Solved: Advice on Auto-QoS Settings Added Automatically

Matthew Martin · ‎02-14-2017

Hello All,

Device: WS-C2960X-24PS-LVersion: 15.0(2a)EX5

This is a new device being configured for one of our locations.

I was using another switch in our network as a reference while configuring this one, and I added the command "auto qos voip cisco-phone" to the first switchport I started configuring. Adding this command caused a bunch of global and interface-specific configuration commands to be automatically added to my config.

So I'm wondering if there is anything in this config below that I should tweak? Also, this first part below here shows the first Switchport I started configuring, which also had a couple of extra commands added to it as well, which I'll highlight below. Should I keep these commands that were auto-added in the interface configs? Not positive what they do exactly...

*The bold and underlined commands below were added automatically, assuming after I added the "auto qos voip cisco-phone" command...

!
interface GigabitEthernet1/0/1
 switchport mode access
 switchport voice vlan 2
 srr-queue bandwidth share 1 30 35 5
 priority-queue out 
 authentication event fail action next-method
 authentication event server dead action authorize vlan 1
 authentication event server alive action reinitialize 
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication violation restrict
 mab
 mls qos trust device cisco-phone
 mls qos trust cos
 dot1x pae authenticator
 dot1x timeout tx-period 10
 auto qos voip cisco-phone 
 spanning-tree portfast
 service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
!

Was also curious why it only added what looks like QoS settings for the input policy..?

Below are the global configuration commands that were added automatically after I entered the "auto qos..." command to the 1st Switchport interface that you see above.

!
mls qos map policed-dscp  0 10 18 24 46 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
!....
!..............
!....
!
class-map match-all AUTOQOS_VOIP_DATA_CLASS
  match ip dscp ef 
class-map match-all AUTOQOS_DEFAULT_CLASS
  match access-group name AUTOQOS-ACL-DEFAULT
class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS
  match ip dscp cs3 
!
policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY
 class AUTOQOS_VOIP_DATA_CLASS
   set dscp ef
  police 128000 8000 exceed-action policed-dscp-transmit
 class AUTOQOS_VOIP_SIGNAL_CLASS
   set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
 class AUTOQOS_DEFAULT_CLASS
   set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
!

Basically, all of the switchports will be used as User workstations that will have mostly just a PC and a Cisco IP Phone. Some may have printers as well, but for the most part just PCs and Phones (*and one port for an AP and one for an uplink to the router, but they'll just be trunk ports).

So any advice someone could give on these Auto QoS settings that were added automatically, it would be greatly appreciated... i.e. do I need to tweak or add anything to these settings, or is there anything on the switchport's configuration that is not necessary to include in the interface configs?

Thanks in Advance,
Matt

Mark Malone · ‎02-15-2017

Yes so what your doing there on the serial is purely for voice traffic

If your remove the auto qos from the interfaces it will remove the class maps etc belonged to it

For MLS just do no mls qos in global config mode

and then just to be sure do below will make sure its removed everywhere as example

interface range g1/0/1 - 48

no mls qos

*********************

Yes if you do go qos using mls qos trust dscp is probably the easiest way to setup and be sure your markings are being carried , basically if you have Cisco phones they mark each packet before leaving the phone with ef 46 which is what you want the port will then trust this prioritize it in a queue in MLS (4 queues altogether 1 priority gets created) and pass it to the router retaining the marking then the layer 3 qos kicks in at the serial interface ensuring its gets its bandwidth and is pushed through

also use mls qos trust dscp on the trunk uplink to the router , when deploying qos at layer 2 you must hit each ingress/egress port and make sure theres nowhere that the packet passes though that the mls is missing

Incase you do have any ios-xe switches like 3850s or 36s just so your aware dscp is trusted by default same as nx-os software just not in ios yet ,so you don't really need to do anything unless your tweaking something for specific traffic

View solution in original post

Mark Malone · ‎02-15-2017

Hi Matthew

Ok so 1st thing you don't need Auto and MLS running on same switch that's overkill , there doing the same thing so chose 1 to mark the traffic and remove the other , there is no real diff between them , some switches support both some only 1 version

Auto qos as you seen will generate actual class and policy maps which it will use

MLS creates buckets and prioritizes traffic that way, with shared round robin srr

As well priority-queue out can starve a port If there is a PC connected in the queues as in MLS its saying service the voice queue first until its empty then work on the other 3 queues , you might want to avoid that command

***********************************************

MLS

if possible at access use mls qos trust dcp instead of cos

Your auto mappings are correct anyway if you have to use cos

Cos 5 = DSCP 46

mls qos map cos-dscp 0 8 16 24 32 46 48 56

1 2 3 4 5

So all you really need on an interface for MLS is mls trust dscp

Use that on the trunk uplink too as its layer 3 header its entered in , cos is for layer 2 but if you can use DSCP at access you should instead of cos as it has to be re-mapped

***********************************************

Auto-qos

all thats required really is set the port up if Cisco as you have , obviously don't use that if non cisco phones use something like auto qos trust voip

depending what way you set auto will depend on what class maps you end up with

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/qos/configuration_guide/b_qos_3se_3850_cg/b_qos_3se_3850_cg_chapter_0100.html#reference_E759D1E32E5B4F62B8933FD8967967B2

Matthew Martin · ‎02-15-2017

Hey Mark, thanks for the reply and taking the time to explain it a bit, much appreciated!

Ok so, it sounds like you would lean more towards using MLS instead of Auto-QoS, is that correct?

If MLS is the better way to go, what commands should I remove or add to the interfaces to fix this up? So far, I removed a couple of the commands and added another, and assuming staying with MLS, I assume I should remove the "auto qos..." command.?

interface Gi1/0/1
 no priority-queue out
 no mls qos trust cos
 no auto qos voip cisco-phone
 mls qos trust dscp
exit

Would there be any others that I should remove? Here is the interface after entering the commands above:

2960sw1(config)#do show run int Gi1/0/1      
Building configuration...

Current configuration : 522 bytes
!
interface GigabitEthernet1/0/1
 switchport mode access
 switchport voice vlan 2
 authentication event fail action next-method
 authentication event server dead action authorize vlan 1
 authentication event server alive action reinitialize 
 authentication host-mode multi-auth
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication violation restrict
 mab
 mls qos trust dscp
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
end

Thought....
This equipment, the 2960X and an ISR4321 will be replacing an old 1861 at our remote location. I was just checking out the configuration on that old 1861, and it looks like the only QoS stuff that I see configured on there is on the Serial Interface (*i.e. which is the T1 Line for MPLS). No other interfaces have that configured. So I'm wondering if this would be a better way to go, these remote branches of ours only have a few employees working in there and then customers using our Public Wi-Fi occasionally. So would you think it's even necessary for me to use any kind of QoS configuration? I've never really configured any QoS stuff before so I'm not sure if I'll get any benefits from configuring this? What do you think..?

Thanks again for your reply, very much appreciated!

Thanks,
Matt

Mark Malone · ‎02-15-2017

Hi

honestly you probably don't need qos at all then on your lan switches and as well layer 2 qos can introduce problems if configured incorrectly or not monitored properly to see if the queues are ok and traffic is hittig the right ones and has enough depth/space

So what they had done is just mark at the bottle neck T1 which is right too layer 3 qos , and that's where it really counts as theres a cram to get on the line so priority is important but on a gig link not heavily utilized qos wont even come into real effect

The decision is really up to you whether you think you need it but if your LAN is not congested then probably not from what you have described

what you have set on the access port is all you need if you go with it ...mls qos trust dscp

do the same for the uplink if you go qos

Matthew Martin · ‎02-15-2017

Hey Mark, thanks again for the reply!

Ok cool, was hoping you'd say that... So I'll just remove the QoS settings on the 2960X switch and just leave the QoS settings the way they are already configured on the ISR4321.

Sorry, one last time (*just so I understand correctly)... Basically, if I wanted QoS on the LAN ports, *i.e. the "Access" interfaces, which I believe would be any interface configured for, let's say a user PC and a Cisco IP Phone, I would only really need the command "mls qos trust dscp" as far as QoS commands go, correct?

On the ISR, I modeled its configuration off the old 1861 I mentioned in my previous comment. The only QoS stuff on here is configured on the T1 line like I mentioned.

The ISR has the following QoS configured on it:

!
class-map match-any AutoQoS-VoIP-RTP-Trust
 match ip dscp ef 
class-map match-any AutoQoS-VoIP-Control-Trust
 match ip dscp cs3 
 match ip dscp af31 
!
policy-map AutoQoS-Policy-Trust
 class AutoQoS-VoIP-RTP-Trust
  priority percent 70
 class AutoQoS-VoIP-Control-Trust
  bandwidth percent 5 
 class class-default
  fair-queue
!
interface Serial0/1/0:0
 ip address W.X.Y.Z 255.255.255.252
 zone-member security WAN
 encapsulation ppp
 service-policy output AutoQoS-Policy-Trust
!

