Solved: Re: QoS dscp values for skype for business

hamza.admas1 · ‎10-02-2018

Hello,

I need your Help please regarding to this request :

I need to configure my switches ( 2960X ) so that packets with these DSCP values are tagged? ( They are already configured on Skype servers and clients )

Skype for Business Signaling, DSCP 28, source port TCP 5060:5079

Skype for Business Audio, DSCP 46, source port TCP/UDP 50020:50039

Skype for Business Video, DSCP 34, source port TCP/UDP 58000:58019

Skype for Business Application Sharing, DSCP 24, source port TCP/UDP 42000:42019

Skype for Business File Transfer, DSCP 14, source port TCP/UDP 42020:42059

Can you please help me with a procedure / steps / commands ?
Thank you so much...

Hamza

Alex Pfeil · ‎10-02-2018

mls qos

mls qos rewrite dscp

int range gi1/0/1 - 48

auto qos trust dscp

Keep in mind that QoS has to be setup to trust DSCP markings on every switch along a path. If you have a switch trunked to another switch and it is not configured, you can lose the marking. It is easy to use Wireshark and test between two endpoints to verify that the packets are marked on both ends. It is also pretty easy to setup a group policy in Windows to push Skype settings to every computer so that packets are marked correctly. Unless they changed the application, it does not do that by default.

Please mark helpful posts.

View solution in original post

Daniele Giordano · ‎10-02-2018

Hi, If IP packets are already tagged you can simply configure the switch to honour the DSCP:

on the port you must configure the command mls qos trust dscp.

Anyhow you can configure an ACL to select the interested traffic:

general qos config:

mls qos srr-queue input priority-queue 2 bandwidth 20
mls qos srr-queue input cos-map queue 1 threshold 3 0 1 2 3 4
mls qos srr-queue input cos-map queue 2 threshold 3 5 6 7
mls qos srr-queue output cos-map queue 1 threshold 3 5 6 7
mls qos srr-queue output cos-map queue 2 threshold 3 4
mls qos srr-queue output cos-map queue 3 threshold 3 2 3
mls qos srr-queue output cos-map queue 4 threshold 3 0 1
mls qos

acl to select traffic:

access-list 102 remark select skype
access-list 102 permit tcp any any range 5060 5079
access-list 102 permit tcp any any range 50020 50039
access-list 102 permit udp any any range 50020 50039
....

global configurtion:

policy-map voip
class class-default
set dscp default

on every interface apply a service plocy:

service-policy input voip
priority-queue out

Regards.

hamza.admas1 · ‎10-02-2018

Hi Daniele,

Thank you so much for your prompt reply about my question ...

So, the goal is configure QOS for skype entreprise on cisco switches ....

Here is my config on the switch so that you can have more details about the request :

***********************************************************************************************

Building configuration...

Current configuration : 33202 bytes

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

!

boot-start-marker

boot-end-marker

!

ip dhcp snooping vlan 1-111

no ip dhcp snooping information option

ip dhcp snooping

vtp domain SWBETCBB09

vtp mode off

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue output cos-map queue 1 threshold 3 5

mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3 2 4

mls qos srr-queue output cos-map queue 4 threshold 2 1

mls qos srr-queue output cos-map queue 4 threshold 3 0

mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23

mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7

mls qos queue-set output 1 threshold 1 138 138 92 138

mls qos queue-set output 1 threshold 4 20 50 67 400

mls qos queue-set output 2 threshold 1 149 149 100 149

mls qos queue-set output 2 threshold 2 118 118 100 235

!

crypto pki trustpoint TP-self-signed-76133760

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-76133760

revocation-check none

rsakeypair TP-self-signed-76133760

!

crypto pki trustpoint TP-self-signed-3226598784

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3226598784

revocation-check none

rsakeypair TP-self-signed-3226598784

!

crypto pki certificate chain TP-self-signed-76133760

certificate self-signed 01

30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 37363133 33373630 301E170D 30363031 30323030 30313438

5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53

2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D373631 33333736

3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D5C4

03B4EA9B DED04E09 95855B68 D76CA181 77C4A2C6 D0E58FA4 1CAE4775 C5802D9C

52640BE8 A8F1EA30 EE857B97 821174A5 BB8351ED 21D9931E CE33B3D0 753F0EA2

B195CF35 7AFE5316 28E1615F 2B987371 20652243 5CD47C7C 84D7C73F D658A6E2

0D4C7D1F 4CB70C49 DD063B7A 2FC1EECD 63BA5723 CBD3C51F 87305977 16B90203

010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304

18301680 144E84FF 144C1B16 7EEB91BB 160478D2 1A369585 17301D06 03551D0E

04160414 4E84FF14 4C1B167E EB91BB16 0478D21A 36958517 300D0609 2A864886

F70D0101 05050003 8181003C 92C6BDB1 AC3BF38E 48A13AF4 2189F3DF 918E04ED

54216FB1 91EB87FA A8570200 19097D88 6D50F5D2 CDDA63F4 00743647 33B80847

A76782B2 22B5CA43 84FEA160 F5C179E6 3EF5BAFA 0B7211E0 2481653D AAF38279

BBFA349B 03297024 464B07F7 1CA60F25 95DC057B 2BE0D307 8CDBFC0D C87CEE3D

014B0356 4CED47C6 B6922E

quit

crypto pki certificate chain TP-self-signed-3226598784

dot1x system-auth-control

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree uplinkfast

!

