Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
0
Helpful
4
Replies

My traffic isn't getting marked! QoS

andy roles
Level 1
Level 1

‎07-01-2014 07:34 AM - edited ‎03-07-2019 07:53 PM

Hi.  Thanks viewing my post!

I'm trying out some QoS configuration for a VDI deployment and have a problem with our 6509 switches not marking the traffic (possibly user error)..

As VDI solutions don't seem to have the ability to mark traffic at the server or client (unlike phones system server/clients etc) I've had to resort to marking traffic on the access switches.

At the moment, as a test, I'm just trying to mark telnet traffic with a dscp value of 34 (af41).  I am seeing hits on the access-lists but the policy-map PCoIP_Set_AF41 doesn't seem to be setting the dscp value to 34 as I want.

Please could somebody advise where I'm going wrong or provide some troubleshooting tips?

Thank you,

Andy
 

access-list 100 permit tcp any any eq telnet


class-map match-all PCOIP-IN
  match access-group 100


policy-map PCoIP_Set_AF41
  class PCOIP-IN
   set dscp af41


interface Vlan33
 description ....
 *** output omitted ***
 standby 33 preempt
 service-policy input PCoIP_Set_AF41

 

Labels:
0 Helpful
4 Replies 4

DJX995
Level 3
Level 3

‎07-01-2014 07:48 AM

I had a problem marking traffic on my 3750X and it turned out my ACL was wrong.

I have a hard time creating ACLs with the right traffic flow direction.

It always seems to be reversed, in my mind.

 

Anyway, try extending your ACL to match both directions:

access-list 100 permit tcp any any eq telnet

access-list 100 permit tcp any eq telnet any

 

Also, as a side note, it is best to mark traffic as close to the source as possible.

Here, you are marking it on a VLAN on your core, but you should be marking it on your access layer switches first, closest to the source.

This might not be applicable to your case but I thought I'd throw that in there.

0 Helpful

andy roles
Level 1
Level 1
In response to DJX995

‎07-01-2014 08:16 AM

Hi,

Thanks for your reply.

The original ACL had hits against it but I'm still not seeing the traffic get marked.  See hits below:

ML-01#show access-l
Extended IP access list 100
    10 permit tcp any any eq telnet (2056 matches)
    20 permit tcp any eq telnet any

Just tried a telnet again and the new one isn't getting any hits.

 

All the users connect directly into the core switch blade access ports on the 6509s.  Nonetheless, as layer 3 ACLs are used I would have thought that I'd be restricted to applying the service-policy at layer 3 and thus on the layer 3 switch.

Thanks.

Andy

 

0 Helpful

DJX995
Level 3
Level 3
In response to andy roles

‎07-01-2014 08:34 AM

Ok, you got it right then.

Sorry, just trying to help.

That was the only problem I had.

0 Helpful

andy roles
Level 1
Level 1
In response to DJX995

‎07-01-2014 08:50 AM

Thank you.  Right or wrong your response was very much appreciated.   It's what forums are all about.

 

0 Helpful
Customers Also Viewed These Support Documents