So if that's what is configured on the ISR, should I even worry about any QoS on the 2960X.?

Is there a quick command that would remove all of the "mls qos ..." lines (*which is about 25-30 lines in total) from the 2960X? I tried just doing "no mls qos" globally, but that only removed the line "mls qos" at the end of the mls qos maps.

Thanks Again,
Matt

Mark Malone · ‎02-15-2017

Yes so what your doing there on the serial is purely for voice traffic

If your remove the auto qos from the interfaces it will remove the class maps etc belonged to it

For MLS just do no mls qos in global config mode

and then just to be sure do below will make sure its removed everywhere as example

interface range g1/0/1 - 48

no mls qos

*********************

Yes if you do go qos using mls qos trust dscp is probably the easiest way to setup and be sure your markings are being carried , basically if you have Cisco phones they mark each packet before leaving the phone with ef 46 which is what you want the port will then trust this prioritize it in a queue in MLS (4 queues altogether 1 priority gets created) and pass it to the router retaining the marking then the layer 3 qos kicks in at the serial interface ensuring its gets its bandwidth and is pushed through

also use mls qos trust dscp on the trunk uplink to the router , when deploying qos at layer 2 you must hit each ingress/egress port and make sure theres nowhere that the packet passes though that the mls is missing

Incase you do have any ios-xe switches like 3850s or 36s just so your aware dscp is trusted by default same as nx-os software just not in ios yet ,so you don't really need to do anything unless your tweaking something for specific traffic

Matthew Martin · ‎02-15-2017

Hey Mark,

Ok great, I've remove the "auto qos" from the individual interfaces. Then I did the "no mls qos" global command, as well as removing it from each interface as you showed in your example.

Lastly, since the ISR router has AutoQoS-VoIP... class/policy-maps configured for the T1 line, which is for our MPLS, I should add the command "mls qos trust dscp" to the trunk port of the 2960X that connects that switch to the ISR Router? If yes, does anything like that need to be added to the ISR's port that goes to the switch?

ISR Interface(s) connecting it to the 2960X Switch:

!
interface GigabitEthernet0/0/1
 description Uplink to Switch
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/1.1
 description Inside 10.22.1.1 Interface
 encapsulation dot1Q 1 native
 ip address 10.22.1.1 255.255.255.0
 ip nat inside
 zone-member security INSIDE
!
interface GigabitEthernet0/0/1.2
 description Inside 10.22.2.1 Interface
 encapsulation dot1Q 2
 ip address 10.22.2.1 255.255.255.0
 zone-member security INSIDE
 h323-gateway voip interface
 h323-gateway voip bind srcaddr 10.22.2.1
!
interface GigabitEthernet0/0/1.7
 description PubWiFi 10.22.7.1 Interface
 encapsulation dot1Q 7
 ip address 10.22.7.1 255.255.255.0
 ip nat inside
 zone-member security PUBWIFI
!

Interface on 2960X Connecting it to the ISR Router:

!
interface GigabitEthernet1/0/24
 description Uplink to ISR4321
 switchport mode trunk
 ip dhcp snooping trust
!

My apologizes if I'm misunderstanding, but I believe you were saying to still add that "mls qos trust dscp" to the 2960X's Trunk port connecting it to the ISR Router, even though I'm not going to do QoS on any of the other ports of the 2960...?

Thanks Again,
Matt

Mark Malone · ‎02-15-2017

Hi

no don't use it on any interface if your not applying qos , mls commands are all purely layer 2 qos so make sure there applied anywhere

then just check with show mls qos to make sure nothings enabled

You shouldn't be able to add it to the router side anyway as its a router and those commands are only on switches

Matthew Martin · ‎02-15-2017

Ohh ok... Sorry, I understand now, that makes sense!

Ok cool, well all that makes sense. Just want to thank you again for all your help and your very quick replies... It is very much appreciated!

Thanks AGAIN,Matt

Matthew Martin · ‎02-15-2017

Is this 2nd line in the output below anything I need to worry about? I can't find any other mention of mls or qos in the entire config, so not sure how that is "enabled"..:

2960sw1#show mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled

2960sw1#
2960sw1# show run | inc mls
2960sw1# show run | inc qos
2960sw1#

Thanks,
Matt

Mark Malone · ‎02-16-2017

You could run this but I don't think it will have an effect anyway as qos is globally disabled , so should effect you

no mls qos rewrite ip dscp