Service policy on subinterface or main interface
Folks,
We have a frame relay circuit and are applying MQC to the branch sites. We are not sure if we should apply the service policy to the subinterface or the main interface(serial). any pros and cons?
Thanks
If you want the same policy applied to each VC then applying at the physical interface would be best (depending on the scenario and how many sub-interfaces you have). In the long run applying the service-policy to the sub-interface will pay for itself.
Similar Messages
-
Hi,
I have another problem - after upgrade ios wirelles connection not work.
After reload i have :
Configuration of subinterfaces and main interface
within the same bridge group is not permitted
STP: Unable to get the port parameters.
Please configure the bridge group on this interface first.
Please configure the bridge group on this interface first.
Please configure the bridge group on this interface first.
SETUP: new interface NVI0 placed in "shutdown" state
my old configuration work propertly in the old software, but after update i have notificatio.
Old thread:
https://supportforums.cisco.com/discussion/12379491/cisco-877w-no-wireless-connection
my current sh run:
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname cisco
boot-start-marker
boot system flash:c870-advipservicesk9-mz.124-24.T6.bin
boot-end-marker
logging message-counter syslog
logging buffered 4096 informational
enable secret 5 $1$eCNp$rWuBfZ/cexnwnkm7L447s.
aaa new-model
aaa session-id common
dot11 syslog
dot11 ssid ciscowifi
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 050D031D26595D0617
dot11 wpa handshake timeout 500
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.56.1
ip dhcp pool CLIENT
import all
network 192.168.56.0 255.255.255.0
default-router 192.168.56.1
dns-server 8.8.8.8 194.204.159.1 194.204.152.34
lease 0 2
ip cef
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
username marek password 7 00121A0908500A
archive
log config
hidekeys
ip tcp path-mtu-discovery
bridge irb
interface ATM0
description Polaczenie ADSL do ISP$ES_WAN$
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
hold-queue 224 in
interface FastEthernet0
description Edzia
interface FastEthernet1
description dom
interface FastEthernet2
description Dziadek
interface FastEthernet3
interface Dot11Radio0
no ip address
no ip redirects
ip local-proxy-arp
ip nat inside
ip virtual-reassembly
no dot11 extension aironet
encryption vlan 1 mode ciphers tkip
encryption mode ciphers aes-ccm tkip
broadcast-key change 3600
ssid ciscowifi
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country AU indoor
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1
description ciscowifi
encapsulation dot1Q 1 native
no cdp enable
interface Vlan1
no ip address
bridge-group 1
interface Dialer0
description Interfejs dzwoniacy
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname [email protected]
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxx
interface BVI1
description Polaczenie dla sieci LAN
ip address 192.168.56.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
ip nat inside source static tcp 192.168.56.10 80 interface Dialer0 80
ip nat inside source static tcp 192.168.56.10 22 interface Dialer0 22
logging trap debugging
logging 192.168.56.10
access-list 100 permit ip 192.168.56.0 0.0.0.255 any
access-list 100 deny ip any any
no cdp run
snmp-server community ciskacz RO
snmp-server chassis-id ciskacz
control-plane
bridge 1 protocol ieee
bridge 1 route ip
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
transport preferred ssh
transport input ssh
scheduler max-task-time 5000
end
please help - thanks!Hello Marek,
I suppose you are not planning to do any kinds of advanced config using several VLANs and multiple SSIDs so let's just make your configuration simple and working.
In short, you need to remove all references to VLAN 1 and to any subinterfaces possibly related to the VLAN 1. This means in particular (follow these steps in sequence):
Remove the Dot11Radio0.1 subinterface entirely
In the Dot11Radio0 section, remove the encryption vlan 1 mode ciphers tkip command
In the dot11 ssid ciscowifi section, remove the vlan 1 command
After performing these steps, make sure that the ssid ciscowifi and encryption mode commands are still present in the Dot11Radio0 configuration, and if not, reenter them.
Best regards,
Peter -
Service Policy won't attach to interface - NO error
Hi,
Am doing some simple CE VoIP QoS for a IPSEC/GRE Customer. I try to ATTACH the policy to the tunnel outbound and the command is accepted without any error but nothing appears in the config.
