6.2b, MQC classification, nbar, marking…

a simple network using ospf… on r3 we will classify and mark http and icmp traffic destined for r1 using MQC with NBAR…

click below on qos_mqc… it is a zip with only the ip addressing set up… the host is actually a vm adapter that will need to be adjusted per your system…


6.2.b qos

r3(config-if)#do sh ip route | b Gate
Gateway of last resort is not set

O [110/2] via, 01:05:04, FastEthernet1/0 is subnetted, 1 subnets
O [110/2] via, 01:05:04, FastEthernet0/0
C is directly connected, FastEthernet1/0
C is directly connected, FastEthernet0/0

the 10 network connects  the host hanging off router 4…

first we’ll classify the traffic using two class maps and NBAR (network based application recognition) This is accomplished simply using the match protocol command and choosing from the list…

r3(config-cmap)#match protocol ?
aarp              AppleTalk ARP
appletalk         AppleTalk
arp               IP ARP
bgp               Border Gateway Protocol


we’ll match on icmp and http:

(ICMP and HTTP are the names of the class-maps)

class-map match-all ICMP
match protocol icmp
match access-group 1
class-map match-all HTTP
match protocol http
match access-group 1

we want to target traffic from the host network using access-list 1, therefore access-group 1 in the class-map…

r3#sh access-list
Standard IP access list 1
10 permit, wildcard bits
20 permit any

then we want to mark the traffic using a policy-map

(ICMP-WEB is the name of the policy-map)

policy-map ICMP-WEB
class HTTP
set dscp af21
class ICMP
set dscp af23

note that i’ve classified both protocols the same, however ICMP is more likely to be dropped because it has a higher drop probability…

then i place the service-policy on the interface that is receiving the host network traffic…

r3(config)#do sh run int f0/0
Building configuration…

Current configuration : 128 bytes
interface FastEthernet0/0
ip address 255.255.255.

service-policy input ICMP-WEB

before we begin generating traffic, we’ll check on the policy-map interface:

sh policy-map int

the counters are clear; send http:


send icmp:


and now we’ll check our work:


note traffic not assigned gets shipped as class-default…