I knew someone else out there would see this problem. Skeeve the problem is the you can't run QOS and NDE concurrently. Both NDE and QOS use the same TCAM hardware and therefor you can't have two different FLOWMASKS. This rule applies to any QOS feature like UBRL User Based Rate Limiting which uses microflows. Only one or the other will function correctly. We have the same problem here because we have been using UBRL and now want to use NDE. We have 720-3Bs which support multiple flowmasks, but they have only allocated two for the netflow TCAM and those two appear to be an exclusive function, where you can have two for UBRL ( like SRC and DST masks) or NDE (interface-full) not both.
I hate to say it but if you look hard enough the doc states that QOS and NDE don't work together. Both are very important features and should work. Princeton U. has been in touch with CISCO, but there seems to be no solution. Jeff Fitzwater OIT Network & Telecommunications Systems Princeton University On Dec 10, 2007, at 9:24 AM, Skeeve Stevens wrote: > > Hey guys, > > I am trying to setup NAT for a few machines on a private network which > enters a 7609 on a Ethernet interface. > When I put the NAT commands, this error appears in the logs, and the > NAT > does not work. > > Can someone point me in the right direction to figure out what is > going on? > > …Skeeve > > === > Error Message > %FM_EARL7-4-MLS_FLOWMASK_CONFLICT : mls flowmask may not be honored on > interface [chars] due to flowmask conflict > Explanation The configured MLS flow mask conflicts with other > features/QoS configuration. The traffic on this interface will be > sent to > software under this condition. NetFlow data export may not function > correctly for this interface under this condition. > Recommended Action Remove the conflicting configuration and re- > configure > the MLS flowmask > > > > -- > Skeeve Stevens, RHCE > [EMAIL PROTECTED] / www.skeeve.org > Cell +61 (0)414 753 383 / skype://skeeve > > eintellego - [EMAIL PROTECTED] - www.eintellego.net > -- > I'm a groove licked love child king of the verse > Si vis pacem, para bellum > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/