Section 8.3 IP SLA verification not working

I am trying to verify my policy-map in section 8.3 works, but so far my verification method is failing me.

I have IP SLA setup on BB2 to generate UDP packets with dest port 666. But no luck.

 

ip sla monitor 1
 type udpEcho dest-ipaddr 131.1.4.4 dest-port 666 source-ipaddr 220.20.3.1
 timeout 200
 frequency 1
ip sla monitor schedule 1 life forever start-time now

 

Policy-map below shows only matches on class-default. Class-default is incrementing, but class WORM is not.

On R3.

ip nbar custom WORM udp 666

Rack1R3#show policy-map int e0/0 in
 Ethernet0/0

  Service-policy input: DROP_WORM

    Class-map: WORM (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol WORM
      drop

    Class-map: class-default (match-any)
      155 packets, 15175 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

And R4 shows packets received from BB2.

*Mar  2 00:22:06.377: IP: s=220.20.3.1 (Serial1/0.34), d=131.1.4.4, len 80, rcvd 4

Any idea why this is failing to drop packets?

 

Thanks.

Comments

  • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">








    You need to disable control packets otherwise the
    destination port will be 1967. Here's the config:

     

     

    ip sla monitor 1
     type
    udpEcho dest-ipaddr 131.1.4.4 dest-port 666 source-ipaddr 220.20.3.1 control disable

     timeout
    200
     frequency 1
    ip sla monitor schedule 1 life forever start-time
    now

     

    Do a
    "debug ip packet detail" in BB2 and see the difference.

     
    <!>

    Regards,

    Antonio Soares,
    CCIE #18473 (R&S)
    [email protected]

    Antonio Soares, CCIE #18473 (RS/SP/DC)
    [email protected]
    http://www.ccie18473.net

  • Yep, that was the key!  Thanks!

Sign In or Register to comment.