Here's the base config:
class-map match-all IPSEC-VPN
match access-group name IKE_ACL
class-map match-all ROUTING
match ip dscp cs6
class-map match-all NETWORK-MANAGEMENT
match ip dscp cs2
class-map match-any VOICE-SIGNAL
match protocol rtp
match ip precedence 3
match ip dscp cs3
match ip dscp af31
match ip dscp af32
class-map match-any VOICE-BEARER
match ip precedence 5
match ip dscp ef
match ip dscp cs5
policy-map SHAPE-ADSL-UPLINK
class class-default
bandwidth remaining percent 50
random-detect
random-detect ecn
policy-map VoIP-QoS
class VOICE-BEARER
priority percent 34
class VOICE-SIGNAL
bandwidth percent 5
class ROUTING
bandwidth percent 2
class NETWORK-MANAGEMENT
bandwidth percent 2
class IPSEC-VPN
bandwidth percent 2
class class-default
(config)# int t203
(config-if)#service-policy output SHAPE-ADSL-UPLINK
NOTHING appears in the config and sh policy-map int t100 shows an unapplied policy.
Using:
c836-k9o3s8y6-mz.123-8.T5
Another bug?
ThxPolicy should read (nested):
policy-map SHAPE-ADSL-UPLINK
class class-default
bandwidth remaining percent 50
random-detect
random-detect ecn
service-policy VoIP-QoS -
I am not able to have Service-Policy... " commands enabled in my Router that is working as a PE in the lab.
The router info is as follows:
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-JS-M), Version 12.2(21a), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 09-Jan-04 16:23 by kellmill
Image text-base: 0x60008930, data-base: 0x61458000
ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (f
c1)
PE uptime is 5 hours, 12 minutes
System returned to ROM by power-on
System image file is "flash:slot0"
cisco 3640 (R4700) processor (revision 0x00) with 44032K/5120K bytes of memory.
Processor board ID 22105451
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
1 Serial network interface(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
Can someone help with it.. thx.Hi
Are you trying to bind the service policy under any of the interface or class map or in the control plane config ?
can you post what exactly you are trying to do and the error you are recieving while do so ..
regds -
Service-policy output statement interface vs interface .500 point-to-point
We are running AutoQoS but have recently migrated our WAN service that puts our IP connectivity to a sub-interface (interface serial0/1:0.500 point-to-point and a frame-relay interface-DLCI). In our prior WAN configuration we bound the IP address directly to the interface s0/1:0.
After the migration, the auto qos statement service-policy output AutQoS is still on the interface serial 0/1:0 . Should this service-policy statement be moved down to the serial 0/1:0.500 point-to-point in order to be effective? We have been experiencing QoS problems but I understand it could be many different places, but I wanted to start here.
Thanks
ryanas a rule those are applied in a frame relay policy map.
Create the LLC policy
Create the Frame Relay Policy map (and refer to the LLC policy map in the Frame Relay Config)
Apply the Frame Relay Policy Map to the subinterface (to the DLCI). -
Service-policy on Vlan interface failed
Hi, All!
This is my configuration:
class-map match-any voip_control_trust-CMAP
match ip dscp cs3
match ip dscp af31
class-map match-any voip_rtp_trust-CMAP
match ip dscp ef
class-map match-any internetwork-cntrl-CMAP
match ip dscp cs6
policy-map output_qos-PMAP
class voip_rtp_trust-CMAP
priority 56
class voip_control_trust-CMAP
bandwidth percent 2
class internetwork-cntrl-CMAP
bandwidth percent 5
class class-default
fair-queue
random-detect
cisco(config)#int Vlan 2
cisco(config-if)#service-policy output output_qos-PMAP
Configuration failed!
It was tested on 877, 871, 871W, 877W with ios c870-advipservicesk9-mz.124-15.T5.bin, c870-advipservicesk9-mz.124-15.T8.bin, c870-advipservicesk9-mz.124-15.T10.bin, c870-advipservicesk9-mz.124-15.T11.bin, c870-advipservicesk9-mz.124-24.T2.bin
Strange error. Does anybody know what's the problem?Ok, i tried to make workaround solution:
policy-map OUTPUT_QOS_PMAP
class VOIP_RTP_TRUST_CMAP
priority 56
class VOIP_CTRL_TRUST_CMAP
bandwidth percent 2
class INETWORK-CTRL-CMAP
bandwidth percent 5
class class-default
fair-queue
random-detect
service-policy OUTPUT_QOS_PMAP
service-policy output OUTPUT_QOS_PMAP
interface Vlan2
description *** WAN SVI ***
bandwidth 256
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
bridge-group 1
end
interface BVI1
description *** WAN BVI ***
bandwidth 256
ip address 10.96.0.57 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
service-policy output OUTPUT_QOS_PMAP
end
sh policy-map interface
BVI1
Service-policy output: OUTPUT_QOS_PMAP
queue stats for all priority classes:
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
Class-map: VOIP_RTP_TRUST_CMAP (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
0 packets, 0 bytes
5 minute rate 0 bps
Priority: 56 kbps, burst bytes 1500, b/w exceed drops: 0
Class-map: VOIP_CTRL_TRUST_CMAP (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp cs3 (24)
0 packets, 0 bytes
5 minute rate 0 bps
Match: ip dscp af31 (26)
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 2% (5 kbps)
Class-map: INETWORK-CTRL-CMAP (match-any)
6 packets, 896 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp cs6 (48)
6 packets, 896 bytes
5 minute rate 0 bps
Match: access-group name IKE
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 5/0/0
(pkts output/bytes output) 6/1120
bandwidth 5% (12 kbps)
Class-map: class-default (match-any)
11 packets, 660 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops/flowdrops) 10/0/0/0
(pkts output/bytes output) 11/660
Fair-queue: per-flow queue limit 16
Exp-weight-constant: 9 (1/512)
Mean queue depth: 0 packets
class Transmitted Random drop Tail/Flow drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
0 11/660 0/0 0/0 20 40 1/10
1 0/0 0/0 0/0 22 40 1/10
2 0/0 0/0 0/0 24 40 1/10
3 0/0 0/0 0/0 26 40 1/10
4 0/0 0/0 0/0 28 40 1/10
5 0/0 0/0 0/0 30 40 1/10
6 0/0 0/0 0/0 32 40 1/10
7 0/0 0/0 0/0 34 40 1/10
BUT! Until service-policy is on interface works nothing.
sh int bvi1
BVI1 is up, line protocol is up
Hardware is BVI, address is 0025.454a.940d (bia 0024.c495.6780)
Description: *** WAN BVI ***
Internet address is 10.96.0.57/24
MTU 1500 bytes, BW 256 Kbit/sec, DLY 5000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 74
Queueing strategy: Class-based queueing
Output queue: 33/1000/0 (size/max total/drops)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
114 packets output, 11034 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
ping 10.96.0.1 source bvi1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.96.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.96.0.57
Success rate is 0 percent (0/5) -
Service policy counters not working..
I have a service policy on a 6509 interface so I can see what the packets per second of a video stream coming out of a DVR (digital video recorder) is. This DVR has 16 security cameras attached and I'm concerned that when someone views all 16 cameras the video stream is going to be huge.
So I create a service policy to match an access list for all IP from the DVR. But no counters increment unless I add in some other match statement. I added in a match protocol telnet and the service policy counters started to work. I removed the match on telnet and the counters stopped. Telnet has nothing to do with the DVR. Here is the config of the class map, policy map and show commands: (By the way video is streaming through this interface continually during this excercise)
MATCHING ACCESS LIST ONLY:
class-map match-any DVR
match access-group 130
policy-map DVR-test
class DVR
ROC-6509-DU-A#sh access-list 130
Extended IP access list 130
10 permit ip host 164.72.2.125 any
ROC-6509-DU-A#sh policy-map int
GigabitEthernet2/5
Service-policy output: DVR-test
Class-map: DVR (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps
Match: access-group 130
0 packets, 0 bytes
30 second rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
ADDING IN TELNET:
class-map match-any DVR
match access-group 130
match protocol telnet
policy-map DVR-test
class DVR
ROC-6509-DU-A#sh policy-map int
GigabitEthernet2/5
Service-policy output: DVR-test
Class-map: DVR (match-any)
524025 packets, 70724866 bytes
30 second offered rate 3991000 bps
Match: access-group 130
523896 packets, 70689220 bytes
30 second rate 3991000 bps
Match: protocol telnet
129 packets, 35646 bytes
30 second rate 0 bps
Class-map: class-default (match-any)
18696 packets, 11180265 bytes
30 second offered rate 129000 bps, drop rate 0 bps
Match: any
If I remove the 'match protocol telnet' and clear the counters, no longer do the counters for the access-list 130 increment - put back in match telnet and they start to increment.
