Hi John,

Thanks for replying. Yes i do want that traffic marked with the DSCP value of "ef". Shouldn't x.x.x.47 satisfy the match criteria for class "COS1-EF" and mark that traffic accordingly?

Thanks,

Pradeep

Hello Pradeep,

This is interesting. Can you see the counters on the ACL actually increasing?

Best regards,

Peter

Hi Peter,

Yes I do see it increasing. In fact I am also sending icmp packets from x.x.x.47 as a test.

XD0R02#sh access-list Voice-Devices

Extended IP access list Voice-Devices

10 permit ip host X.X.X.47 any (52 matches)

20 permit ip any host x.x.x.47

Thanks,

Pradeep

Hello Pradeep,

I have pasted your config in my testing topology in Dynamips and it was working perfectly for me. The pings sent from X.X.X.47 were remarked with DSCP EF.

Are you absolutely sure that no remarking is taking place in your network? Is there perhaps a switch between the router and your machine where you capture the packets? Note that Catalyst switches with certain QoS settings may not trust DSCP marking and may reset it to 0.

Try using the command show policy-map interface s1/0 and watch closely for lines similar to these:

Class-map: COS1-EF (match-any)

1 packets, 104 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name Voice-Devices

1 packets, 104 bytes

5 minute rate 0 bps

QoS Set

dscp ef

Packets marked 1

The last line should tell you if the marking is taking place. If yes and you still do not see the packets marked on your end device then there is probably some other device in your network remarking your packets.

Best regards,

Peter

Hi Peter,

I am doing the marking on the router itself, so even if the packet got marked somewhere between the x.x.x.47 device and the router, I am assuming the latter will remark it?

I did use the cmd sh policy-map int s1/0 but all counters showed zero incl Packets marked.

I hope it's not a bug in my IOS - IOS (tm) 3700 Software (C3745-IS-M), Version 12.3(22)

Let me wipe out the config and start again, just to make sure. I will post the result.

Thanks,

Pradeep

Hello,

The fact alone that the marking takes place after policing should not be a problem (even if perhaps not the best practice in this particular case). After all, with two rate policer, the same is done. Moreover, as I indicated, I have tested the Pradeep's configuration exactly as posted her and it worked for me.

Best regards,

Peter

@Edison..Originally my config did not include the access-group 'Voice-Devices' in the VOICE class-map. I added it only when it did not work.

@Peter.. I tried removing and re-adding the config without any success. It seems that the nested service policy Mark-COS1 is never getting invoked.

@Chin & John.. Creating an inbound service policy on my LAN interface worked! Thank you!

Peter - I am puzzled since I thought my original config would work and it doesn't but clearly works in your case.

Even though my issue is resolved I would really like to understand why my original config did not work!!

Thanks,

Pradeep

i think it did not mark traffic because there was not enough bandwidth to make QoS kick in to police the traffic in the first place.

Hello,

I don't think this is the case. I have already seen it in other discussions here that it is assumed that the entire service policy kicks in only if the Tx ring of the interface starts to overfill.

In my opinion, that is not correct. A service policy on an interface must be evaluated for every packet. Only the software queueing kicks in when the Tx ring of the interface starts to fill but a service policy itself must act upon every packet.

This document provides slightly more detail:

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml

Best regards,

Peter