Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1006
Views
0
Helpful
0
Replies

End to End QOS Configuration on LAN

jsiitnotify
Level 1
Level 1

‎11-08-2017 07:26 AM - edited ‎03-08-2019 12:40 PM

Hello,
I am new to QoS and trying to implement an end to end QoS specifically for real-time voice for traffic coming from our Cisco 7841 VoIP Phones, which is EF (DSCP 46).
Our network flow is as follows:
IP Phone - Cisco 2960S Access Switch (L2) - Cisco 4500X (L3) - Cisco 2960S DataCenter Access Switch (L2) – ASA 5555 (Only for one specific subnet that traverses a VPN tunnel) - Cisco 2911 (CUBE Router)
I would like confirmation that my configuration is valid??

 

On the 2960 access switch here is the QoS config that I have applied.

 

mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 3100 3100 100 3200
mls qos queue-set output 1 buffers 15 15 10 60
mls qos queue-set output 2 buffers 15 15 10 60
mls qos
The access ports that have a Cisco IP Phone connected to them configured as follows:
interface GigabitEthernet1/0/34
switchport access vlan 36
switchport mode access
switchport voice vlan 6
priority-queue out
mls qos trust device cisco-phone
mls qos trust dscp
spanning-tree portfast
The two trunk ports connecting to the Core Switch (4500X-32) are configured as follows:
interface TenGigabitEthernet1/0/1
description Primary Trunk Link to Catalyst 4500 Switch
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
ip dhcp snooping trust
!
interface TenGigabitEthernet1/0/2
description Secondary Trunk Link to Catalyst 4500 Switch
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
ip dhcp snooping trust
I have done some Wireshark captures on the access switch and the phone traffic is being marked correctly with DSCP 46(EF) and SIP CS3, so I think it’s working.
*********************************************************************************************************************************************************************************************
On the 4500X-32 Core switch I have configured class-maps and policy-maps and applied a service policy to the trunks connections back to the access switches. Not sure if this is right or what I am missing. When I run the command show policy-map interface tex/x/x, I see 0 packets for the priority queue, specifically for the DSCP (EF) marking. Configuration is below.
class-map match-any Scavenger-Queue
match dscp cs1
class-map match-any Control-Mgmt-Queue
match dscp cs7
match dscp cs6
match dscp cs3
match dscp cs2
class-map match-any Trans-Data-Queue
match dscp af21
match dscp af22
match dscp af23
class-map match-any Multimedia-Stream-Queue
match dscp af31
match dscp af32
match dscp af33
class-map match-any Priority-Queue
match dscp ef
match dscp cs5
match dscp cs4
class-map match-any Bulk-Data-Queue
match dscp af11
match dscp af12
match dscp af13
class-map match-any Multimedia-Conf-Queue
match dscp af41
match dscp af42
match dscp af43
policy-map OUTPUT-QUEUING-NOPOLICING
class Scavenger-Queue
bandwidth remaining percent 1
class Priority-Queue
priority
class Control-Mgmt-Queue
bandwidth remaining percent 10
class Multimedia-Conf-Queue
bandwidth remaining percent 10
class Multimedia-Stream-Queue
bandwidth remaining percent 10
class Trans-Data-Queue
bandwidth remaining percent 10
dbl
class Bulk-Data-Queue
bandwidth remaining percent 4
dbl
class class-default
bandwidth remaining percent 25
dbl
interface TenGigabitEthernet1/1/1 (THIS IS A CONNECTION BACK TO ONE OF OUR ACCESS SWITCHES)
switchport trunk allowed vlan 2,3,5-8,11-20,25,29-33,35,100,692,700,4000
switchport mode trunk
channel-group 35 mode desirable
service-policy output OUTPUT-QUEUING-NOPOLICING
HOW DO I CONFIGURE EGRESS ON THE 4500X-32 CONNECTING TO THE CISCO 2960S DATACENTER SWITCH? DOES IT REQUIRE MORE CLASS-MAPS, POLICY-MAPS AND SERVICE POLICY?
********************************************************************************************************************************************************************
On the Cisco 2960S Datacenter switch ingress from the Cisco 4500X-32 core switch I have the mls qos trust dscp command configured on both interfaces as below. IS THIS CORRECT?

interface TenGigabitEthernet1/0/1
description Primary Trunk Link to Catalyst 4500 Switch
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
ip dhcp snooping trust
!
interface TenGigabitEthernet1/0/2
description Secondary Trunk Link to Catalyst 4500 Switch
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
ip dhcp snooping trust
!

For egress configuration, we have connections from this Cisco 2960S datacenter switch to our ASA Firewall, CUBE 2911 Router and our CallManager. I was going to apply the following configuration on the egress interfaces:

mls qos trust dscp
priority-queue out

IS THIS CORRECT OR DO I NEED MORE CLASS-MAPS, POLICY-MAPS AND A SERVICE-POLICY CREATED AND APPLIED TO THE OUTBOUND INTERFACES?

********************************************************************************************************************************************************************

On the ASA 5555, I am not sure what do for ingress and egress configuration. We only have specific voice traffic destined to a specific subnet that goes through a site-to-site VPN tunnel on the ASA.
I read that DSCP MARKINGS ARE PRESERVED FOR ALL TRAFFIC PASSING THROUGH THE ASA.THE ASA DOES NOT LOCALLY MARK/REMARK ANY CLASSIFIED TRAFFIC, BUT IT HONORS THE EXPEDITED FORWARDING (EF) DSCP BITS OF EVERY PACKET TO DETERMINE IF IT REQUIRES PRIORITY HANDLING AND WILL DIRECT THOSE PACKETS TO THE LLQ.

IS THIS CORRECT??

**********************************************************************************************************************************************************************

On the Cisco 2911 as well from what I am reading is that they pass along L3 Tos. There is no need trust DSCP…..NOT SURE IF THIS IS THE CASE.


Any and all help is much appreciated.

Thanks.
Matt.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents