Solved: 2960 AutoQoS - Voice Softphone not showing EF Traffic

srezvani1 · ‎10-19-2019

Hello,

I have a cisco 2960 and I'm trying to set up QoS on it for my Voip Traffic. We are using a Voip softphone software as our voip device. I have enabled the command "mls qos trust dscp" on the access ports going to the softphones, however when I do "show mls qos interface <interface#> statistics" on the access ports I don't see any hot counts on EF or on DSCP 46 for the voice traffic.

#show mls qos interface gigabitEthernet 1/0/15 statistics
GigabitEthernet1/0/15 (All statistics are in packets)

dscp: incoming
-------------------------------

0 - 4 : 2534093 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 7439 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------

0 - 4 : 4065089 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 25654 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------

0 - 4 : 2743230 0 14 0 6
5 - 7 : 5 7439 179338

Is this normal or should i be seeing hit counts on the interface for EF or dscp 46 traffic? Is there any command missing on my access ports that I need to add ?

Thanks

Joseph W. Doherty · ‎10-20-2019

"Is this normal or should i be seeing hit counts on the interface for EF or dscp 46 traffic?"

If you only "trust", you need the host to set the ToS marking.

"Is there any command missing on my access ports that I need to add ?"

If your softphones cannot tag their traffic, you can do so on the switch port. Since, I assume, there's other traffic than VoIP on the port, you would configure an ingress service-policy to "recognize" the VoIP traffic and then tag it. (BTW, good idea to "police" such traffic to the expected bandwidth [usually about 100 Kbps].)

View solution in original post

Deepak Kumar · ‎10-20-2019

Hi,

Can you check for a command:

 service-policy input AutoQoS-Police-SoftPhone

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_2_e/consolidated_guide/configuration_guide/b_1522e_consolidated_2960x_cg/b_consolidated_152ex_2960-X_cg_chapter_011100.html

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

srezvani1 · ‎10-20-2019

I did not Use any autoQoS command under my access ports that are connected to the softphones - The soft phones are from another vendor and they are not Cisco -

The only commands under my access ports are :

interface GigabitEthernet1/0/15
switchport access vlan 110
switchport mode access
switchport voice vlan dot1p
mls qos trust dscp
spanning-tree portfast edge
end

And on my uplinks I have the Command :

mls qos trust cos
auto qos trust

Georg Pauwen · ‎10-20-2019

Hello,

what brand/model are your IP phones ? I seem to remember that Polycom does recognize CDP, so the interface command 'auto qos voip cisco-phone' should work...

Otherwise, what if you configure 'auto qos voip trust' on the interfaces ?

srezvani1 · ‎10-20-2019

The Brand of softphone that I'm using is "MicroSIP" , and I have tried using the "auto qos voip trust" command under the interface and it didn't help either.

Georg Pauwen · ‎10-20-2019

Hello,

make sure your switch is running the LAN Base and not the Lite image. The command 'sh ver' should show something like the below:

2960#sh ver | i LAN
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)

Also, make sure the switchport configuration looks similar to this:

interface FastEthernet0/2
switchport access vlan 10
switchport mode access
mls qos trust dscp
auto qos trust dscp
spanning-tree portfast

srezvani1 · ‎10-20-2019

F1-PP1-04-E1#show ver
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(6)E, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.

and the switchport configs are :

interface GigabitEthernet1/0/15
switchport access vlan 110
switchport mode access
switchport voice vlan dot1p
mls qos trust dscp
spanning-tree portfast edge
end

Joseph W. Doherty · ‎10-20-2019

"Is this normal or should i be seeing hit counts on the interface for EF or dscp 46 traffic?"

If you only "trust", you need the host to set the ToS marking.

"Is there any command missing on my access ports that I need to add ?"

If your softphones cannot tag their traffic, you can do so on the switch port. Since, I assume, there's other traffic than VoIP on the port, you would configure an ingress service-policy to "recognize" the VoIP traffic and then tag it. (BTW, good idea to "police" such traffic to the expected bandwidth [usually about 100 Kbps].)

srezvani1 · ‎10-20-2019

Yes, there are other traffic other than the VoIP on that port and as you mentioned I did try to tag the traffic on the switch port, but I'm still getting the same results!!!

class-map match-all VOIP
match access-group name VOIP
!
policy-map VOIP
class VOIP
set ip dscp ef

!

ip access-list extended VOIP

permit udp any any eq 5060
permit udp any any range 4000 4090

Joseph W. Doherty · ‎10-21-2019

Your config looks to be on the correct path.

You've applied the policy VOIP as an ingress policy on the access/edge host port? You're sure your VoIP traffic matches your ACL conditions? Your policy and ACL stats show no matches?

srezvani1 · ‎10-21-2019

Yes , I did apply it as an ingress policy to the switch port. The problem is that I am not seeing any matches on the access port either.

I did a capture with WireShark and the phone was using the ports I used on the access list, but still there is no match.

Just to make sure , I even added these commands on the access list as well:

# #show ip access-lists VOIP
Extended IP access list VOIP

50 permit tcp any any eq www
60 permit tcp any any eq 443

But still when I open up some web pages the matches are not showing. Is this a IOS bug or something?

Thanks

Soroush

Joseph W. Doherty · ‎10-22-2019

I recall (?) some low end switches (depending on their IOS) don't always update all expected stats counters if the stat are derived from work done on an ASIC.

If you have wireshark, can you confirm packets are unmarked?

srezvani1 · ‎10-23-2019

That's right, seems like ACL's will only show hit counts if the traffic is processed in the software, but if the traffic is processed in the hardware there will be not matches showing on the ACLS:

https://community.cisco.com/t5/switching/access-list-hit-counts/td-p/2464226

I did a capture after adding the ingress service policy and now the traffic is being marked as EF.

Thanks for your help Joseph, really appreciate it.

Georg Pauwen · ‎10-22-2019

Hello,

out of curiosity I looked at the manual for the MicroSip softphones, it doesn't look like they do any sort of CoS or DSCP marking. They use UDP port 5060 by default...what if you change the access list to:

ip access-list extended VOIP
permit udp any eq 5060 any
permit udp any any range 4000 4090

srezvani1 · ‎10-22-2019

There is still no match count after I made the changes - Even http and https traffic is not showing any match count, while i'm using that exact port to go through the internet - :

Extended IP access list VOIP
30 permit udp any any range 4000 4090
70 permit udp any eq 5060 any
80 permit tcp any eq www any
90 permit tcp any eq 443 any