Cisco 3750 --- Cannot mark http traffic with DSCP ef, from an inside web server

Samuel Petrescu · ‎03-15-2012

Good afternoon,
I am trying to mark http packets from a web server with DSCP ef, but when I am doing a traffic capture all http packets have tos 0x0

I am able to mark UDP and ICMP packets originated from this server, but not any TCP traffic.
The web server is in VLAN 20
This is my config

mls qos

ip access-list extended MARK-HTTP-ACL
permit tcp host 10.10.10.10 eq www any

!
class-map match-any HTTP-CM
match access-group name MARK-HTTP-ACL
!
policy-map PRIORITY-PM
class HTTP-CM
set dscp ef
!

interface GigabitEthernet1/0/11
switchport access vlan 20
switchport mode access
spanning-tree portfast
mls qos trust dscp
service-policy input PRIORITY-PM

Can anybody help me understanding, what I am doing wrong?

Thank you
Sam

cadet alain · ‎03-15-2012

Hi,

how are you marking your non tcp traffic ?

Regards.

Alain

Don't forget to rate helpful posts.

Samuel Petrescu · ‎03-15-2012

Thank you for answering.

I am marking different traffic, just changing the ACL MARK-HTTP-ACL

I tested with this, and is working, but are ICMP packets

Ip access list MARK-HTTP-ACL

permit icmp any any

Thank you

Sam

Dan-Ciprian Cicioiu · ‎03-15-2012

Hi Samuel,

I belive that if you "trust dscp" , if you trust it will not change it . So one solution is to remove trust dscp.

If you still want to trust other dscp markings :

policy-map PRIORITY-PM

class HTTP-CM

set dscp ef

class class-default

trust dscp

Regards

Dan

Samuel Petrescu · ‎03-15-2012

Thank you for spending time with my problem.

I took out the "trust dscp" and didn’t work; even I couldn’t mark icmp packets anymore.

I will set up a lab environment during the weekend, to be able to do more testing.

Thank you

Sam