Can you try adding the "log"

Jake Stroud · ‎08-12-2016

This may be a change in IOS XE vs the old IOS.

Previously had 3945 routers setup with a Policy Map, using an Access-list to match services for QoS. I could do a 'show access-lists' and it would show the number of hits on the ACL where QoS was applied.

Same setup in XE on a 4451-x, but there are no matches shown when doing the 'show access-list'. Is there a way to see what ports are being matched and QoS is being applied?

Regards,
jake

Brandon Buffin · ‎08-12-2016

Use the "show policy-map interface" command such as "show policy-map interface g1/0/1"

Brandon

Jake Stroud · ‎08-12-2016

That doesn't give me the port, ip, etc hits.

Brandon Buffin · ‎08-12-2016

I see. Try to enable the following commands and then reload or remove/reapply the QoS policies.

platform qos match-statistics per-filter

platform qos match-statistics per-ace

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_mqc/configuration/xe-3s/qos-mqc-xe-3s-book/qos-per-ace.html

Brandon

Jake Stroud · ‎08-12-2016

Good find. Thought that would do it once I read the article...

I issued the commands, then removed the service-policy statement from the interface, re-added it to the interface and did a 'show access-list' and nothing...

I have another access-group applied to block specific ports (an access-group that is NOT mentioned in any policy-map statement).

Brandon Buffin · ‎08-12-2016

Can you try adding the "log" keyword to the end of your access list entries? From what I understand this device is doing ACL processing in hardware and does not accurately log the hits without this.

access-list 101 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255 log

Brandon

Viewing hits on QoS policy