interface FastEthernet0

no ip address

shutdown

!

interface GigabitEthernet1/0/1

description Meeting Room

switchport access vlan 35

switchport mode access

switchport voice vlan 9

load-interval 30

srr-queue bandwidth share 10 10 60 20

priority-queue out

authentication control-direction in

authentication event fail action next-method

authentication event server dead action authorize vlan 35

authentication event server dead action authorize voice

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication open

authentication order dot1x mab

authentication priority dot1x mab

authentication port-control auto

authentication periodic

authentication timer reauthenticate 28800

authentication violation restrict

mab

mls qos trust device cisco-phone

mls qos trust cos

dot1x pae authenticator

dot1x timeout tx-period 10

dot1x max-reauth-req 1

storm-control broadcast level pps 1k

storm-control multicast level pps 2k

storm-control action trap

spanning-tree portfast

service-policy input QOS

ip verify source

ip dhcp snooping limit rate 100

!

interface GigabitEthernet1/0/9

description 7-3A

switchport access vlan 35

switchport mode access

switchport voice vlan 9

load-interval 30

srr-queue bandwidth share 10 10 60 20

priority-queue out

authentication control-direction in

authentication event fail action next-method

authentication event server dead action authorize vlan 35

authentication event server dead action authorize voice

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication open

authentication order dot1x mab

authentication priority dot1x mab

authentication port-control auto

authentication periodic

authentication timer reauthenticate 28800

authentication violation restrict

mab

mls qos trust device cisco-phone

mls qos trust cos

dot1x pae authenticator

dot1x timeout tx-period 10

dot1x max-reauth-req 1

storm-control broadcast level pps 1k

storm-control multicast level pps 2k

storm-control action trap

spanning-tree portfast

service-policy input QOS

ip verify source

ip dhcp snooping limit rate 100

!

access-list 10 deny any

!

end

*********************************************************

Thank you so much :)

Hamza

Daniele Giordano · ‎10-02-2018

Hi, you have qos enable globally. You have also the cos-dscp mapping enable:

mls qos map cos-dscp 0 8 16 24 32 46 48 56

The ports honour cos:

mls qos trust cos

So the qos should be works correctly.

I see also a service policy configured in the port:

service-policy input QOS

But I cannot see the service policy configuration global.

You can always check the qos using these commands:

show mls qos

show mlq qos interface .... statistics

Regards.

hamza.admas1 · ‎10-02-2018

Thank you Daniele for your help !!

Here are the output of commands :

SWBETCBB09#show mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled

SWBETCBB09#show mls qos interface Gi1/0/7 statistics
GigabitEthernet1/0/7 (All statistics are in packets)

dscp: incoming
-------------------------------

0 - 4 : 26784198 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 1133
35 - 39 : 0 0 0 0 0
40 - 44 : 82528 0 0 0 0
45 - 49 : 0 690 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------

0 - 4 : 71386602 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 12 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 62
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 2691 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------

0 - 4 : 61235996 0 0 0 0
5 - 7 : 4 0 0
cos: outgoing
-------------------------------

0 - 4 : 90462481 0 292 0 122
5 - 7 : 1408144 0 40064909
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 836993 103957640 41981596
queue 2: 0 0 0
queue 3: 0 0 83277963

output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 14737

Policer: Inprofile: 0 OutofProfile: 0

Regards,

hamza.admas1 · ‎10-02-2018

Thank you Daniele for your help !!

Here are the output of commands :

SWBETCBB09#show mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled

SWBETCBB09#show mls qos interface Gi1/0/7 statistics
GigabitEthernet1/0/7 (All statistics are in packets)

dscp: incoming
-------------------------------

0 - 4 : 26784198 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 1133
35 - 39 : 0 0 0 0 0
40 - 44 : 82528 0 0 0 0
45 - 49 : 0 690 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------

0 - 4 : 71386602 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 12 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 62
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 2691 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------

0 - 4 : 61235996 0 0 0 0
5 - 7 : 4 0 0
cos: outgoing
-------------------------------

0 - 4 : 90462481 0 292 0 122
5 - 7 : 1408144 0 40064909
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 836993 103957640 41981596
queue 2: 0 0 0
queue 3: 0 0 83277963

output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 14737

Policer: Inprofile: 0 OutofProfile: 0

Regards,

Alex Pfeil · ‎10-02-2018

mls qos

mls qos rewrite dscp

int range gi1/0/1 - 48

auto qos trust dscp

Keep in mind that QoS has to be setup to trust DSCP markings on every switch along a path. If you have a switch trunked to another switch and it is not configured, you can lose the marking. It is easy to use Wireshark and test between two endpoints to verify that the packets are marked on both ends. It is also pretty easy to setup a group policy in Windows to push Skype settings to every computer so that packets are marked correctly. Unless they changed the application, it does not do that by default.

Please mark helpful posts.

Daniele Giordano · ‎10-02-2018

As Alex wrote use 'mls qos' to enable qos globally on the switch.

Check again with the previous show commands.

Regards.

hamza.admas1 · ‎10-03-2018

Thank you Alex for you answer ...

Just to be sure , DSCP 46 is

mls qos srr-queue output cos-map queue 1 threshold 3 5 ======> DSCP 46

Correct ?