Topoplogy used in this scenario:
R4 (S0/0/1) ---------------------(S0/0/1) R5
Requirement for scenario:
Use AAA to auth PPP using radius and if radius is not available use local Authorization. R4 Should do the Authorization
R4 Config:
aaa new-model
!
!
aaa authentication ppp TEST group radius local
username R5 password 0 cisco
interface Serial0/0/1
ip address 192.168.1.4 255.255.255.0
encapsulation ppp
ppp authentication chap TEST
radius-server host 2.2.2.2 auth-port 1645 acct-port 1646
radius-server key test
R5:
username R4 password 0 cisco
interface Serial0/0/1
ip address 192.168.1.5 255.255.255.0
encapsulation ppp
clock rate 2000000
ppp chap password 0 cisco
Testing to see if it works, using debugs to make sure radius is tried first, then local used.
debug ppp negotiation
debug radius authentication
debug aaa authentication
R4(config-if)#no shut
R4(config-if)#
*Apr 27 16:12:06.291: Se0/0/1 PPP: Outbound cdp packet dropped
*Apr 27 16:12:08.287: %LINK-3-UPDOWN: Interface Serial0/0/1, changed state to up
*Apr 27 16:12:08.291: Se0/0/1 LCP: I CONFREQ [Closed] id 24 len 10
*Apr 27 16:12:08.291: Se0/0/1 LCP: MagicNumber 0x2A99F38C (0x05062A99F38C)
*Apr 27 16:12:08.291: Se0/0/1 LCP LCP: Missed a Link-Up transition, starting PPP
*Apr 27 16:12:08.291: AAA/BIND(0000879B): Bind i/f Serial0/0/1
*Apr 27 16:12:08.291: Se0/0/1 PPP: Using default call direction
*Apr 27 16:12:08.291: Se0/0/1 PPP: Treating connection as a dedicated line
*Apr 27 16:12:08.291: Se0/0/1 PPP: Session handle[9A0006E2] Session id[682]
*Apr 27 16:12:08.291: Se0/0/1 PPP: Phase is ESTABLISHING, Active Open
*Apr 27 16:12:08.291: Se0/0/1 PPP: Authorization NOT required
*Apr 27 16:12:08.291: Se0/0/1 LCP: O CONFREQ [Closed] id 222 len 15
*Apr 27 16:12:08.291: Se0/0/1 LCP: AuthProto CHAP (0x0305C22305)
*Apr 27 16:12:08.291: Se0/0/1 LCP: MagicNumber 0x2A40E8CA (0x05062A40E8CA)
*Apr 27 16:12:08.291: Se0/0/1 LCP: O CONFACK [REQsent] id 24 len 10
*Apr 27 16:12:08.295: Se0/0/1 LCP: MagicNumber 0x2A99F38C (0x05062A99F38C)
*Apr 27 16:12:08.295: Se0/0/1 LCP: I CONFACK [ACKsent] id 222 len 15
*Apr 27 16:12:08.295: Se0/0/1 LCP: AuthProto CHAP (0x0305C22305)
*Apr 27 16:12:08.295: Se0/0/1 LCP: MagicNumber 0x2A40E8CA (0x05062A40E8CA)
*Apr 27 16:12:08.295: Se0/0/1 LCP: State is Open
*Apr 27 16:12:08.295: Se0/0/1 PPP: Phase is AUTHENTICATING, by this end
*Apr 27 16:12:08.295: Se0/0/1 CHAP: O CHALLENGE id 132 len 23 from "R4"
*Apr 27 16:12:08.295: Se0/0/1 PPP: Outbound cdp packet dropped
*Apr 27 16:12:08.299: Se0/0/1 CHAP: I RESPONSE id 132 len 23 from "R5"
*Apr 27 16:12:08.299: Se0/0/1 PPP: Phase is FORWARDING, Attempting Forward
*Apr 27 16:12:08.299: Se0/0/1 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Apr 27 16:12:08.299: AAA/AUTHEN/PPP (0000879B): Pick method list 'TEST'
*Apr 27 16:12:08.299: Se0/0/1 PPP: Sent CHAP LOGIN Request
