Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Before you configure the platform qos match-statistics per-ace command to enable QoS per-ACE packet-matching statistics, you must configure the platform qos match-statistics per-filter command to enable QoS per-filter packet-matching statistics. If you do not, the CLI rejects the command and displays an error message.

If a QoS policy-map is attached to the device when you configure the platform qos match-statistics per-ace command, the command does not take effect until you do one of the following:

• Reload the device.

• Detach all QoS policies and configure the command again.

Enabling the Per ACE QoS Statistics feature may increase CPU utilization on a scaled configuration. Before you enable it, you should weigh the benefits of the statistics information against the increased CPU utilization on the system.

Note	You must configure the platform qos match-statistics per-filter command before you configure the platform qos match-statistics per-ace command.

The Per ACE QoS Statistics feature provides hit counters for ACEs used in QoS policies. When enabled, the feature adds QoS hit counters for any ACEs used in a QoS policy to the existing security access-list counters for that ACE. You can use the show ip access-lists command to display the access-list counters, as shown in this example:

Device# show ip access-lists

Extended IP access list A1
10 permit ip 10.1.1.0 0.0.0.255 any (129580275 matches)
Extended IP access list A6and7
10 permit ip 10.1.6.0 0.0.0.255 any (341426749 matches)
20 permit ip 10.1.7.0 0.0.0.255 any (398245767 matches)
Extended IP access list source
10 permit ip any host 10.1.1.5 (16147976 matches)

The QoS hit counters (for ACEs used in QoS policies) will be added to the counters shown in the sample output.

Note the following conditions when you enable the Per ACE QoS Statistics feature:

• The show ip access-lists command does not display interface information. This means that access-list counts are not interface-specific; they are aggregate counters of all hits for all features that use the ACEs and support the counts across all interfaces and directions.

• You can use the show policy-map interface command to display interface-specific counts if QoS per-filter packet matching statistics is enabled. However, this command displays only counts per-filter [access-control list (ACL) or access-group], not counts per-ACE, as shown in this example:

  Device# show policy-map interface GigabitEthernet0/0/2
  
   GigabitEthernet0/0/2 
  
    Service-policy input: test-match-types
  
      Class-map: A1orA2-class (match-any)
        482103366 packets, 59780817384 bytes
        5 minute offered rate 6702000 bps
        Match: access-group name A1
          62125633 packets, 7703578368 bytes
          5 minute rate 837000 bps
        Match: access-group name A2
          419977732 packets, 52077238892 bytes
          5 minute rate 5865000 bps
  

• If an ACE is present in a QoS filter (that is, a match statement within a class map) but the packet does not match the ACE, the ACE counter is not incremented for that packet. This can happen in the following circumstances:

  • The ACE is used in a “deny” statement.

  • Other matching criteria in a “match-all” class-map definition (for example, “match ip prec 1”) prevent the packet from matching the class.

  • Other matching criteria in a “match-any” class-map definition (for example, “match ip prec 1”) match the packet and prevent it from matching the ACE match criteria (that filter precedes the ACE filter and the packet matches both statements).

• Access-list counts are an aggregate, for a particular ACE, of the hit counts for all features that use that ACE and support per-ACE counts. This means that a single packet might hit, and be counted by, multiple features using the same ACE, and, therefore, result in multiple counts for the same packet as it traverses each feature.

  The following example shows these multiple counts. Only 1,000 packets were received on the interface but the access-list counts show 2,000 hits, 1,000 for the security access list and 1,000 for the QoS service policy.

  Device(config)# ip access-list extended A1
  permit ip 32.1.1.0 0.0.0.255 any
  class-map match-all A1-class
  match access-group name A1
  interface GigabitEthernet0/0/2
  ip address 10.0.0.1 240.0.0.0
  ip access-group A1 in
  duplex auto
  speed auto
  media-type rj45
  no negotiation auto
  service-policy input simple
  end
  
  Device# show access-lists
  
  Extended IP access list A1
  10 permit ip 10.1.1.0 0.0.0.255 any (2000 matches)
  
  Device# show policy-map interface GigabitEthernet0/0/2
  
  Service-policy input: simple
  Class-map: A1-class (match-all)
  1000 packets, 124000 bytes
  5 minute offered rate 4000 bps
  Match: access-group name A1
  Class-map: class-default (match-any)
  0 packets, 0 bytes
  5 minute offered rate 261000 bps, drop rate 0 bps
  Match: any

Device# show platform hardware qfp active feature qos config global

Marker statistics are: disabled
Match per-filter statistics are: enabled <<<<<<<
Match per-ace statistics are: disabled <<<<<<
Performance-Monitor statistics are: disabled

1.    platform qos match-statistics per-filter


2.    platform qos match-statistics per-ace

Device(config)# platform qos match-statistics per-filter

Device(config)# platform qos match-statistics per-ace