shtml
http://www.cisco.com/en/US/tech/tk543/tk760/technologies_tech_note09186a0080108e2d.shtml
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/qos_r/qos_s2g.htm#wp1146884 -
Policy-map input on an interface VLAN
Hi there,
I have a problem with a policy-map on an interface VLAN on my Cisco 6509-E.
The switch has the IOS Version 12.2(33)SXI10, RELEASE SOFTWARE (fc2).
I have configured this policy-map:
policy-map PM-10Mbit
class class-default
police cir 10000000 bc 1875000 be 3750000 conform-action transmit exceed-action drop violate-action drop
I bind this map on a physical interface
interface GigabitEthernet2/2
description <removed>
ip vrf forwarding <removed>
ip address <removed>
ip access-group <removed> out
service-policy input PM-10Mbit
service-policy output PM-10Mbit
and get this result:
show policy-map interface
GigabitEthernet2/2
Service-policy input: PM-10Mbit
class-map: class-default (match-any)
Match: any
police :
10000000 bps 1875000 limit 1875000 extended limit
Earl in slot 5 :
6428065284 bytes
5 minute offered rate 14696 bps
aggregate-forwarded 6294160565 bytes action: transmit
exceeded 133904719 bytes action: drop
aggregate-forward 584 bps exceed 0 bps
Service-policy output: PM-10Mbit
class-map: class-default (match-any)
Match: any
police :
10000000 bps 1875000 limit 1875000 extended limit
Earl in slot 4 :
10335145381 bytes
5 minute offered rate 21536 bps
aggregate-forwarded 10142894661 bytes action: transmit
exceeded 192250720 bytes action: drop
aggregate-forward 128 bps exceed 0 bps
Earl in slot 5 :
263335780 bytes
5 minute offered rate 176 bps
aggregate-forwarded 263335780 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 448 bps exceed 0 bps
But when I bind it on an interface VLAN i see no incoming traffic:
show policy-map interface
Vlan1012
Service-policy input: PM-100Mbit
class-map: class-default (match-any)
Match: any
police :
100000000 bps 18750000 limit 18750000 extended limit
Earl in slot 4 :
0 bytes
30 second offered rate 0 bps
aggregate-forwarded 0 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 0 bps exceed 0 bps
Earl in slot 5 :
0 bytes
30 second offered rate 0 bps
aggregate-forwarded 0 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 0 bps exceed 0 bps
Service-policy output: PM-100Mbit
class-map: class-default (match-any)
Match: any
police :
100000000 bps 18750000 limit 18750000 extended limit
Earl in slot 4 :
1005376843668 bytes
30 second offered rate 33016448 bps
aggregate-forwarded 1005362388151 bytes action: transmit
exceeded 14455517 bytes action: drop
aggregate-forward 30943792 bps exceed 0 bps
Earl in slot 5 :
1828318775 bytes
30 second offered rate 1296 bps
aggregate-forwarded 1828318775 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 1272 bps exceed 0 bps
Is this a bug or am I doing something wrong here?Hello
As I understand it , this is command is required in mls qos because on a SVI ( L3 vlan interface) runs in a vlan-based mode which differs from normal L3 routed interfaces which run in interface mode.
As per cisco ="In VLAN-based mode, the policy map that is attached to the Layer 2 interface is ignored, and QoS is driven by the policy map that is attached to the corresponding VLAN interface."
Lastly regards
Try matching on all traffic incoming on the trunk interface on that switch for it to successfully police incoming traffic:
class-map V102
match input-interface x/x
Policy-map POLICE
class V102
Police xxxx xxxx
res
Paul
Maybe you are looking for
-
I have had the ipod for six months and now while im listening to any song it just pauses even when in hold(locked).i thought it was the headsets so i went to apple and bought another pair but its still doing it. anyone know what it could be.
-
IE Not Working since system restore!
So today I found a problem on my laptop so I did a system restore (factory setting) on HP G62. Everything went fine, I was able to reset everything including reloading wireless information with password. The laptop then did an automatic update (whic
-
When using Firefox 5 i cannot complete the action of attaching a document (google doc or uploaded doc) to an event in Google Calendar. This action does work correctly in ie and chrome, so it seems to be a compatibility issue. When i get as far as sel
-
Newly bought Xperia C3, responding slowly for a quad core processor phone.
My Xperia C3 is just a week old sincebI bought it and my very 1st Sony phone. Doing simple task is so annoying because of phones slow response to command wether doing browsing to text messaging, i would have to wait for the right screen to come up, o
-
need help...