cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1324
Views
0
Helpful
8
Replies

QoS marking point: physical interface and vlan interface service-policy

Hi,

I have a 7600 Series router with a trunk switchport on it. The trunk port has a bunch of vlans allowed and a service-policy on it. Here is the config:

interface GigabitEthernet1/1
 description -- Voice --
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100-200,500
 switchport mode trunk
 switchport nonegotiate
 load-interval 30
 speed 1000
 duplex full
 no wrr-queue random-detect 2
 no wrr-queue random-detect 3
 wrr-queue cos-map 3 1 4
 wrr-queue cos-map 3 2 6 7
 priority-queue cos-map 1 3 5
 storm-control broadcast level 10.00
 storm-control multicast level 10.00
 no cdp enable
 service-policy input mark-SIP
end

I added a new vlan 500 interface and need to mark inbound SIP and RTP traffic on it. The config is below:

interface Vlan500
 description -- TEST --
 ip vrf forwarding TEST_VRF
 ip address 192.168.1.1 255.255.255.0
 service-policy input mark-SIP-and-RTP
end

The problem is that on the other end of the link I see only SIP marked packets but not RTP. It seems that service-policy on Vlan interface does not work properly.

Could there be some conflict between service-policy on the physical interface and the "child" policy on Vlan interface? Is there any dependence between them? Could you advise any materials to read to solve this question?

Thanks!

8 Replies 8

Dennis Mink
VIP Alumni
VIP Alumni

Dude,  

can you tell us how you are matching traffic to fall under the "service-policy input mark-SIP"?   what ACL's/dscp matching have you got?

cheers

Please remember to rate useful posts, by clicking on the stars below.

Here is the config for this policy:

ip access-list extended mark-SIP
 permit udp any eq 5060 any
 permit udp any any eq 5060

class-map match-all mark-SIP
  match access-group name mark-SIP

policy-map mark-SIP
 class mark-SIP
  set dscp cs3

Guys,

thanks for your replies.

Actually it apeared the only solution for this case. Since every VLAN is by definition a separate ip subnet, then in the provided ACL I should permit traffic from this subnet (not permit any, but, e.g.

permit udp 192.168.1.0 0.0.0.255 eq 5060 any 

and so on). Then everithing works as expected.

The rest of provided config is fine.

Folks, are there some ideas regarding this issue?

Can u share full config?

Hi Mohammed,

I can't share another parts of the config right now. Anyway I suppose that there is no use of it. I'll try to clarify the initial question:

We have a trunk switchport with configured service-policy input command (as shown above). How can I configure another service-policy which will work on a single vlan from that trunk?

Can u share full config?

Can u share full config?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: