Looks like we are going somewhere here. Try this test: Put the ACL with permit statements for the range on an L3 interface on the switch, ie so it doesnt do anything fancy, dont forget permit ip any any after the range entry.
If the counters increment, then problem is only limited to using class-maps. If the counters do not increment, then you have a bug with the range command for ACLs in general. Cheers, Matt CCIE #22386 CCSI #31207 On 25 January 2013 13:38, John Dooner <[email protected]> wrote: > It is working on those ports. We did a capture, although the codec tells > you what port it is using when you establish a video conference. Also > remember that when I change the ACL to equal the udp port as shown by the > codec I get the packets remarked with af41 (decimal 34). This is confirmed > using the show mls qos interface stat command. When I change the ACL to use > the > range command the packets stay at dscp 0 as confirmed using the show mls > qos interface stat command. > > On Thursday, January 24, 2013, Samir Idris wrote: > >> Can you run a packet capture to make sure video traffic is working on the >> UDP ports you have specified in the ACL? >> >> On Fri, Jan 25, 2013 at 9:13 AM, John Dooner >> <[email protected]<javascript:_e({}, 'cvml', '[email protected]');> >> > wrote: >> >>> Hi everyone, >>> I cannot get a 3750x to remark video traffic if I use these commands. I >>> have abbreviated the config to concentrate on one aspect. >>> >>> class-map match-any CLASS-VIDEO >>> match access-group name ACL-VIDEO >>> ! >>> policy-map POLICY-INGRESS >>> class CLASS-VIDEO >>> set ip dscp af41 >>> ! >>> ip access-list extended ACL-VIDEO >>> permit udp any any range 2326 2487 <-----this line does not seem to work >>> and the traffic will go out dscp 0. >>> >>> But if I change the extended access-list from permit range to permit equal >>> the UDP port, it will work. Example: >>> >>> class-map match-any CLASS-VIDEO >>> match access-group name ACL-VIDEO >>> ! >>> ! >>> policy-map POLICY-INGRESS >>> class CLASS-VIDEO >>> set ip dscp af41 >>> ! >>> ip access-list extended ACL-VIDEO >>> permit udp any any eq 2344 <---this works and the traffic is remarked >>> DSCP 41. >>> >>> Does anyone have any ideas? I don't see ACL hit, but I think you cannot >>> see >>> any access-list hits because of it being nested in the policy map.The >>> version of IOS is 12.2(55)SE3 LANBASE. >>> >>> Thanks, >>> JD >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com <http://www.platinumplacement.com/> >>> >>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >>> >> >> >> >> -- >> Samir Idris > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
