Any advice would be

Leo Salcie Tejeda · ‎07-17-2016

Hi,

Following Cisco QoS book by Wendell Odom, I'm trying to mark packet for IP Phone 9971 with access list but don't get any match when a call is established. Running a SW2960. The configuration is as follow:

access-list 100 permit udp any any range 16384 32767
access-list 101 permit tcp any any eq 5060
access-list 101 permit tcp any any range 2000 2002
access-list 101 permit tcp any any eq 1720
access-list 101 permit tcp any any range 11000 11999

class-map match-all RTP
match access-group 100
class-map match-any Signaling
match access-group 101

policy-map mark-traffic
class RTP
set dscp ef
class Signaling
set dscp cs3

interface GigabitEthernet1/0/11
mls qos trust device cisco-phone
service-policy input mark-traffic

HQ-SW2960#show policy-map int g1/0/11
GigabitEthernet1/0/11

Service-policy input: mark-traffic

Class-map: RTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 100

Class-map: Signaling (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
0 packets, 0 bytes
5 minute rate 0 bps

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps

Any help would be appreciated

Thanks in advance

Regards

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie

Leo Salcie Tejeda · ‎07-17-2016

I applied same configuration on the router (2811) connected to SW2960 and it worked. Why isn't working on the SW?

access-list 100 permit udp any any range 16384 32767
access-list 101 permit tcp any any eq 5060
access-list 101 permit tcp any any range 2000 2002
access-list 101 permit tcp any any eq 1720
access-list 101 permit tcp any any range 11000 11999

class-map match-all RTP
match access-group 100
class-map match-any Signaling
match access-group 101

policy-map mark-traffic
class RTP
set dscp ef
class Signaling
set dscp cs3

interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.2.1 255.255.255.0
service-policy input mark-traffic

|

HQ-2811#show policy-map interface FastEthernet0/1.10
FastEthernet0/1.10

Service-policy input: mark-traffic

Class-map: RTP (match-all)
6998 packets, 1522864 bytes
5 minute offered rate 42000 bps, drop rate 0 bps
Match: access-group 100
QoS Set
dscp ef
Packets marked 6998

Class-map: Signaling (match-any)
34 packets, 16850 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
34 packets, 16850 bytes
5 minute rate 0 bps
QoS Set
dscp cs3
Packets marked 34

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie

Dennis Mink · ‎07-17-2016

your interface GigabitEthernet1/0/11 on your switch isnt a layer3 interface, that is why your ACL isnt getting hit.

Please remember to rate useful posts, by clicking on the stars below.

Leo Salcie Tejeda · ‎07-19-2016

Hi Dennis,

Thanks for your response.

Excuse me for a dumb question, but how I am supposed to mark IP Phone's packet on a SW? I following a example from Wendell Odom's book running a Cisco 3550 SW, mine is a Cisco 2960, is it because my SW model?

Attached example from book.

Thanks in advance

Regars

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie

Leo Salcie Tejeda · ‎07-19-2016

Any advice would be appreciated.

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie

mlund · ‎07-21-2016

Hi Leo

This a long shot. I have somethin in my head about some commands is actually working, but You cant see it with the show commands that is normally used with routers. Because the packets are asic switched and not software switched. You have to verify with "show platform" commands.

But You can take a wireshark dump on an outgoing interface to see if the packets are marked. You can try to set different dcsp values on the policy to see if it change.

/Mikael

Leo Salcie Tejeda · ‎07-28-2016

Hi mlund, until now is the best answer received (+5).

I will test marking the packet with another DSCP and run wireshark to see if the marking made by the SW are working.

Regards

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie

mrochac · ‎11-08-2018

Hi Leo - just reading you issue and i had a question, how did you apply both ACL to interface? let me know your solution as i'm on the same boat...

thanks.

Spawn · ‎01-30-2019

Have you enabled QOS on the switch?

By default it is disabled.

Packet marking with Access-List