Scribd Logo
Upload

Welcome to Scribd!

  • Congestion Management: CCIE Security V4 Technology Labs Section 1: System Hardening and Availability

    Uploaded by

    Nandan Bisht
    27 views5 pages
    This document provides instructions for configuring QoS policies on router R3 to mark and prioritize different types of traffic. It involves: 1) Creating policies on R3 to mark ICMP traffic from VLAN 23 with DSCP AF12 and VLAN 11 with AF23. 2) Applying a queueing policy on the F0/0 interface to prioritize voice traffic marked EF for 35% bandwidth, and provide 25% and 15% bandwidth respectively to VLAN 23 and 11 traffic. 3) Verifying the policies by generating traffic from each VLAN and checking counters.

    Original Description:

    Congestion Management

    Original Title

    Congestion Management

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for configuring QoS policies on router R3 to mark and prioritize different types of traffic. It involves: 1) Creating policies on R3 to mark ICMP traffic from VLAN 23 with DSCP AF12 and VLAN 11 with AF23. 2) Applying a queueing policy on the F0/0 interface to prioritize voice traffic marked EF for 35% bandwidth, and provide 25% and 15% bandwidth respectively to VLAN 23 and 11 traffic. 3) Verifying the policies by generating traffic from each VLAN and checking counters.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    27 views5 pages

    Congestion Management: CCIE Security V4 Technology Labs Section 1: System Hardening and Availability

    Uploaded by

    Nandan Bisht
    This document provides instructions for configuring QoS policies on router R3 to mark and prioritize different types of traffic. It involves: 1) Creating policies on R3 to mark ICMP traffic from VLAN 23 with DSCP AF12 and VLAN 11 with AF23. 2) Applying a queueing policy on the F0/0 interface to prioritize voice traffic marked EF for 35% bandwidth, and provide 25% and 15% bandwidth respectively to VLAN 23 and 11 traffic. 3) Verifying the policies by generating traffic from each VLAN and checking counters.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    CCIE Security V4 Technology Labs Section 1:

    System Hardening and Availability


    Congestion Management
    Last updated: May 3, 2013
    Task
    Load the starting configuration files for task 1.17.
    On R3, create a QoS policy to match ICMP traffic coming from vlan 23 and mark it with a dscp of
    AF12.
    On R3, also create a policy that matches ICMP traffic coming from the Test PC on vlan 11 and mark
    it with a dscp of AF23.
    ICMP traffic leaving the F0/0 interface should have the following policy applied.
    AF12 Traffic should be given 25% of the interface bandwidth.
    AF23 Traffic should be given 15% of the interface bandwidth.
    If any voice traffic is seen with a DSCP of EF, it should be priority queued and given 35%
    bandwidth.
    Remaining Traffic should be fair-queued.
    Explanation and Verification
    Congestion management can take the form of policing or shaping data so that it conforms to the
    policy set forth in the network. A CCIE candidate should be able to do this, as wel as configure
    basic QoS policies . This task does not require any policing, but other tasks have. This task simply
    tests your know-how of basic QoS configurations.
    Start by configuring the policy on R3 to match ICMP traffic from vlan 23.

    R3#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R3(config)#access-list 101 permit icmp any any
    R3(config)#class-map match-icmp
    R3(config-cmap)#match access-g 101
    R3(config-cmap)#policy-map mark-traffic
    R3(config-pmap)#class match-icmp
    R3(config-pmap-c)#set dscp af12
    R3(config-pmap-c)#int f0/0.23
    R3(config-subif)#service-policy input mark-traffic
    R3(config-subif)#
    Now configure the policy to mark traffic coming in vlan 11 from the test PC.
    R3(config-subif)#exit
    R3(config)#class-map match-test-pc
    R3(config-cmap)#match access-group 101
    R3(config-cmap)#policy-map mark-testpc
    R3(config-pmap)#class match-test-pc
    R3(config-pmap-c)#set dscp AF23
    R3(config-pmap-c)#int f0/0.11
    R3(config-subif)#service-policy input mark-testpc
    R3(config-subif)#exit
    R3(config)#
    Create the queueing policy and apply it to the f0/0 interface. Understand that the policy cannot be
    applied to a sub-interface.
    R3(config)#class-map match-vlan23
    R3(config-cmap)#match dscp AF12
    R3(config-cmap)#exit
    R3(config)#class-map match-vlan11
    R3(config-cmap)#match dscp AF23
    R3(config-cmap)#exit
    R3(config)#class-map match-voice
    R3(config-cmap)#match dscp ef
    R3(config-cmap)#exit
    R3(config)#policy-map QUEUE-OUT
    R3(config-pmap)#class match-voice
    R3(config-pmap-c)# priority percent 35
    R3(config-pmap-c)#class match-vlan23
    R3(config-pmap-c)#bandwidth percent 25
    R3(config-pmap-c)#class match-vlan11
    R3(config-pmap-c)#bandwidth percent 15
    R3(config-pmap-c)#class class-default
    R3(config-pmap-c)#fair-queue
    R3(config-pmap-c)#interface f0/0
    R3(config-if)#service-policy output QUEUE-OUT
    R3(config-if)#
    Verify the policy on each interface. You'll need to generate traffic from each respective vlan so that
    the counters increment.
    First we verify f0/0.23.
    R3#show policy-map int f0/0.23
    FastEthernet0/0.23
    Service-policy input: mark-traffic
    Class-map: match-icmp (match-all)
    5 packets, 590 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group 101
    QoS Set
    dscp af12
    Packets marked 5
    Class-map: class-default (match-any)
    110 packets, 12100 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    Next, verify f0/0.11.
    R3#show policy-map int f0/0.11
    FastEthernet0/0.11
    Service-policy input: mark-testpc
    Class-map: match-test-pc (match-all)
    4 packets, 312 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group 101
    QoS Set
    dscp af23
    Packets marked 4
    Class-map: class-default (match-any)
    362 packets, 26728 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    Now look at the queueing policy to ensure that each type of traffic gets its allocated bandwidth.
    R3#show policy-map int f0/0
    FastEthernet0/0
    Service-policy output: QUEUE-OUT
    queue stats for all priority classes:
    queue limit 64 packets
    (queue depth/total drops/no-buffer drops) 0/0/0
    (pkts output/bytes output) 0/0
    Class-map: match-voice (match-all)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: dscp ef (46)
    Priority: 35% (35000 kbps), burst bytes 875000, b/w exceed drops: 0
    Class-map: match-vlan23 (match-all)
    10 packets, 1180 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: dscp af12 (12)
    Queueing
    queue limit 64 packets
    (queue depth/total drops/no-buffer drops) 0/0/0
    (pkts output/bytes output) 10/1180
    bandwidth 25% (25000 kbps)
    Class-map: match-vlan11 (match-all)
    8 packets, 624 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: dscp af23 (22)
    Queueing
    queue limit 64 packets
    (queue depth/total drops/no-buffer drops) 0/0/0
    (pkts output/bytes output) 8/624
    bandwidth 15% (15000 kbps)
    Class-map: class-default (match-any)
    207 packets, 22259 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    Queueing
    queue limit 64 packets
    (queue depth/total drops/no-buffer drops/flowdrops) 0/0/0/0
    (pkts output/bytes output) 207/23519
    Fair-queue: per-flow queue limit 16
    R3#
    Also note that the class-default is being fair-queued.

    You might also like