*Apr 27 16:12:08.299: RADIUS/ENCODE(0000879B):Orig. component type = PPP
*Apr 27 16:12:08.299: RADIUS: AAA Unsupported Attr: interface [175] 11
*Apr 27 16:12:08.299: RADIUS: 53 65 72 69 61 6C 30 2F 30 [Serial0/0]
*Apr 27 16:12:08.303: RADIUS(0000879B): Config NAS IP: 0.0.0.0
*Apr 27 16:12:08.303: RADIUS/ENCODE(0000879B): acct_session_id: 1430
*Apr 27 16:12:08.303: RADIUS(0000879B): sending
*Apr 27 16:12:08.303: RADIUS/ENCODE: Best Local IP-Address 172.16.24.4 for Radius-Server 2.2.2.2
*Apr 27 16:12:08.303: RADIUS(0000879B): Send Access-Request to 2.2.2.2:1645 id 1645/31, len 86
*Apr 27 16:12:08.303: RADIUS: authenticator 47 FB E2 F2 D4 D7 92 4D - 87 17 CE 4D 5B 54 CE 81
*Apr 27 16:12:08.303: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Apr 27 16:12:08.303: RADIUS: User-Name [1] 4 "R5"
*Apr 27 16:12:08.303: RADIUS: CHAP-Password [3] 19 *
*Apr 27 16:12:08.303: RADIUS: NAS-Port [5] 6 10001
*Apr 27 16:12:08.303: RADIUS: NAS-Port-Id [87] 13 "Serial0/0/1"
*Apr 27 16:12:08.303: RADIUS: NAS-Port-Type [61] 6 Sync [1]
*Apr 27 16:12:08.303: RADIUS: Service-Type [6] 6 Framed [2]
*Apr 27 16:12:08.303: RADIUS: NAS-IP-Address [4] 6 172.16.24.4
*Apr 27 16:12:12.943: RADIUS: Retransmit to (2.2.2.2:1645,1646) for id 1645/31
*Apr 27 16:12:17.263: %RADIUS-4-RADIUS_DEAD: RADIUS server 2.2.2.2:1645,1646 is not responding.
*Apr 27 16:12:17.263: %RADIUS-4-RADIUS_ALIVE: RADIUS server 2.2.2.2:1645,1646 is being marked alive.
*Apr 27 16:12:17.263: RADIUS: Retransmit to (2.2.2.2:1645,1646) for id 1645/31
*Apr 27 16:12:18.287: Se0/0/1 CHAP: I RESPONSE id 132 len 23 from "R5"
*Apr 27 16:12:18.287: Se0/0/1 CHAP: Ignoring Additional Response
*Apr 27 16:12:18.303: Se0/0/1 AUTH: Timeout 1
*Apr 27 16:12:22.003: RADIUS: Retransmit to (2.2.2.2:1645,1646) for id 1645/31
*Apr 27 16:12:26.867: RADIUS: No response from (2.2.2.2:1645,1646) for id 1645/31
*Apr 27 16:12:26.867: RADIUS/DECODE: No response from radius-server; parse response; FAIL
*Apr 27 16:12:26.867: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
*Apr 27 16:12:26.867: Se0/0/1 PPP: Received LOGIN Response PASS
*Apr 27 16:12:26.867: Se0/0/1 PPP: Phase is FORWARDING, Attempting Forward
*Apr 27 16:12:26.867: Se0/0/1 PPP: Phase is AUTHENTICATING, Authenticated User
*Apr 27 16:12:26.867: Se0/0/1 CHAP: O SUCCESS id 132 len 4
*Apr 27 16:12:26.871: Se0/0/1 PPP: Phase is UP
*Apr 27 16:12:26.871: Se0/0/1 IPCP: O CONFREQ [Closed] id 1 len 10
*Apr 27 16:12:26.871: Se0/0/1 IPCP: Address 192.168.1.4 (0x0306C0A80104)
*Apr 27 16:12:26.871: Se0/0/1 CDPCP: O CONFREQ [Closed] id 1 len 4
*Apr 27 16:12:26.871: Se0/0/1 PPP: Process pending ncp packets
*Apr 27 16:12:26.871: Se0/0/1 IPCP: I CONFREQ [REQsent] id 1 len 10
*Apr 27 16:12:26.871: Se0/0/1 IPCP: Address 192.168.1.5 (0x0306C0A80105)
*Apr 27 16:12:26.871: Se0/0/1 IPCP: O CONFACK [REQsent] id 1 len 10
*Apr 27 16:12:26.871: Se0/0/1 IPCP: Address 192.168.1.5 (0x0306C0A80105)
*Apr 27 16:12:26.875: Se0/0/1 IPCP: I CONFACK [ACKsent] id 1 len 10
*Apr 27 16:12:26.875: Se0/0/1 IPCP: Address 192.168.1.4 (0x0306C0A80104)
*Apr 27 16:12:26.875: Se0/0/1 IPCP: State is Open
*Apr 27 16:12:26.875: Se0/0/1 CDPCP: I CONFREQ [REQsent] id 1 len 4
*Apr 27 16:12:26.875: Se0/0/1 CDPCP: O CONFACK [REQsent] id 1 len 4
*Apr 27 16:12:26.875: Se0/0/1 CDPCP: I CONFACK [ACKsent] id 1 len 4
*Apr 27 16:12:26.875: Se0/0/1 CDPCP: State is Open
*Apr 27 16:12:26.879: Se0/0/1 IPCP: Install route to 192.168.1.5
*Apr 27 16:12:27.871: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up
R5 debugs showing its only sending the challenge response:
*Apr 27 16:00:58.935: Se0/0/1 PPP: Using default call direction
*Apr 27 16:00:58.935: Se0/0/1 PPP: Treating connection as a dedicated line
*Apr 27 16:00:58.935: Se0/0/1 PPP: Session handle[73000966] Session id[682]
*Apr 27 16:00:58.935: Se0/0/1 PPP: Authorization required
*Apr 27 16:00:58.939: Se0/0/1 PPP: No authorization without authentication
*Apr 27 16:00:59.939: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up
*Apr 27 16:02:38.899: Se0/0/1 PPP: Authorization required
*Apr 27 16:02:38.907: Se0/0/1 PPP: No authorization without authentication
*Apr 27 16:02:38.907: Se0/0/1 CHAP: I CHALLENGE id 130 len 23 from "R4"
*Apr 27 16:02:38.907: Se0/0/1 CHAP: Using hostname from unknown source
*Apr 27 16:02:38.907: Se0/0/1 CHAP: Using password from AAA
*Apr 27 16:02:38.907: Se0/0/1 CHAP: O RESPONSE id 130 len 23 from "R5"
*Apr 27 16:02:48.883: Se0/0/1 AUTH: Timeout 1
*Apr 27 16:02:48.883: Se0/0/1 CHAP: Using hostname from unknown source
*Apr 27 16:02:48.883: Se0/0/1 CHAP: Using password from AAA
*Apr 27 16:02:48.883: Se0/0/1 CHAP: O RESPONSE id 130 len 23 from "R5"
*Apr 27 16:02:57.131: Se0/0/1 CHAP: I SUCCESS id 130 len 4
*Apr 27 16:03:38.515: %LINK-3-UPDOWN: Interface Serial0/0/1, changed state to down
*Apr 27 16:03:39.515: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to down
*Apr 27 16:03:43.823: %LINK-3-UPDOWN: Interface Serial0/0/1, changed state to up
*Apr 27 16:03:43.823: Se0/0/1 PPP: Using default call direction
*Apr 27 16:03:43.823: Se0/0/1 PPP: Treating connection as a dedicated line
*Apr 27 16:03:43.823: Se0/0/1 PPP: Session handle[69000967] Session id[684]
*Apr 27 16:03:43.823: Se0/0/1 PPP: Authorization required
*Apr 27 16:03:43.827: Se0/0/1 PPP: No authorization without authentication
*Apr 27 16:03:43.831: Se0/0/1 CHAP: I CHALLENGE id 131 len 23 from "R4"
*Apr 27 16:03:43.831: Se0/0/1 CHAP: Using hostname from unknown source
*Apr 27 16:03:43.831: Se0/0/1 CHAP: Using password from AAA
*Apr 27 16:03:43.831: Se0/0/1 CHAP: O RESPONSE id 131 len 23 from "R5"
*Apr 27 16:03:53.843: Se0/0/1 AUTH: Timeout 1
*Apr 27 16:03:53.843: Se0/0/1 CHAP: Using hostname from unknown source
*Apr 27 16:03:53.843: Se0/0/1 CHAP: Using password from AAA
*Apr 27 16:03:53.843: Se0/0/1 CHAP: O RESPONSE id 131 len 23 from "R5"
*Apr 27 16:04:02.463: Se0/0/1 CHAP: I SUCCESS id 131 len 4
*Apr 27 16:04:03.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up
*Apr 27 16:05:15.587: %LINK-3-UPDOWN: Interface Serial0/0/1, changed state to down
*Apr 27 16:05:16.587: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to down
*Apr 27 16:05:21.475: %LINK-3-UPDOWN: Interface Serial0/0/1, changed state to up
*Apr 27 16:05:21.475: Se0/0/1 PPP: Using default call direction
*Apr 27 16:05:21.475: Se0/0/1 PPP: Treating connection as a dedicated line
*Apr 27 16:05:21.475: Se0/0/1 PPP: Session handle[A3000968] Session id[685]
*Apr 27 16:05:21.475: Se0/0/1 PPP: Authorization required
*Apr 27 16:05:21.483: Se0/0/1 PPP: No authorization without authentication
*Apr 27 16:05:21.483: Se0/0/1 CHAP: I CHALLENGE id 132 len 23 from "R4"
*Apr 27 16:05:21.483: Se0/0/1 CHAP: Using hostname from unknown source
*Apr 27 16:05:21.483: Se0/0/1 CHAP: Using password from AAA
*Apr 27 16:05:21.487: Se0/0/1 CHAP: O RESPONSE id 132 len 23 from "R5"
*Apr 27 16:05:31.475: Se0/0/1 AUTH: Timeout 1
*Apr 27 16:05:31.475: Se0/0/1 CHAP: Using hostname from unknown source
*Apr 27 16:05:31.475: Se0/0/1 CHAP: Using password from AAA
*Apr 27 16:05:31.475: Se0/0/1 CHAP: O RESPONSE id 132 len 23 from "R5"
*Apr 27 16:05:40.059: Se0/0/1 CHAP: I SUCCESS id 132 len 4
*Apr 27 16:05:41.059: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up
**********************************************************************************
CHAP I = Chap input
CHAP: 0 = Chap output
Friday, April 27, 2012
Thursday, April 26, 2012
MQC FRTS w / LLQ
I failed my lab and had a bad couple days to say the last. There is nothing more humbling then setting out to do something, putting your heart into it and coming up short.
One of the areas I realized I needed help in is QoS, and this post is related to MQC FRTS
I was totally lost on how to do this before tonight.
So lets say we were given a requirement to:
1) prioritize DSCP 46(voice) traffic
2)give bandwidth remaining 10 % to web traffic, coming in marked with dscp 32
3)shape on our DLCI 402 to 512k or 512000
I am no wizard, I referred to http://www.cisco.com/en/US/docs/ios-xml/ios/wan_frly/configuration/12-4t/wan-mqc-fr-tfshp.html#GUID-4FD565D0-CE2D-4066-B803-580EC0F6017B and INE's video on MQC FRTS before attempting this.
In order to accomplish we will need multiple policy-maps, as well as a map-class frame-relay class :)
See my below setup to test this out to learn
class-map match-all web (-------IOS decided to put in cs4 when i put dscp 32 automatically)
match ip dscp cs4
class-map match-all voice
match ip dscp ef
!
!
policy-map LLQ
class voice
priority 32
class web
bandwidth remaining percent 10
policy-map QOS-MQC
class class-default
shape average 512000
service-policy LLQ
map-class frame-relay FRTS
service-policy output QOS-MQC
interface Serial0/0/0.200 multipoint
ip address 172.16.200.4 255.255.255.0
ipv6 address FE80::4 link-local
ipv6 address 200:123::4/64
ipv6 ospf network non-broadcast
ipv6 ospf 1 area 0
frame-relay map ip 172.16.200.1 401 broadcast
frame-relay map ip 172.16.200.2 402 broadcast
frame-relay map ipv6 FE80::1 401 broadcast
frame-relay interface-dlci 402
class FRTS
So.. reference the above config..., now lets talk about it.
First I created a Parent policy-map named QOS-MQC
-Inside of class-default , I configured shaping to 512000 - nothing under this frame-relay interface dlci 402 will be able to trasfer more then 512000
-I also called my child policy named LLQ - which references class-voice and class web to take care of the matching dscp 46 and dscp 32 for web
-Next, I configured map-class frame-relay FRTS and call our Parent policy-map
-Apply service policy to the interface DLCI
Next and most important thing I am learning, is we can't just configure something and then not test it, I think I went wrong here in the lab the 1st go around.
So I was thinking ok how can I test voice traffic or traffic with a specific DSCP value, without having the traffic sending to me by a device or traffic generator?
I learned there is a way to do an extended ping , set the TOS byte in the IP header. We need to covert our known DSCP value, to a decimal #
To do so, I saw online in a quick google search you can take your dscp value and multiply by 4, this will be your value to put in the TOS byte in the ping.
Ok, while it works, I wanted a better understanding. Here is I the way that helped me understand and most importantly verify I met the requirements of the task.
DSCP value 46 (used for voice in my lab)
DSCP value 32 (used for web traffic in my lab)
DSCP is the first 6 most significant bits
normal binary 128 64 32 16 8 4 2 1 = 8 bits
DSCP 6 most significant bits = 32 16 8 4 2 1
DO DSCP 46 would have these bits 101110 or 32+8+4+2 = 46
now write the number out in binary (remember to add the last two zero's)
10111000 = 128+32+16+8 or 184
Now lets test !!
R4#ping
Protocol [ip]:
Target IP address:
% Bad IP address
R4#ping
Protocol [ip]:
Target IP address: 172.16.200.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]: 184 <-------------------DSCP 46 TOS in binary
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
R4#show poi
R4#
R4#
R4#|| now test web
^
% Invalid input detected at '^' marker.
R4#ping
Protocol [ip]:
Target IP address: 172.16.200.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]: 128 <--------------------------DSCP 32 TOS BYTE in binary
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Serial0/0/0.200: DLCI 402 - ( notice how this is only applied on dlci 402 on the interface
Service-policy output: QOS-MQC
Class-map: class-default (match-any)
140 packets, 14560 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 140/14560
shape (average) cir 512000, bc 2048, be 2048
target shape rate 512000
lower bound cir 0, adapt to fecn 0
Service-policy : LLQ
queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 110/11440
Class-map: voice (match-all)
110 packets, 11440 bytes <----------Hits on simulated voice traffic, score!
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
Priority: 32 kbps, burst bytes 1500, b/w exceed drops: 0
Class-map: web (match-all)
10 packets, 1040 bytes <--------------Hits on simulated web traffic score!
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp cs4 (32)
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 10/1040
bandwidth remaining 10% (48 kbps)
Class-map: class-default (match-any)
20 packets, 2080 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 20/2080
One of the areas I realized I needed help in is QoS, and this post is related to MQC FRTS
I was totally lost on how to do this before tonight.
So lets say we were given a requirement to:
1) prioritize DSCP 46(voice) traffic
2)give bandwidth remaining 10 % to web traffic, coming in marked with dscp 32
3)shape on our DLCI 402 to 512k or 512000
I am no wizard, I referred to http://www.cisco.com/en/US/docs/ios-xml/ios/wan_frly/configuration/12-4t/wan-mqc-fr-tfshp.html#GUID-4FD565D0-CE2D-4066-B803-580EC0F6017B and INE's video on MQC FRTS before attempting this.