This is a Sup720 with IOS 12.2(18)SXE3
Is this a bug or do I not have my class map or policy map correct?The hardware ASICs do not support collecting the individual policer information.
Try:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1216ea1/3550scg/swqos.htm#xtocid1990743 -
Error while applying the Service Policy
Hi,
I am getting the below error while applying the service policy to the Interface.
I have set the mpls exp 4 as well as want to limit the bandwidth to 1Mbps
PE#sh policy-map setexp-GBoIP
Policy Map setexp-GBoIP
Class GBoIP-traffic
set mpls experimental imposition 4
police cir 1024000 bc 32000
conform-action transmit
exceed-action drop
PE(config-if)#int vlan 2007
PE(config-if)#service-policy input setexp-GBoIP
QoS-ERROR: Addition/Modification made to policymap setexp-GBoIP and class GBoIP-traffic is not valid, command is rejected
As well as I have created new clas--map with priority and Bandwidth and applied in output direction, I got the belwo error while applying the Service policy in
PE(config-if)#service-policy out TEST
bandwidth command is not supported in output direction for this interface
PE(config-if)#service-policy output TEST
priority command is not supported in output direction for this interface
Any idea why so ?
Thanks in Advance.
Regards,
NileshCheck the current value of IGW_AWARDS_S sequence and make sure the MINVALUE in the patch (i.e. 10000) is not greater than the current one.
OERR: ORA 4007 MINVALUE cannot be made to exceed the current value (Doc ID 19824.1)
You may also log a SR.
Thanks,
Hussein -
Why doesn't "show service-policy url-summary" work?
Does any one know -- At Cisco Live this year -- this command was shown as an Option to see the number of
hits on L7 class maps urls.
It's not an option for me: Running A3 (2.5)
Thanks,
From A2 documentation (maybe this command was dropped from A3 -- but that would be unfortunate)
To display the statistics for all policy maps or a specific policy map that is currently in service, use the show service-policy command. This command also allows you to display statistics for a specific class map in a policy or the hit counts for match HTTP URL statements in a Layer 7 HTTP policy map. If you do not enter an option with this command, the ACE displays all enabled policy statistics.
show service-policy [policy_name [class-map class_name]] [detail | summary | url-summary] [|] [>]
Syntax Description
policy_name
(Optional) Identifier of an existing policy map that is currently in service (applied to an interface) as an unquoted text string with a maximum of 64 alphanumeric characters. If you do not enter the name of an existing policy map, the ACE displays information and statistics for all policy maps.
class-map class_name
(Optional) Displays the statistics for the specified class map associated with the policy.
detail
(Optional) Displays a more detailed listing of policy map or class map statistics and status information.
summary
(Optional) Displays a summary of policy map or class map statistics and status information.
url-summary
(Optional) Displays the number of times that a connection is established based on a match HTTP URL statement for a class map in a Layer 7 HTTP policy map.
The URL hit counter is per match statement per load-balancing Layer 7 policy. If you are using the same combination of Layer 7 policy and class maps with URL match statements in different VIPs, the count is combined. If the ACE configuration exceeds 64K URL and load-balancing policy combinations, this counter displays NA.Hi Dan,
The url-summary has only been added to the ACE module code at this time. The A2 code train is only for the module, while the A3 train is only for the appliance. The good news is that later this year, we will have a new software coming out (A4) that will be the exact same image that can be loaded on either the module or the appliance, hence all functionality will be the same for both (except the acceleration and optimization that only the appliance will support.
Hope this helps,
Sean -
Policy map/ class map/ service policy for IOS xr
Hi,
I need to create a policy map and class map/service policy to limit the amount of bandwidth that can be used on one interface both in and out.
I need the cap for the bandwidth to traverse this circuit to ne 10 Meg.
the IOS xr version we are using is 4.3.4
I was hoping someone could help me out by giving me a configuration example I could follow.
Thank you.for instance like this:
policy-map police-in
class class-default
police rate 10 mpbs <optionally set burst>
policy-map shape-out-parent
class class-default
shape 10 mpbs <optional burst config>
service-policy shape-out-child
policy-map shape-out-child
class class-default
queue-limit 10 packets
int g 0/0/0/0
service-policy police-in in
service-policy shape-out-parent out
also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
and the support forum article of "asr9000 quality of service architecture"
xander -
Can't apply service-policy to atm int?
