08-12-2016 09:15 AM - edited 03-05-2019 04:29 AM
This may be a change in IOS XE vs the old IOS.
Previously had 3945 routers setup with a Policy Map, using an Access-list to match services for QoS. I could do a 'show access-lists' and it would show the number of hits on the ACL where QoS was applied.
Same setup in XE on a 4451-x, but there are no matches shown when doing the 'show access-list'. Is there a way to see what ports are being matched and QoS is being applied?
Regards,
jake
08-12-2016 11:32 AM
Use the "show policy-map interface" command such as "show policy-map interface g1/0/1"
Brandon
08-12-2016 12:09 PM
That doesn't give me the port, ip, etc hits.
08-12-2016 12:37 PM
I see. Try to enable the following commands and then reload or remove/reapply the QoS policies.
platform qos match-statistics per-filter
platform qos match-statistics per-ace
Brandon
08-12-2016 12:56 PM
Good find. Thought that would do it once I read the article...
I issued the commands, then removed the service-policy statement from the interface, re-added it to the interface and did a 'show access-list' and nothing...
I have another access-group applied to block specific ports (an access-group that is NOT mentioned in any policy-map statement).
08-12-2016 01:11 PM
Can you try adding the "log" keyword to the end of your access list entries? From what I understand this device is doing ACL processing in hardware and does not accurately log the hits without this.
access-list 101 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255 log
Brandon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide