Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IPSEC and QOS

Status
Not open for further replies.
zapw

zapw

IS-IT--Management
Jan 30, 2008
3
DE
Does anyone here have IPsec/L2tp VPN with QoS configured
I have a 1814 router IOS adventerprisek9-mz.124-21a and have a service-policy configured on the egress interface .
Am I the only one whose IPSEC traffic isn't classified/seen under the service-policy I don't see the IPSEC traffic in any of the classes not even class-default , I do see the counters increase in the physical Interface.

So I can tell the traffic is going out via the interface because of the Bandwidth usage numbers.
 
Sort by date Sort by votes
My first thought was to check your marking, to make certain you have things classified right, but you should have something in class-default.

Can you post your config to take a look?
 
Upvote 0 Downvote
As Lerdalt said check first to see if the traffic is classified correctly.If so then try the "qos pre-classify" commands.
Regards
 
Upvote 0 Downvote
It dosen't matter it should still appear under class-default if it dosen't match under other classes , so my guess is this is a bug.
 
Upvote 0 Downvote
Well, if you don't want to post a scrubbed config so we can help, have you checked the Bug Toolkit on Cisco.com? Is that from sh ver

adventerprisek9-mz.124-21a

and just needs a .bin at the end? Any "T" for T-train, or is it GD?

This is the only bug I see under that IOS with filtering for "QoS"...

"
CSCsv16714 Bug Details
part of policy-map configuration disappears after reload
Symptom :
It boots up as neither "set cos " nor "set dscp" are configured in
the class; the "set cos" and "set dscp" configuration disappears
You can use the command "show policy-map interface xxx y/y output" to check the configuration.

Condition :
When it's configured both "set cos" and "set dscp" in a single class
of a policy-map and then reboot the system.
No problem if it's configured either one of them, "set cos" OR "set dscp".
It boots up with the configuration.

Workaround:
Workaround is configure one of the "set" command under child policy and configure the child policy under parent policy with the other "set" command.

ex.)
**create child policy with "set cos 7".

policy-map child-policy
class class-default
set cos 7

**while configure the parent policy with "set dscp cs7", configure the parent policy with "service-policy child-policy".

policy-map parent-policy
class Voice
priority percent 70
set dscp cs7
service-policy child-policy"

Burt
 
Upvote 0 Downvote
Um, I am not sure of your question ... but since it is encrypted traffic it wouldn't hit on a service policy.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
215
Lccarter
Lccarter
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
108
acabezas2014
acabezas2014
atascoman
  • Locked
  • Question
3750 to 3850 QoS commands
Replies
1
Views
176
ADB100
ADB100
jeepinbob
  • Locked
  • Question
WS-C2960X-24TS-LL and QOS
Replies
0
Views
95
jeepinbob
jeepinbob
mrdom
  • Locked
  • Question
RV325: Accessing LAN and WAN resources using the same hostname ...
Replies
0
Views
113
mrdom
mrdom

Part and Inventory Search

Sponsor

Back
Top