Attempted to apply service-policy output MPLS-EGRESS to ATM Int:
class-map match-any GOLD
match mpls experimental topmost 5
match ip precedence 5
class-map match-any BRONZE
match mpls experimental topmost 3
match ip precedence 3
class-map match-any SILVER
match mpls experimental topmost 4
match ip precedence 4
policy-map MPLS-EGRESS
class GOLD
priority percent 5
set mpls experimental topmost 5
class SILVER
bandwidth percent 10
random-detect
set mpls experimental topmost 4
class BRONZE
bandwidth percent 20
random-detect
set mpls experimental topmost 3
class class-default
set mpls experimental topmost 0
fair-queue
random-detect
interface ATM4/0.102 point-to-point
description TRUNK LINK TO PE_B
bandwidth 16000
ip address xxx.xxx.xxx.xxx 255.255.255.252
no ip redirects
no ip proxy-arp
ip ospf message-digest-key xxx
no snmp trap link-status
mpls ip
pvc PE_B 10/102
tx-ring-limit 3
oam-pvc manage
encapsulation aal5snap
service-policy output MPLS-EGRESS
And it *appears* to apply without error, but logs show:
Jul 28 09:34:32.550 aest: %SCHED-3-SEMLOCKED: Virtual Exec attempted to lock a semaphore, already locked by itself -Traceback= 0x61317864 0x62658A88 0x620F0A4C 0x60DD3668 0x60DD5648 0x6135ABD8 0x61379744 0x62644508 0x626444EC
Jul 28 09:34:33.870 aest: I/f ATM4/0.102 VC 10/102 class GOLD requested bandwidth 0 (kbps), available only 0 (kbps)
And ATM4/0.102 does not include the service-policy output MPLS-EGRESS when I do a show run nor when I do a sho policy-map interface?Resolved my own issue - I needed:
vbr-nrt 32000 16000
under the atm sub int... -
Service-policy output not working in Cisco 3560 switch
We got some Cisco catalyst 3560 that we want to control the bandwidth
on the ports. Can this be done, and how do i do it?
Ive got 3550s that can do policy-map with the interface command;
service-policy output(and input) <policyname>
But 3560 only seems to handle service-policy input.
If i try to configure output, it says the following:
SW(config-if)#service-policy output 4mbit-out
police command is not supported for this interface
Configuration failed!
Warning: Assigning a policy map to the output side of an interface not
supported
Any workarounds or new ways to accomplish bandwith-control on a 3560 ?
regards,
RajibThe 3560 & 3750 (& 2960) don't support egress policy-maps. They do however support queueing so it is possible to achieve similar results by applying an ingress policer to your user ports to classify (& police?) the traffic, at the egress port you can then queue the traffic based on it's DSCP or CoS value that it was classified with (same as 3550).
It is also possible to restrict the bandwidth in use at an egress port with the interface command 'srr-queue bandwidth limit <10-90>' where 10-90 represents a percentage of the links bandwidth. For example if you want to restrict a 100Mbps port to 10Mbps you would use the command 'srr-queue bandwidth limit 10'
HTH
Andy -
Command "service-policy input policy-name permit-any" will not work
Hi all,
have a SG500 with latest Firmware, but this command will not work.
service-policy input QoS_01 permit-any
i get this error message:
% Wrong number of parameters or invalid range, size or characters entered
without the option "permit-any or deny-any" the command is successfully.
What is the reason?
It is important, directly to specify this options. Otherwise to lose the access to the switch.
Regards
StefanHi Tom,
i have a ACL / ACE and create a QoS "policy table" put the "policy class map" (with class mappings) in it.
And now i will bind this QoS policy to a Ethernet port.
cli tutorial example say:
Use the service-policy Interface Configuration (Ethernet, Port-channel) mode command to bind a policy map to a port/port-channel. Use the no form of this command to detach a policy map from an interface.
This command is only available in QoS advanced mode.
Syntax
service-policy input policy-map-name default-action [permit-any | deny-any]
no service-policy input
Example:
witchxxxxxx(config-if)# service-policy input policy1 permit-any
A cisco support open a ticket for me.
-Stefan -
My ISP has said they will set up their side to give 50% policed real time traffic and 30% for our application traffic burstable then 5% anything else burstable. The QOS below is my attempt to do this but I was advised that to apply it to the Dialer 1 interface I hade to create a second policy-map (ADSLOut) which had the class-default and the child policy (QOSADSL) within that.
When I did this I can't apply it to the Dialer 1 interface but if I use the child policy then it will allow me to apply that, will this work the same way.
class-map match-all RealTime
match ip dscp ef
class-map match-all General
match any
class-map match-any Application
match ip dscp cs3
match ip dscp af41
policy-map QOSADSL
class RealTime
bandwidth percent 50
class Application
priority percent 30
class General
priority percent 5
class class-default
shape peak percent 85
policy-map ADSLOut
class class-default
service-policy QOSADSL
interface Dialer1
<Snipped>
bandwidth 1240
ip nbar protocol-discovery
ip flow ingress
ip flow egress
load-interval 30
tx-ring-limit 3
tx-queue-limit 3
service-policy output QOSADSL
or
service-policy output ADSLOutHi @scotlandvisit,
My first opinion is a recomendation: in the policy-map, when you're configuring LLQ use the priority command for delay-sensitive traffic (Voice) and the bandwidth command for the rest. This is because the priority command is used to indentify a class as a "strict priority class" which in my opinion should be the voice traffic and the bandwidth command is used to allocate bandwidth to nonpriority classes.
The interface is not letting you apply the service-policy because you have to configure shaping inside the class-default of the parent policy-map. This shape is going to be the value in bps that you want to assing to the traffic classes that you've configured. For example, let's say that you want to allocate 1Mbps for all the classes.
policy-map QOSADSL
class RealTime
priority percent 50
class Application
bandwidth percent 30
class General
bandwidth percent 5
class class-default
shape peak percent 85
policy-map ADSLOut
class class-default
shape average 1000000
service-policy QOSADSL
interface Dialer1
service-policy output ADSLOut
Try this configuration and let me know.
HTH.
Rgrds,
Martin, IT Specialist -
Service-Policy Or Bandwidth Rate Limit for IP
Hii Netpros,
Is this possible to configure the Service Policy(for Bandwidth) or Bandwidth Rate Limit for Single IP. For eg: If we want to configure the Service Policy(for Bandwidth) or Bandwidth Rate Limit of 2Mb for only IP " 10.10.10.3" on network i.e the Host or device which is configured with this IP can access upto 2Mb only.
Actual Network :- We need this to configure this for wireless customers, Actually we have created one Vlan 2 (IP:- 10.10.10.1/29 @ our end router) , 10.10.10.2 on Basestation wiresss device (Vlan 2 allowed on this wireless device) and this wireless device is working as point to multipoint wireless. i.e 2 or more then 2 wireless customers or last mile will connect to this basestation wireless. Wireless customer-1 is 10.10.10.3 (2Mb bandwidth) and Wireless Customer-2 10.10.10.4 (512Kb).
Hence we require to limit the bandwidth for this 2 wireless customers having different bandwidth. how to acheive & control bandwidth @ our end router for them. please suggest.
ThanksThis topic is probably better suited in another Infrastructure forum, but I suppose it depends on which features are supported by your Cisco hardware and software. This doc discusses a variety of options:
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html
For example, with the older CAR (committed access rate) approach:
interface FastEthernet5/0
rate-limit input access-group 101 20000000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
rate-limit input access-group 102 5120000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
access-list 101 permit ip 10.10.10.3 0.0.0.0
access-list 102 permit ip 10.10.10.4 0.0.0.0
You can observe CAR in action with "show interfaces fa5/0 rate-limit" for example.
Maybe you are looking for
-
When starting Photoshop Elements, message that MFSLib2889.dll is missing, reinstalling does not help
How to solve ?
-
i'm trying to connect my MacBook Air to a second monitor... I am using the VGA Thunderbolt adapter. It won't flip to the second screen... any suggestions?
-
Hi Experts, I have copied the standard print program RFKORD50 to custom program ZRFKORD50 and changed the script as per our client requirement. My issue is the after executing ZRFKORD50 the output needs to be displayed as PDF. Kindly help me how to d
-
Results Of The Oracle Certification 2009 Salary Survey
!http://blogs.oracle.com/certification/0116.jpg! *<p>The results of the Oracle Certification Program's 2009 Salary Survey, which was administered via the Internet earlier this year have been released.</p>*<p align="justify">Responses from Oracle Cert
-
We can group apps why not emails in the same way
It would make so much cense to be able to group e-mails in the same way we group apps by simply holding an e-mail than when it shakes we would drag other emails into it to form a group. Would that make cense ?