On some platforms locally generated traffic bypasses egress intf ACL/QoS, try
your test with an ACL on ingress on a diff router in the path.
-Jon
On Jul 29, 2013, at 11:09 PM, Andrey Khomyakov
wrote:
> Looks like exactly what I'm looking for, but for some reason doesn't work.
> Below produce
Looks like exactly what I'm looking for, but for some reason doesn't work.
Below produces 0 packet match.
ip ssh prec 2
class-map match-any SSH
match ip dscp cs2
match ip precedence 2
As a test I also tried this:
ip access-list extended Management_Access
remark Play nice with router manag
Darren,
My understanding that qos-preclassify will only copy ToS header from
original packet to encrypted packet. Since service-policy is applied to the
physical interface and is looking at already encrypted traffic, ACLs won't
see the original source/destination
Andrey
--Andrey
On Mon, Jul 29,
Newer IOS support setting precedence or DSCP for outbound SSH:
ip ssh prec 2
Thanks,
Chuck
-Original Message-
From: Andrey Khomyakov [mailto:khomyakov.and...@gmail.com]
Sent: Monday, July 29, 2013 12:07 PM
To: Nanog
Subject: management traffic QoS on Tunnel interfaces
Hi all,
I have
In this class you are matching:
class-map match-any SSH
match ip dscp cs2
Why not just match an ACL for SSH traffic from the local router back to your
management range?
> From: khomyakov.and...@gmail.com
> Date: Mon, 29 Jul 2013 12:07:19 -0400
> Subject: management traffic QoS on Tunnel interf
Hi all,
I have been trying to come up with a qos policy (or rather where to apply
it) for reserving some bandwidth for management traffic to the local router
The setup is that a remote route is a spoke to a DMVPN network, thus has a
couple of ipsec gre tunnel interfaces and a Lo0 for management (ss
I've been unable to get ahold of cluebies @ digital ocean ; anyone in engr
pls contact off list
7 matches
Mail list logo
