Symptom
When using an ACL with a specific TCP flag that is attached to a Class-Map, the service policy will be rejected.
Example:
ip access-list extended ACL-TEST
permit tcp any any eq 22 psh < ---------
permit tcp any eq 22 any psh < --------
class-map match-any CLASS-MAP-TEST
match access-group name ACL-TEST
policy-map PM-TEST
class CLASS-MAP-TEST
set dscp af21
Caused by the TCP flag "psh" , other flags can be affected too.
9200(config-if)#service-policy input PM-TEST
Internal Failure - filter parsing failed
9200(config-if)#
*Dec 22 21:05:52.162: Policy is not allowed with qos profile default. Rejecting policy < ----------------
Further Problem Description
According to the official documentation - the way to support TCP flags is enabling the " extended QoS profile" command, however the keyword "extended" is not available on this specific platform.
9200(config)#qos ?
Global QoS configuration subcommands:
airtime Airtime
diffservmib RFC3289 support for QoS policy-maps
queue-softmax-multiplier global multiplier(%) for queue soft buffer maximal
size
queue-stats-frame-count global config for queue counters in frames
rewrite Allow DSCP rewrite during COS marking
