GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Config mistake or version issue or bug - Who can prove the truth? posted 11/12/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Tim,

	Works fine for me:

R1#
class-map match-all ICMP
  match protocol icmp
!
 policy-map QOS
  class ICMP
   drop
!         
interface Ethernet0/0
 ip address 124.0.0.1 255.0.0.0
!
interface Serial0/1
 ip address 13.0.0.1 255.0.0.0
 service-policy output QOS

R1#ping 13.0.0.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
R1#
Rack2AS>4
[Resuming connection 4 to r4 ... ]
..
R4#ping 13.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
R4#ping 13.0.0.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.0.0.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R4#
Rack2AS>1
[Resuming connection 1 to r1 ... ]

R1#show policy-map int s0/1
 Serial0/1 

  Service-policy output: QOS

    Class-map: ICMP (match-all)
      10 packets, 1040 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol icmp
      drop

    Class-map: class-default (match-any)
      51 packets, 3452 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any


The locally originated traffic on R1 is not affected but transit traffic
is.


HTH,

Brian McGahan, CCIE #8593
bmcgahan@xxxxxxxxxxxxxxxxxxxxxx 

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/


> -----Original Message-----
> From: ccie2be [mailto:ccie2be@xxxxxxxxxx]
> Sent: Friday, November 12, 2004 5:39 PM
> To: Brian McGahan; Group Study
> Subject: Re: Config mistake or version issue or bug - Who can prove
the
> truth?
> 
> Brian,
> 
> After seeing your post I got all excited - maybe you hit on the
problem,
> but
> alas no.  :-(
> 
> match prot icmp just doesn't work.
> 
> r1#sh policy-map int s0/0
> 
>  Serial0/0
> 
>   Service-policy output: PING
> 
>     Class-map: PING (match-all)
>       0 packets, 0 bytes
>       5 minute offered rate 0 bps, drop rate 0 bps
>       Match: protocol icmp
>       QoS Set
>         fr-de
>           Packets marked 0
> 
>     Class-map: class-default (match-any)
>       144 packets, 9976 bytes
>       5 minute offered rate 0 bps, drop rate 0 bps
>       Match: any
> 
> 
> I tried applying the srevice on the physcial interface and the p2p
> subinterface which connects to R2 via dlci 102 and 201 on the R2 side.
> r2#sh fram pvc 201
> 
> PVC Statistics for interface Serial0/0 (Frame Relay DTE)
> 
> DLCI = 201, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
> Serial0/0.201
> 
>   input pkts 192           output pkts 201          in bytes 21790
>   out bytes 23285          dropped pkts 0           in pkts dropped 0
>   out pkts dropped 0                out bytes dropped 0
>   in FECN pkts 0           in BECN pkts 0           out FECN pkts 0
>   out BECN pkts 0          in DE pkts 0             out DE pkts 0
>   out bcast pkts 181       out bcast bytes 21205
>   5 minute input rate 0 bits/sec, 0 packets/sec
>   5 minute output rate 0 bits/sec, 0 packets/sec
>   pvc create time 00:23:27, last time pvc status changed 00:21:57
> 
> When I change it to match access-group 100, where acl 100 permits
icmp,
> then
> it works.
> 
> Go configure!!!
> 
> BTW, match prot icmp doesn't work when I ping from R1 (where the MQC
is
> configured) or from a different router.  So, I'm out of ideas.  Have
you
> got
> anymore?
> 
> Tim
> 
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@xxxxxxxxxxxxxxxxxxxxxx>
> To: "ccie2be" <ccie2be@xxxxxxxxxx>; "Group Study"
<ccielab@xxxxxxxxxxxxxx>
> Sent: Friday, November 12, 2004 5:51 PM
> Subject: RE: Config mistake or version issue or bug - Who can prove
the
> truth?
> 
> 
> Try it as transit traffic, not locally originated traffic.
> 
> Brian McGahan, CCIE #8593
> bmcgahan@xxxxxxxxxxxxxxxxxxxxxx
> 
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
> 
> 
> > -----Original Message-----
> > From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf
> Of
> > ccie2be
> > Sent: Friday, November 12, 2004 2:48 PM
> > To: Group Study
> > Subject: Config mistake or version issue or bug - Who can prove the
> truth?
> >
> > Here's a challenge for all you ccie wannabe's and current ccie's.
> >
> > MQC was used to set the DE bit on ping traffic with the following
> class-
> > map:
> >
> > class-map PING
> >     match prot icmp
> >
> > policy-map PING
> >     set fr-de
> >
> > int s0/0
> > service-policy out PING
> >
> > It didn't work. So begins the troubleshooting.
> >
> > Maybe, the service policy has to be within a map-class like this:
> >
> > map-class fram PING
> > service-policy PING
> >
> > int s0/0
> > fram class PING
> >
> > Nope, this doesn't work either.  What could be wrong?
> >
> > How about if the class-map is applied on a p2p sub?
> >
> > Nope, doesn't work.
> >
> > Could it NBAR?  Let's see.
> >
> > 1st, create the acl like this
> >
> > access-list 100 perm icmp any any
> >
> > Now, change the class-map to look like this:
> >
> > class-map PING
> >     match access-group 100
> >
> > And, test again.
> >
> > Hurrah !!! It works.
> >
> > Who knows why?
> >
> > Here's the output of show ver:
> >
> > r1#sh ver
> > Cisco Internetwork Operating System Software
> > IOS (tm) 3600 Software (C3640-JK9O3S-M), Version 12.3(9), RELEASE
> SOFTWARE
> > (fc2)
> >
> > Copyright (c) 1986-2004 by cisco Systems, Inc.
> > Compiled Fri 14-May-04 13:16 by dchih
> > Image text-base: 0x60008B00, data-base: 0x620DE000
> >
> > ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE
> > SOFTWARE
> > (f
> > c1)
> >
> > r1 uptime is 5 hours, 58 minutes
> > System returned to ROM by power-on
> > System image file is "flash:c3640-jk9o3s-mz.123-9.bin"
> >
> > Tim
> >
> >
>
_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html