I have a Cisco WS-C4506-E that my PC is connected directly to on port Gi2/24. On that interface, I put ip access-group tqos in. That access list has a specific permit for my pc, and a permit ip any any. For some reason, I barely see any hits on the ACL, despite throwing hundreds of packets per second at it. Can anyone explain why? I was hoping to use this to verify dscp tagging, but that won't work if it doesn't register hits properly.
Important Config
NLSW10#sh run int gig 2/24 Building configuration... Current configuration : 408 bytes ! interface GigabitEthernet2/24 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security ip access-group tqos in ip access-group tqos out spanning-tree portfast end NLSW10#sh ip access-lists tqos Extended IP access list tqos 10 permit ip host 172.20.110.66 any dscp af41 log 100 permit ip any any log (138 matches)
Mostly Full Config
Current configuration : 55370 bytes ! version 15.2 no service pad service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service compress-config ! hostname NLSW10 ! boot-start-marker boot system flash bootflash:cat4500e-universalk9.SPA.03.06.03.E.152-2.E3.bin boot-end-marker ! ! vrf definition mgmtVrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging event trunk-status global ! ! ! ! ! ! aaa session-id common clock timezone CET 1 0 clock summer-time CET recurring last Sat Mar 2:00 last Sat Oct 3:00 hw-module uplink select tengigabitethernet ! ! ! ! ! no ip routing ! ip vrf Liin-vrf ! no ip domain-lookup ! ! ! ! ! power redundancy-mode redundant archive path bootflash:config-backup- ! spanning-tree mode mst spanning-tree portfast bpduguard default spanning-tree extend system-id ! spanning-tree mst configuration name SPANS01 revision 1 instance 1 vlan 1-4094 ! ! vlan internal allocation policy ascending ! ip tftp source-interface FastEthernet1 ! class-map match-all AutoQos-4.0-Scavenger-Classify match access-group name AutoQos-4.0-ACL-Scavenger class-map match-all AutoQos-4.0-Signaling-Classify match access-group name AutoQos-4.0-ACL-Signaling class-map match-any AutoQos-4.0-Priority-Queue match cos 5 match dscp ef match dscp cs5 match dscp cs4 class-map match-all AutoQos-4.0-VoIP-Data-Cos match cos 5 class-map match-any AutoQos-4.0-Multimedia-Stream-Queue match dscp af31 match dscp af32 match dscp af33 class-map match-all AutoQos-4.0-VoIP-Signal-Cos match cos 3 class-map match-any AutoQos-4.0-Multimedia-Conf-Queue match cos 4 match dscp af41 match dscp af42 match dscp af43 match access-group name AutoQos-4.0-ACL-Multimedia-Conf class-map match-all AutoQos-4.0-Default-Classify match access-group name AutoQos-4.0-ACL-Default class-map match-any AutoQos-4.0-Bulk-Data-Queue match cos 1 match dscp af11 match dscp af12 match dscp af13 match access-group name AutoQos-4.0-ACL-Bulk-Data class-map match-all AutoQos-4.0-Transaction-Classify match access-group name AutoQos-4.0-ACL-Transactional-Data class-map match-any AutoQos-4.0-Scavenger-Queue match dscp cs1 match cos 1 match access-group name AutoQos-4.0-ACL-Scavenger class-map match-any AutoQos-4.0-Control-Mgmt-Queue match cos 3 match dscp cs7 match dscp cs6 match dscp cs3 match dscp cs2 match access-group name AutoQos-4.0-ACL-Signaling class-map match-all AutoQos-4.0-Bulk-Data-Classify match access-group name AutoQos-4.0-ACL-Bulk-Data class-map match-any AutoQos-4.0-Trans-Data-Queue match cos 2 match dscp af21 match dscp af22 match dscp af23 match access-group name AutoQos-4.0-ACL-Transactional-Data class-map match-any AutoQos-4.0-VoIP-Data match dscp ef match cos 5 class-map match-all AutoQos-4.0-Multimedia-Conf-Classify match access-group name AutoQos-4.0-ACL-Multimedia-Conf class-map match-any AutoQos-4.0-VoIP-Signal match dscp cs3 match cos 3 ! policy-map AutoQos-4.0-Output-Policy class AutoQos-4.0-Scavenger-Queue bandwidth remaining percent 1 class AutoQos-4.0-Priority-Queue priority police cir percent 30 bc 33 ms class AutoQos-4.0-Control-Mgmt-Queue bandwidth remaining percent 10 class AutoQos-4.0-Multimedia-Conf-Queue bandwidth remaining percent 10 class AutoQos-4.0-Multimedia-Stream-Queue bandwidth remaining percent 10 class AutoQos-4.0-Trans-Data-Queue bandwidth remaining percent 10 dbl class AutoQos-4.0-Bulk-Data-Queue bandwidth remaining percent 4 dbl class class-default bandwidth remaining percent 25 dbl policy-map AutoQos-4.0-Cisco-Phone-Input-Policy class AutoQos-4.0-VoIP-Data-Cos set dscp ef police cir 128000 bc 8000 exceed-action set-dscp-transmit cs1 exceed-action set-cos-transmit 1 class AutoQos-4.0-VoIP-Signal-Cos set dscp cs3 police cir 32000 bc 8000 exceed-action set-dscp-transmit cs1 exceed-action set-cos-transmit 1 class class-default set dscp default set cos 0 ! ! ! ! ! ! ! interface Port-channel1 description UPLINK CORESWITCH switchport switchport trunk native vlan 999 switchport mode trunk storm-control broadcast level 20.00 ! interface FastEthernet1 vrf forwarding mgmtVrf ip address 172.16.1.110 255.255.0.0 no ip route-cache speed auto duplex auto ! interface TenGigabitEthernet1/1 description MER5-CORE1 Eth1/27 uplink switchport trunk native vlan 999 switchport mode trunk flowcontrol receive off storm-control broadcast level 20.00 channel-group 1 mode active ! interface TenGigabitEthernet1/2 description MER6-CORE2 Eth1/27 uplink switchport trunk native vlan 999 switchport mode trunk flowcontrol receive off storm-control broadcast level 20.00 channel-group 1 mode active ! interface GigabitEthernet1/3 shutdown ! interface GigabitEthernet1/4 shutdown ! interface GigabitEthernet1/5 shutdown ! interface GigabitEthernet1/6 shutdown ! interface GigabitEthernet2/1 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/2 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/3 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/4 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/5 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/6 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/7 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/8 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/9 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/10 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/11 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/12 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/13 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/14 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/15 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/16 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/17 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/18 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/19 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/20 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/21 description END USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/22 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/23 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/24 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security ip access-group tqos in ip access-group tqos out spanning-tree portfast ! interface GigabitEthernet2/25 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/26 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/27 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/28 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/29 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/30 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/31 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/32 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/33 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/34 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/35 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/36 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/37 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/38 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/39 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/40 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/41 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/42 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/43 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/44 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/45 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/46 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/47 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface GigabitEthernet2/48 description END-USER switchport access vlan 110 switchport mode access switchport voice vlan 41 switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security maximum 1 vlan voice switchport port-security aging time 3 switchport port-security spanning-tree portfast ! interface Vlan1 no ip address no ip route-cache shutdown ! interface Vlan18 description CISCO_MANAGEMENT ip address 172.20.18.110 255.255.255.0 no ip route-cache ! ip default-gateway 172.20.18.254 ip forward-protocol nd no ip http server no ip http secure-server ! ip access-list standard SNMPpoller permit 172.25.220.230 permit 172.16.8.126 permit 172.16.8.98 deny any log ip access-list standard sqos deny any ! ip access-list extended AutoQos-4.0-ACL-Bulk-Data permit tcp any any eq ftp permit tcp any any eq ftp-data permit tcp any any eq 22 permit tcp any any eq smtp permit tcp any any eq 465 permit tcp any any eq 143 permit tcp any any eq 993 permit tcp any any eq pop3 permit tcp any any eq 995 permit tcp any any eq 1914 ip access-list extended AutoQos-4.0-ACL-Default permit ip any any ip access-list extended AutoQos-4.0-ACL-Multimedia-Conf permit udp any any range 16384 32767 ip access-list extended AutoQos-4.0-ACL-Scavenger permit tcp any any eq 1214 permit udp any any eq 1214 permit tcp any any range 2300 2400 permit udp any any range 2300 2400 permit tcp any any eq 3689 permit udp any any eq 3689 permit tcp any any range 6881 6999 permit tcp any any eq 11999 permit tcp any any range 28800 29100 ip access-list extended AutoQos-4.0-ACL-Signaling permit tcp any any range 2000 2002 permit tcp any any range 5060 5061 permit udp any any range 5060 5061 ip access-list extended AutoQos-4.0-ACL-Transactional-Data permit tcp any any eq 443 permit tcp any any eq 1521 permit udp any any eq 1521 permit tcp any any eq 1526 permit udp any any eq 1526 permit tcp any any eq 1575 permit udp any any eq 1575 permit tcp any any eq 1630 permit udp any any eq 1630 ip access-list extended tqos permit ip host 172.20.110.66 any dscp af41 log permit ip any any log ! logging trap warnings logging source-interface Vlan18 logging host 172.25.152.27 logging host 10.211.1.241 ! ! ! ! line con 0 stopbits 1 line vty 0 4 exec-timeout 0 0 authorization commands 1 VTY authorization commands 15 VTY authorization exec VTY accounting commands 1 VTY accounting commands 15 VTY login authentication VTY length 0 transport input ssh transport output ssh line vty 5 15 exec-timeout 0 0 authorization commands 1 VTY authorization commands 15 VTY authorization exec VTY accounting commands 1 VTY accounting commands 15 VTY login authentication VTY length 0 transport input ssh transport output ssh line vty 16 transport input ssh transport output ssh ! ntp source Vlan18 ntp server 172.20.18.252 ntp server 172.20.18.253 end
No comments:
Post a Comment