We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 651 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

451 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Very clear and concise explanation, thank you

  2. Thanks a lot for your excelent explanation…

  3. Hello Rene,

    I was very happy to find you had a lab on this subject. I went through this myself and everything worked as described, except one area. When I moved the service policy off the FA0/0 interface and put it on the Tunnel 0 interface (and removed the qos pre-qualify from the tunnel), the encapsulated IP header had the CS5 markings, but the outer header did not (as seen below)


    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))


    Differentiated Services Field: 0xa0 (DSCP 0x28: Class Select

    ... Continue reading in our forum

  4. Hi None N
    I tested this scenario again (GNS3, IOS 15.1), and confirmed my prior results. It sure looks like your configuration is the same as mine. When you did your extended ping, you chose TOS of 96, right?

    Since all the config happens on R1, here’s the full config. If you paste this in, and still get different results, try again using an IOS 15 version for R1 (mine is c7200-adventerprisek9-mz.152-4.M6)

    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname R1
    ... Continue reading in our forum

  5. Hello

    I used the example above and everything works until I apply encryption and now I noticed that classification no longer works. Here are the configs from R1.
    The only thing I changed was the routing protocol over the tunnel and added some VTY password and now Im using VTI.
    When I classify based on the ESP header it works as I see matches in my policy-map but thats not very useful when you want to match specific traffic within the inner packet as in this case, Telnet and police that traffic.

    R1#sh running-config
    Building configuration...
    Current configurat
    ... Continue reading in our forum

6 more replies! Ask a question or join the discussion by visiting our Community Forum