C3750G packet marking check command

VladoK · ‎02-22-2018

I configured incoming packet marking based on ACL on 3750G-12S-E switch with latest 12.2-55.SE12.

The 'show policy-map interface' command shows zero counters and I have found this is normal behaviour on this platform and not a bug. My question: is there some other command to check the marking is indeed working?

Of course I did tcpdump test on PC connected to the switch. The PC is indeed receiving correctly marked packets. So the configuration works. But it would be nice to check the functionality similarly as on routers when one has no possibility to deploy packet analyzer on site.

Config:

=======

ip routing
mls qos
!
class-map match-any CLASS_DNS
match access-group name QACL_DNS
!
policy-map PMAP_DNS
class CLASS_DNS
set dscp af31
class class-default
set dscp default
!
ip access-list extended QACL_DNS
permit udp any eq domain any
!
!
interface GigabitEthernet1/0/1
description UPLINK
no switchport
ip address 192.168.1.4 255.255.255.0
service-policy input PMAP_DNS

!

pigallo · ‎02-22-2018

Hi,

you could try create and apply an outbound ACL that matches UDP traffic with DSCP AF31 towards your destination network.

You should see ACL counters increasing if ingress traffic is marked correctly.

Joseph W. Doherty · ‎02-22-2018

Yes, there are commands to see the counts of packet in different classes/queues. Off the top-of-my-head, I don't recall what they are, but I've used them.

pigallo · ‎02-22-2018

@Joseph W. Doherty wrote:
Yes, there are commands to see the counts of packet in different classes/queues. Off the top-of-my-head, I don't recall what they are, but I've use them.

Hi Joseph,

Show mls qos interface Fax/y statistics is maybe what you are looking for.

Joseph W. Doherty · ‎02-22-2018

Sounds familiar.