Why not use a service policy on the input interface to color your traffic? This can be sent by radius as well depending on your ios. With this method you could even classify different incoming traffic(ie high priority, normal ecc) inside the VPN. Then match based on dscp.
Much more flexible Brian -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Andy Saykao Sent: venerdì 23 gennaio 2009 0.58 To: cisco-nsp@puck.nether.net Subject: [c-nsp] MPLS Question - Applying QoS using MQC Hi All, I have just have a few questions about MQC and how to use the class-map match command to match incoming traffic from MPLS VPN customers at the PE so that we can apply the correct QoS treatment. 1/ Match Sub-Interfaces ??? For example, we have some MPLS VPN customers that are connected via sub-interfaces (eg: Gi0/1.902) and the class-map match command doens't allow you to match on sub-interfaces. Any ideas on how to match traffic from sub-interfaces? interface GigabitEthernet0/1.902 description PE to CE_CUST_A_1 encapsulation dot1Q 902 ip vrf forwarding NSTEST ip address 10.15.99.9 255.255.255.252 ! test-mpls-cr(config)#class-map match-all TEST test-mpls-cr(config-cmap)#match input-interface gigabitEthernet 0/1.902 ^ % Invalid input detected at '^' marker. Can we just match on VLAN instead??? test-mpls-cr(config)#class-map match-all TEST test-mpls-cr(config-cmap)#match input-interface vlan ? <1-4095> Vlan interface number 2/ Match ADSL ??? Some MPLS VPN customers are also connected via ADSL (PPPoX) and get placed in the corresponding VRF by radius. How do we perform a match on these MPLS VPN customers that are connecting via ADSL? I see that we can match on virtual-template but currently all of our ADSL subscribers use the same virtual-template. test-mpls-cr(config)#class-map match-all TEST test-mpls-cr(config-cmap)#match input-interface virtual-template ? <1-1000> Virtual-Template interface number If I set up a new virtual-template for MPLS VPN customers this might work, but then not all ADSL MPLSVPN customers will want to pay for QoS, so I guess we will have to create TWO new virtual-templates (one for those MPLS VPN customers who want QoS and the other for customers who don't want to pay for QoS). Any others ideas on how this can be accomplised? 3/ Match ATM interfaces??? How do I match MPLS VPN customers that are connected via ATM??? interface ATM1/0.304470 point-to-point bandwidth 2048 ip vrf forwarding NSTEST ip address 10.15.100.1 255.255.255.252 ip flow ingress atm route-bridged ip no atm enable-ilmi-trap pvc 10/100 ubr 2048 encapsulation aal5snap Given that MPLS VPN customer's can use overlapping IP addresses, I don't think we can match on source or destination IP addresses. Thanks. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/