02-16-2012 07:11 AM - edited 03-07-2019 04:59 AM
Hi all,
I'm attempting to configure Classification and Marking on our access switches using the MQC model. The Switches are 3750's running IPBase Version 12.2(35)SE. For some reason when I activate the policy-map on an interface, no traffic is being tagged, i've used the 3750 QoS configuration examples (
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml) for reference and can't see where I'm going wrong, wondered if anyone can see where I've gone awry?
The requirement at the moment is just to mark Citrix Packets as AF31 (no policing is required at this point). I've copied the relevant bits of the config below (Sensitive data removed):
---------
mls qos
ip access-list extended CITRIX_NACL
permit tcp any any eq 2598
permit tcp any any eq 1494
class-map match-any MATCH_AF31
match access-group name CITRIX_NACL
!
!
policy-map MARK_TRAFFIC
class MATCH_AF31
set dscp af31
!
!
interface FastEthernet2/0/1
description TestPort_PC
switchport access vlan 10
switchport mode access
service-policy input MARK_TRAFFIC
!
----------
That port has a PC plugged into it, which is accessing Citrix and running a continual ping to a device on another subnet. The output from a show policy-map int FA2/0/1 is below:
sh policy-map int fa2/0/1
FastEthernet2/0/1
Service-policy input: MARK_TRAFFIC
Class-map: MATCH_AF31 (match-any)
0 packets, 0 bytes
offered rate 0 bps, drop rate 0 bps
Match: access-group name CITRIX_NACL
0 packets, 0 bytes
rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
rate 0 bps
As you can see no traffic is marked as AF31, but also no traffic is shown in the default-class either suggesting it's probably not just that I've put a typo in the ACL. An upstream packet capture shows that the packets are definately not being tagged.
Can anyone see where I've messed up?
Regards,
Paul
Solved! Go to Solution.
02-16-2012 07:53 AM
Hi Paul,
2 quick comments:
1. Can you check if you have "no mls qos rewrite ip dscp" in your config? If yes can you remove it (mls qos rewrite ip dscp ).
2. From interface notation I see that you have switches in a stack. Is switch 2 a slave switch by any chance? if yes can you try the same config on the master switch instead?
Riccardo
02-16-2012 07:44 AM
Hi,
even if you can type this command it won't give you any useful information as the interface command is not supported.
you should use sh mls qos interface f2/0/1 statistics instead
Regards.
Alain
02-16-2012 08:49 AM
Alain,
Thanks for that, hadnt realised it was unsupported as it just takes the command without complaint.
02-16-2012 07:53 AM
Hi Paul,
2 quick comments:
1. Can you check if you have "no mls qos rewrite ip dscp" in your config? If yes can you remove it (mls qos rewrite ip dscp ).
2. From interface notation I see that you have switches in a stack. Is switch 2 a slave switch by any chance? if yes can you try the same config on the master switch instead?
Riccardo
02-16-2012 08:52 AM
Riccardo,
Step one got it thanks very much!
For reference was configuring via Telnet, so I assume it probably uses the stack master to process the vty line input, just guessing though don't have any evidence to back that up, worked happily enough in any event.
02-17-2012 12:39 AM
I am glad to read
the command you had in the config, as you would have certanly understood by now, was disabling the capability to write the dscp field.
Riccardo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide