Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1558
Views
0
Helpful
10
Replies

QoS DSCP marking

typeonegative
Level 1
Level 1

‎03-30-2012 09:06 AM - edited ‎03-04-2019 03:51 PM

Hey,

I have C3560 and encoutered with such issue, that it doesn't mark packets I want. Configuration:

int vlan 100

...

service-policy input REDIRECT

!

class-map match-all HTTP

match access-group name ACL_HTTP

!

policy-map REDIRECT

class HTTP

  set dscp 63

!

ip access-list extended ACL_HTTP

permit tcp host 192.168.1.6 any eq www

!

C3560#show mls qos

QoS is enabled

QoS ip packet dscp rewrite is enabled

I have the same configuration on C3750, everything works. Any ideas?

Donatas.

Labels:
0 Helpful
10 Replies 10

John Blakley
VIP Alumni
VIP Alumni

‎03-30-2012 09:15 AM

What do you get if you do a "sho policy-map inter vlan 100"?

HTH, John *** Please rate all useful posts ***
0 Helpful

typeonegative
Level 1
Level 1
In response to John Blakley

‎03-30-2012 09:39 AM

C3560#show policy-map interface vlan 100

Vlan100

  Service-policy input: REDIRECT

    Class-map: HTTP (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: access-group name ACL_HTTP

    Class-map: class-default (match-any)

      1893 packets, 398571 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: any

        1893 packets, 398571 bytes

        5 minute rate 0 bps

As I see 0 packets, 0 bytes ;-) Maybe here it's a problem.

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to typeonegative

‎03-30-2012 09:45 AM

Is your host 192.168.1.6 in vlan 100?

HTH, John *** Please rate all useful posts ***
0 Helpful

typeonegative
Level 1
Level 1
In response to John Blakley

‎03-30-2012 09:47 AM

Yes, ofcourse. I have internet from that host, but I don't understand, why C3560 doesn't catch this packet.

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to typeonegative

‎03-30-2012 09:59 AM

Well, my first thought is to try changing your www traffic to icmp. Ping from the 192 host to something out and see if it marks. If it does, it has to do with the direction that your web traffic is coming from. Is the 192 host a web server? If not, you may never see marking on web traffic inbound.

HTH, John *** Please rate all useful posts ***
0 Helpful

typeonegative
Level 1
Level 1
In response to John Blakley

‎03-30-2012 12:24 PM

I tried with access-list 101 permit icmp any any and with no success.

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to typeonegative

‎03-30-2012 01:09 PM

Can you post the interface configuration? "sh run int "

HTH, John *** Please rate all useful posts ***
0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to typeonegative

‎03-30-2012 01:27 PM

Donatas,

On the ports that you need to have monitored, make sure that you have "mls qos vlan-based" configured on the port. Then you should be able to see packets.

John

Please rate all useful posts...

HTH, John *** Please rate all useful posts ***
0 Helpful

Vasileios Bouloukos MSc, ITIL, CCIE
Level 3
Level 3

‎03-30-2012 01:20 PM

Hi Donatas,

Could you add also the next entry to your AL and check if it has hits? Please,  check also with policy map if marks packets.

ip access-list extended ACL_HTTP

permit tcp host 192.168.1.6 any eq www

permit tcp host 192.168.1.6 eq www any

Then I would recommend to add the general entry

permit ip host 192.168.1.6 any

and check with policy map if marks packets.

Then, if still does not mark packets I would sugget to apply the service policy to the out direction too.

Hope that helps,

Vasilis

0 Helpful

Steve Galarza
Level 1
Level 1

‎10-22-2020 06:46 PM

Hi All,

 

New at implementing DSCP. And hoping you can help. 

 

We have moved to softphones and need to start marking DSCP for QoS on L2s. But I keep running into a problem where class-map is being mapped but the class-group does not. I am not sure what I am missing.

 

here is my config:

 

config) ip access-list extended VOIP
config-ext-nacl) permit udp any any range 16384 32767
exit

config) ip access-list extended SIP
config-ext-nacl) permit udp any any range 5060 5061
config-ext-nacl) permit tcp any any range 5060 5061
exit

config) class-map match-any VOIP-TRAFFIC
config-cmap) match access-group name VOIP

config-cmap) class-map match-any SIGNALLING
config-cmap) match access-group name SIP
exit

config) policy-map LTU-INGRESS-POLICY
config-pmap) class VOIP-TRAFFIC
config-pmap-c) set dscp ef
config-pmap-c) class SIGNALLING
config-pmap-c) set dscp CS3
exit

int gig1/0/37
service-policy input LTU-INGRESS-POLICY

 

Here is how I was monitoring the policy-map:

 

SW-LAB#show policy-map int gig1/0/37
GigabitEthernet1/0/37

Service-policy input: LTU-INGRESS-POLICY

Class-map: VOIP-TRAFFIC (match-any)
12431 packets
Match: access-group name VOIP
0 packets, 0 bytes
5 minute rate 0 bps
QoS Set
dscp ef

Class-map: SIGNALING (match-any)
545 packets
Match: access-group name SIP
0 packets, 0 bytes
5 minute rate 0 bps
QoS Set
dscp cs3

Class-map: class-default (match-any)
6399 packets
Match: any

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card