In order to accomplish we will need multiple policy-maps, as well as a map-class frame-relay class :)
See my below setup to test this out to learn
class-map match-all web (-------IOS decided to put in cs4 when i put dscp 32 automatically)
match ip dscp cs4
class-map match-all voice
match ip dscp ef
!
!
policy-map LLQ
class voice
priority 32
class web
bandwidth remaining percent 10
policy-map QOS-MQC
class class-default
shape average 512000
service-policy LLQ
map-class frame-relay FRTS
service-policy output QOS-MQC
interface Serial0/0/0.200 multipoint
ip address 172.16.200.4 255.255.255.0
ipv6 address FE80::4 link-local
ipv6 address 200:123::4/64
ipv6 ospf network non-broadcast
ipv6 ospf 1 area 0
frame-relay map ip 172.16.200.1 401 broadcast
frame-relay map ip 172.16.200.2 402 broadcast
frame-relay map ipv6 FE80::1 401 broadcast
frame-relay interface-dlci 402
class FRTS
So.. reference the above config..., now lets talk about it.
First I created a Parent policy-map named QOS-MQC
-Inside of class-default , I configured shaping to 512000 - nothing under this frame-relay interface dlci 402 will be able to trasfer more then 512000
-I also called my child policy named LLQ - which references class-voice and class web to take care of the matching dscp 46 and dscp 32 for web
-Next, I configured map-class frame-relay FRTS and call our Parent policy-map
-Apply service policy to the interface DLCI
Next and most important thing I am learning, is we can't just configure something and then not test it, I think I went wrong here in the lab the 1st go around.
So I was thinking ok how can I test voice traffic or traffic with a specific DSCP value, without having the traffic sending to me by a device or traffic generator?
I learned there is a way to do an extended ping , set the TOS byte in the IP header. We need to covert our known DSCP value, to a decimal #
To do so, I saw online in a quick google search you can take your dscp value and multiply by 4, this will be your value to put in the TOS byte in the ping.
Ok, while it works, I wanted a better understanding. Here is I the way that helped me understand and most importantly verify I met the requirements of the task.
DSCP value 46 (used for voice in my lab)
DSCP value 32 (used for web traffic in my lab)
DSCP is the first 6 most significant bits
normal binary 128 64 32 16 8 4 2 1 = 8 bits
DSCP 6 most significant bits = 32 16 8 4 2 1
DO DSCP 46 would have these bits 101110 or 32+8+4+2 = 46
now write the number out in binary (remember to add the last two zero's)
10111000 = 128+32+16+8 or 184
Now lets test !!
R4#ping
Protocol [ip]:
Target IP address:
% Bad IP address
R4#ping
Protocol [ip]:
Target IP address: 172.16.200.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]: 184 <-------------------DSCP 46 TOS in binary
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
R4#show poi
R4#
R4#
R4#|| now test web
^
% Invalid input detected at '^' marker.
R4#ping
Protocol [ip]:
Target IP address: 172.16.200.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]: 128 <--------------------------DSCP 32 TOS BYTE in binary
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Serial0/0/0.200: DLCI 402 - ( notice how this is only applied on dlci 402 on the interface
Service-policy output: QOS-MQC
Class-map: class-default (match-any)
140 packets, 14560 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 140/14560
shape (average) cir 512000, bc 2048, be 2048
target shape rate 512000
lower bound cir 0, adapt to fecn 0
Service-policy : LLQ
queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 110/11440
Class-map: voice (match-all)
110 packets, 11440 bytes <----------Hits on simulated voice traffic, score!
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
Priority: 32 kbps, burst bytes 1500, b/w exceed drops: 0
Class-map: web (match-all)
10 packets, 1040 bytes <--------------Hits on simulated web traffic score!
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp cs4 (32)
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 10/1040
bandwidth remaining 10% (48 kbps)
Class-map: class-default (match-any)
20 packets, 2080 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 20/2080
Subscribe to:
Posts (Atom)