10-02-2018 03:11 AM - edited 03-05-2019 10:57 AM
Hello,
I need your Help please regarding to this request :
I need to configure my switches ( 2960X ) so that packets with these DSCP values are tagged? ( They are already configured on Skype servers and clients )
Skype for Business Signaling, DSCP 28, source port TCP 5060:5079
Skype for Business Audio, DSCP 46, source port TCP/UDP 50020:50039
Skype for Business Video, DSCP 34, source port TCP/UDP 58000:58019
Skype for Business Application Sharing, DSCP 24, source port TCP/UDP 42000:42019
Skype for Business File Transfer, DSCP 14, source port TCP/UDP 42020:42059
Can you please help me with a procedure / steps / commands ?
Thank you so much...
Hamza
Solved! Go to Solution.
10-02-2018 09:26 AM
mls qos
mls qos rewrite dscp
int range gi1/0/1 - 48
auto qos trust dscp
Keep in mind that QoS has to be setup to trust DSCP markings on every switch along a path. If you have a switch trunked to another switch and it is not configured, you can lose the marking. It is easy to use Wireshark and test between two endpoints to verify that the packets are marked on both ends. It is also pretty easy to setup a group policy in Windows to push Skype settings to every computer so that packets are marked correctly. Unless they changed the application, it does not do that by default.
Please mark helpful posts.
10-02-2018 03:28 AM
Hi, If IP packets are already tagged you can simply configure the switch to honour the DSCP:
on the port you must configure the command mls qos trust dscp.
Anyhow you can configure an ACL to select the interested traffic:
general qos config:
mls qos srr-queue input priority-queue 2 bandwidth 20
mls qos srr-queue input cos-map queue 1 threshold 3 0 1 2 3 4
mls qos srr-queue input cos-map queue 2 threshold 3 5 6 7
mls qos srr-queue output cos-map queue 1 threshold 3 5 6 7
mls qos srr-queue output cos-map queue 2 threshold 3 4
mls qos srr-queue output cos-map queue 3 threshold 3 2 3
mls qos srr-queue output cos-map queue 4 threshold 3 0 1
mls qos
acl to select traffic:
access-list 102 remark select skype
access-list 102 permit tcp any any range 5060 5079
access-list 102 permit tcp any any range 50020 50039
access-list 102 permit udp any any range 50020 50039
....
global configurtion:
policy-map voip
class class-default
set dscp default
on every interface apply a service plocy:
service-policy input voip
priority-queue out
Regards.
10-02-2018 04:51 AM
Hi Daniele,
Thank you so much for your prompt reply about my question ...
So, the goal is configure QOS for skype entreprise on cisco switches ....
Here is my config on the switch so that you can have more details about the request :
***********************************************************************************************
Building configuration...
Current configuration : 33202 bytes
!
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
!
boot-start-marker
boot-end-marker
!
!
!
!
ip dhcp snooping vlan 1-111
no ip dhcp snooping information option
ip dhcp snooping
vtp domain SWBETCBB09
vtp mode off
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
!
crypto pki trustpoint TP-self-signed-76133760
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-76133760
revocation-check none
rsakeypair TP-self-signed-76133760
!
crypto pki trustpoint TP-self-signed-3226598784
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3226598784
revocation-check none
rsakeypair TP-self-signed-3226598784
!
!
crypto pki certificate chain TP-self-signed-76133760
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37363133 33373630 301E170D 30363031 30323030 30313438
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D373631 33333736
3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D5C4
03B4EA9B DED04E09 95855B68 D76CA181 77C4A2C6 D0E58FA4 1CAE4775 C5802D9C
52640BE8 A8F1EA30 EE857B97 821174A5 BB8351ED 21D9931E CE33B3D0 753F0EA2
B195CF35 7AFE5316 28E1615F 2B987371 20652243 5CD47C7C 84D7C73F D658A6E2
0D4C7D1F 4CB70C49 DD063B7A 2FC1EECD 63BA5723 CBD3C51F 87305977 16B90203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 144E84FF 144C1B16 7EEB91BB 160478D2 1A369585 17301D06 03551D0E
04160414 4E84FF14 4C1B167E EB91BB16 0478D21A 36958517 300D0609 2A864886
F70D0101 05050003 8181003C 92C6BDB1 AC3BF38E 48A13AF4 2189F3DF 918E04ED
54216FB1 91EB87FA A8570200 19097D88 6D50F5D2 CDDA63F4 00743647 33B80847
A76782B2 22B5CA43 84FEA160 F5C179E6 3EF5BAFA 0B7211E0 2481653D AAF38279
BBFA349B 03297024 464B07F7 1CA60F25 95DC057B 2BE0D307 8CDBFC0D C87CEE3D
014B0356 4CED47C6 B6922E
quit
crypto pki certificate chain TP-self-signed-3226598784
dot1x system-auth-control
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree uplinkfast
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
description Meeting Room
switchport access vlan 35
switchport mode access
switchport voice vlan 9
load-interval 30
srr-queue bandwidth share 10 10 60 20
priority-queue out
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize vlan 35
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 28800
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 10
dot1x max-reauth-req 1
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
spanning-tree portfast
service-policy input QOS
ip verify source
ip dhcp snooping limit rate 100
!
!
interface GigabitEthernet1/0/9
description 7-3A
switchport access vlan 35
switchport mode access
switchport voice vlan 9
load-interval 30
srr-queue bandwidth share 10 10 60 20
priority-queue out
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize vlan 35
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 28800
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 10
dot1x max-reauth-req 1
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
spanning-tree portfast
service-policy input QOS
ip verify source
ip dhcp snooping limit rate 100
!
access-list 10 deny any
!
end
*********************************************************
Thank you so much :)
Hamza
10-02-2018 06:10 AM
Hi, you have qos enable globally. You have also the cos-dscp mapping enable:
mls qos map cos-dscp 0 8 16 24 32 46 48 56
The ports honour cos:
mls qos trust cos
So the qos should be works correctly.
I see also a service policy configured in the port:
service-policy input QOS
But I cannot see the service policy configuration global.
You can always check the qos using these commands:
show mls qos
show mlq qos interface .... statistics
Regards.
10-02-2018 06:27 AM
Thank you Daniele for your help !!
Here are the output of commands :
SWBETCBB09#show mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled
SWBETCBB09#show mls qos interface Gi1/0/7 statistics
GigabitEthernet1/0/7 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 26784198 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 1133
35 - 39 : 0 0 0 0 0
40 - 44 : 82528 0 0 0 0
45 - 49 : 0 690 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 71386602 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 12 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 62
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 2691 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 61235996 0 0 0 0
5 - 7 : 4 0 0
cos: outgoing
-------------------------------
0 - 4 : 90462481 0 292 0 122
5 - 7 : 1408144 0 40064909
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 836993 103957640 41981596
queue 2: 0 0 0
queue 3: 0 0 83277963
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 14737
Policer: Inprofile: 0 OutofProfile: 0
Regards,
10-02-2018 06:28 AM
Thank you Daniele for your help !!
Here are the output of commands :
SWBETCBB09#show mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled
SWBETCBB09#show mls qos interface Gi1/0/7 statistics
GigabitEthernet1/0/7 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 26784198 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 1133
35 - 39 : 0 0 0 0 0
40 - 44 : 82528 0 0 0 0
45 - 49 : 0 690 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 71386602 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 12 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 62
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 2691 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 61235996 0 0 0 0
5 - 7 : 4 0 0
cos: outgoing
-------------------------------
0 - 4 : 90462481 0 292 0 122
5 - 7 : 1408144 0 40064909
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 836993 103957640 41981596
queue 2: 0 0 0
queue 3: 0 0 83277963
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 14737
Policer: Inprofile: 0 OutofProfile: 0
Regards,
10-02-2018 09:26 AM
mls qos
mls qos rewrite dscp
int range gi1/0/1 - 48
auto qos trust dscp
Keep in mind that QoS has to be setup to trust DSCP markings on every switch along a path. If you have a switch trunked to another switch and it is not configured, you can lose the marking. It is easy to use Wireshark and test between two endpoints to verify that the packets are marked on both ends. It is also pretty easy to setup a group policy in Windows to push Skype settings to every computer so that packets are marked correctly. Unless they changed the application, it does not do that by default.
Please mark helpful posts.
10-02-2018 11:29 AM
As Alex wrote use 'mls qos' to enable qos globally on the switch.
Check again with the previous show commands.
Regards.
10-03-2018 01:38 AM
Thank you Alex for you answer ...
Just to be sure , DSCP 46 is
mls qos srr-queue output cos-map queue 1 threshold 3 5 ======> DSCP 46
Correct ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide