Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8302
Views
5
Helpful
7
Replies

Cannot set service-policy output on 3850

Go to solution
mario.jost
Level 3
Level 3

‎06-12-2018 07:48 AM - edited ‎03-08-2019 03:20 PM

Dear Cisco support community

I am trying to get a QoS configuration running on a 3850 Switch. The configuration is similar to QoS on routers, but yet still very different. Just the fact that we cant us NBAR makes we wish they didnt go the MQC way at all and stayed with the mls qos configuration. But thats another topic. I have following configuration:

ip access-list extended QOS_CITRIX
 remark ----------------------------------
 remark mark citrix inbound & outbound
 permit tcp any any eq 1494
 permit tcp any eq 1494 any
 permit tcp any eq 2598 any
 permit tcp any any eq 2598
 remark ----------------------------------
 
ip access-list extended QOS_ROUTING
 remark ----------------------------------
 remark mark eigrp traffic
 permit eigrp any any
 remark ----------------------------------
 
ip access-list extended QOS_VOICE
 remark ----------------------------------
 remark mark voice RTP traffic
 permit ip host 192.168.22.50 any
 remark ----------------------------------
 
ip access-list extended QOS_VOICESIGNAL
 remark ----------------------------------
 remark mark SIP traffic
 permit udp any any eq 5060 5061
 permit tcp any any eq 5060 5061
 remark ----------------------------------

class-map match-any QOS_CITRIX
 match access-group name QOS_CITRIX
class-map match-any QOS_ROUTING
 match access-group name QOS_ROUTING
class-map match-any QOS_VOICE
 match access-group name QOS_VOICE
class-map match-any QOS_VOICESIGNAL
 match access-group name QOS_VOICESIGNAL
 
policy-map QOS_IN
 class QOS_CITRIX
  set dscp cs4
 class QOS_ROUTING
  set dscp cs6
 class QOS_VOICE
  set dscp ef
 class QOS_VOICESIGNAL
  set dscp cs3
 
policy-map QOS_OUT
 class QOS_CITRIX
  bandwidth percent 50 
 class QOS_ROUTING
  priority percent 5
 class QOS_VOICE
  priority percent 20
 class QOS_VOICESIGNAL
  bandwidth percent 5

Problem is, as soon as i want to set the QOS_OUT policy on an interface, it does not stick. There is no error or anything, it just isnt there:


swRZ101(config)#int gigabitEthernet 1/0/25
swRZ101(config-if)#do show run int gi 1/0/25
Building configuration...

Current configuration : 139 bytes
!
interface GigabitEthernet1/0/25
 description roRZ1sip01
 switchport access vlan 303
 switchport mode access
 spanning-tree portfast
end
swRZ101(config-if)#service-policy output QOS_OUT
swRZ101(config-if)#do show run int gi 1/0/25    
Building configuration...

Current configuration : 139 bytes
!
interface GigabitEthernet1/0/25
 description roRZ1sip01
 switchport access vlan 303
 switchport mode access
 spanning-tree portfast
end

I can configure a service-policy on the input though. Anyone has any idea why that may be? I have seen some tutorials where people use a service-policy output on a 3850 switch, so it should be possible. We run IOS XE 03.07.04E

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎06-12-2018 09:00 AM

Hello,

 

there are numerous restrictions when applying service policies on the 3850. Are there any messages logged in your syslog when you try to apply the service policy ?

View solution in original post

0 Helpful

Go to solution
mario.jost
Level 3
Level 3
In response to Georg Pauwen

‎06-13-2018 12:38 AM

Hey Georg

 

You are right. there is a line in the syslog at the time the command was entered:

 

Jun 13 09:16:10.509:  Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence based classification!!!
Jun 13 09:16:10.509: %QOS-6-POLICY_INST_FAILED: 
 Service policy installation failed

I created a different class map for outgoing traffic and had to set the level in the priority command. it works now.

class-map match-any QOS_CITRIX_OUT
 match dscp cs4
class-map match-any QOS_ROUTING_OUT
 match dscp cs6
class-map match-any QOS_VOICE_OUT
 match dscp ef
class-map match-any QOS_VOICESIGNAL_OUT
 match dscp cs3
 
policy-map QOS_OUT
 class QOS_CITRIX_OUT
  bandwidth percent 50 
 class QOS_ROUTING_OUT
  priority level 2 percent 5
 class QOS_VOICE_OUT
  priority level 1 percent 20
 class QOS_VOICESIGNAL_OUT
  bandwidth percent 5

I can configure both service policies now:

swRZ101#show running-config interface gigabitEthernet 1/0/25
Building configuration...

Current configuration : 199 bytes
!
interface GigabitEthernet1/0/25
 description roRZ1sip01
 switchport access vlan 303
 switchport mode access
 spanning-tree portfast
 service-policy input QOS_IN
 service-policy output QOS_OUT
end

Thanks for your help.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Georg Pauwen
VIP
VIP

‎06-12-2018 09:00 AM

Hello,

 

there are numerous restrictions when applying service policies on the 3850. Are there any messages logged in your syslog when you try to apply the service policy ?

0 Helpful

Go to solution
mario.jost
Level 3
Level 3
In response to Georg Pauwen

‎06-13-2018 12:38 AM

Hey Georg

 

You are right. there is a line in the syslog at the time the command was entered:

 

Jun 13 09:16:10.509:  Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence based classification!!!
Jun 13 09:16:10.509: %QOS-6-POLICY_INST_FAILED: 
 Service policy installation failed

I created a different class map for outgoing traffic and had to set the level in the priority command. it works now.

class-map match-any QOS_CITRIX_OUT
 match dscp cs4
class-map match-any QOS_ROUTING_OUT
 match dscp cs6
class-map match-any QOS_VOICE_OUT
 match dscp ef
class-map match-any QOS_VOICESIGNAL_OUT
 match dscp cs3
 
policy-map QOS_OUT
 class QOS_CITRIX_OUT
  bandwidth percent 50 
 class QOS_ROUTING_OUT
  priority level 2 percent 5
 class QOS_VOICE_OUT
  priority level 1 percent 20
 class QOS_VOICESIGNAL_OUT
  bandwidth percent 5

I can configure both service policies now:

swRZ101#show running-config interface gigabitEthernet 1/0/25
Building configuration...

Current configuration : 199 bytes
!
interface GigabitEthernet1/0/25
 description roRZ1sip01
 switchport access vlan 303
 switchport mode access
 spanning-tree portfast
 service-policy input QOS_IN
 service-policy output QOS_OUT
end

Thanks for your help.

0 Helpful

Go to solution
hungdoannguyen
Level 1
Level 1
In response to mario.jost

‎05-10-2019 05:19 PM

Hi Mario,

 

It's been a while but I got the same error in C9300, could you point me out what is wrong in my configuration:

 

1. Create a Traffic Class:

access-list 101 permit ip any host 192.168.211.101

class-map match-all CLASS_VDI
match access-group 101

 

2. Create traffic Policy:
Create traffic policy which matches the VDI_ACL and limit the bandwidth to 2% (20Mbps)

policy-map VDI_20M_OUT
class CLASS_VDI
bandwidth 2

3. Apply the traffic policy to interface:

interface GigabitEthernet2/48
service-policy output VDI_20M_OUT

 

Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence/exp based classification!!!

 

Thanks,

0 Helpful

Go to solution
mario.jost
Level 3
Level 3
In response to hungdoannguyen

‎05-13-2019 02:18 AM

On these switches, you can only prioritize based on a marking. So you have to do this in 2 steps:

Step1: mark traffic based on classification

Step2: prioritize based on marking

 

So your configuration would look something like this:

access-list 101 permit ip any host 192.168.211.101

class-map match-all CLASS_VDI_IN
 match access-group 101

policy-map VDI_IN
 class CLASS_VDI_IN
  set dscp 32
  
class-map match-all CLASS_VDI_OUT
 match ip dscp 32
 
policy-map VDI_20M_OUT
 class CLASS_VDI_OUT
  bandwidth 2

interface GigabitEthernet1/48
 description all other interfaces
 service-policy input VDI_IN

interface GigabitEthernet2/48
 service-policy output VDI_20M_OUT

So if course based on your setup you'd have to assign the incoming service policy to every interface where VDI traffic could come in. So most of the time it is pretty common to assign the incoming service-policy to every interface on your switch in order to catch and mark all traffic. Hope I could help out a little.

Go to solution
hungdoannguyen
Level 1
Level 1
In response to mario.jost

‎05-14-2019 01:23 PM

Hi Mario,

 

It is awesome. I applied your configuration and the switch took it without any error. I really appreciate.

 

I have another question. Could you show me what is the best way to limit the bandwidth in out interface? I am trying to limit the bandwidth to 20Mbps on the up-link port but look like the switch doesn't understand what I am trying to do. I tried these commands in the  policy-map VDI_20M_OUT but none of them works as expected, still getting around 1Gbps speed with Iperf.

 

- bandwidth percent 2

- shape average percent 2 and queue-buffers ratio 0.

 

I don't know what I am missing.

 

Thanks

Hung Doan

 

 

0 Helpful

Go to solution
mario.jost
Level 3
Level 3
In response to hungdoannguyen

‎05-16-2019 12:37 AM

So the bandwidth command is a QoS measure to guarantee the minimum bandwidth. But this wont limit the max bandwidth. Not sure if these switches support shaping. Try it with a policer:

policy-map VDI_20M_OUT
 class CLASS_VDI_OUT
  police cir 20000000 conform-action transmit exceed-action drop

The bandwidth is in bit/s so 20Mbit/s x 1000 gives you 20'000Kbit/s x 1000 gives you 20'000'000bit/s

Cheers

0 Helpful

Go to solution
Raul W. Flores Rodriguez
Level 1
Level 1
In response to mario.jost

‎02-07-2021 12:51 AM

Thanks, Mario

 

I was looking for a policing example for traffic control. I tested it a few minutes ago and it works great. Do you have any similar policing for Nexus switches?

Regards
Raul

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card