11-21-2017 08:11 AM - edited 03-17-2019 11:38 AM
Fairly new to QOS and trying to setup a policy-map to identify traffic from an ACL. Pretty standard - but the policy does not seem to be marking traffic.
We are using Avaya 9608 and 4610 IP phones. Both use DSCP 46 it looks like for both Signaling and Audio. When I attached wireshark to see what traffic the phones produce I saw that the UDP traffic appears to be Audio and TCP is signaling - so I created two access lists that look like this:
Extended IP access list 100
10 permit tcp x.x.x.x x.x.x.x host x.x.x.x
Extended IP access list 101
10 permit udp x.x.x.x x.x.x.x host x.x.x.x
Then created the class-maps and policy maps:
class-map match-all VOIP-TRAFFIC
match access-group 100
class-map match-all VOIP-SIGNALING
match access-group 101
policy-map QOS-TRAFFIC-PHONES
class VOIP-TRAFFIC
set dscp ef
class VOIP-SIGNALING
set dscp cs3
class class-default
set dscp default
Then I added it to my interface:
interface GigabitEthernet1/0/2
switchport access vlan 25
switchport mode access
switchport nonegotiate
switchport voice vlan 26
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
service-policy input QOS-TRAFFIC-PHONES
Initially I used the auto qos voip trust command on the port - this created all the auto qos queues - so those are in place. When I run the show mls qos int gi 1/0/2 statistics command - I can track that dscp 46 traffic is going into queue 1 - which tracks with the default queues and setup from auto qos. Problem is that when I run the "show policy-map int gi 1/0/2" command I don't see any indication that packets are being marked by the map.
Am I overthinking this? Is it easier to just run "mls qos trust DSCP" on each port and go with the AUTO QOS queues?
Appreciate any responses.
11-21-2017 09:45 AM
show policy-map interface command won't show hits in catalyst switches. The packets will be marked if matched correctly and you can confirm that by spanning the exit interface of the switch and see marked packets.
Do the following:
- Remove the service policy and identify the exist interface in the switch
- use the command show mls qos interface x/x statis (multiple times) and look for outgoing dscp of exist interface. You shouldn't see increments on 46 dscp since the incoming dscp was untrusted
- Apply the service policy and check the same command again (multiple times), you see hits in the outgoing dscp 46 if matched correctly
Example (below outgoing dscp 46 counter 0, i.e. no dscp 46 marked in outgoing):
3750x-switch-01#sh mls qos interface t1/1/1 statistics
TenGigabitEthernet1/1/1 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 438223457 0 0 0 0
5 - 9 : 0 0 0 1 0
10 - 14 : 107 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 21381914
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 77921472 0 49821090 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 953714548 0 0 0 0
5 - 9 : 0 0 0 409 0
10 - 14 : 17023 0 0 0 0
15 - 19 : 0 0 0 4374 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 383942 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 293512 0 0 0
60 - 64 : 0 0 0 0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide