ā09-19-2012 02:23 PM - edited ā03-07-2019 08:58 AM
Hi
I need configure qos into the LAN classifying traffic by using ACL, i have the follow configuration on my SW 3750E (example);
the result is that the brand not as classified, any ideas ??
mls qos
mls qos map cos-dscp 0 8 16 26 32 46 48 56
access-list 197 remark BULK_DATOS
access-list 197 permit tcp any 172.17.1.32 0.0.0.0 eq 8000
access-list 197 permit tcp any 172.17.1.112 0.0.0.0 eq 80
access-list 197 permit tcp any 172.17.1.111 0.0.0.0 eq 8193
access-list 197 permit tcp any 172.17.1.111 0.0.0.0 eq 8113
access-list 197 permit tcp any 172.17.1.111 0.0.0.0 eq 8225
access-list 197 permit tcp any 172.17.1.111 0.0.0.0 eq 8115
access-list 197 permit tcp any 172.17.1.30 0.0.0.0 eq 1494
access-list 197 permit tcp any 172.17.1.30 0.0.0.0 eq 2598
access-list 197 permit tcp any 172.17.5.62 0.0.0.0 eq 2598
access-list 197 permit tcp any 172.17.1.51 0.0.0.0 eq 445
access-list 197 permit tcp any 172.17.1.51 0.0.0.0 eq 25
access-list 197 permit tcp any 172.17.1.51 0.0.0.0 eq 443
access-list 197 permit ip any 172.17.1.74 0.0.0.0
access-list 197 permit tcp any 172.17.1.32 0.0.0.0 eq 9000
access-list 198 remark CRITICAL_DATOS
access-list 198 permit tcp any 172.17.1.13 0.0.0.0 eq 8000
access-list 198 permit tcp any 172.17.1.44 0.0.0.0 eq 8113
access-list 198 permit tcp any 10.7.11.3 0.0.0.0 eq 8113
access-list 198 permit tcp any 172.18.8.5 0.0.0.0 eq 8193
access-list 198 permit ip any 172.17.1.44 0.0.0.0
access-list 198 permit ip any 10.7.11.3 0.0.0.0
access-list 198 permit ip any 172.18.8.5 0.0.0.0
access-list 198 permit ip any 172.17.5.60 0.0.0.0
access-list 196 remark Voz
access-list 196 permit ip any 10.101.103.13 0.0.0.0
access-list 196 permit ip any 10.4.2.8 0.0.0.0
access-list 196 permit ip any 10.4.2.7 0.0.0.0
access-list 196 permit ip any 10.4.10.80 0.0.0.0
access-list 196 permit ip any 10.104.103.13 0.0.0.0
access-list 196 permit ip any 10.108.103.11 0.0.0.0
class-map match-any BULK_DATOS
description Bulk_Datos
match access-group 197
!
class-map match-any CRITICAL_DATOS
description CRITICAL_DATOS
match access-group 198
!
class-map match-any voz
description Voz
match access-group 196
!
policy-map QoS_Policy
class BULK_DATOS
set dscp af11
class CRITICAL_DATOS
set dscp af31
class voz
set dscp ef
************************Result******************************
Class-map: BULK_DATOS (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 197
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: CRITICAL_DATOS (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 198
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: voz (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 196
0 packets, 0 bytes
5 minute rate 0 bps
****** System Image**********************
System image file is "flash:/c3750e-universalk9-mz.122-55.SE1/c3750e-universalk9-mz.122-55.SE1.bin"
ā09-20-2012 04:50 AM
This is a known bug related to BugID CSCdy50035.
Workaround: sh mls qos interface [type slot/port] statistics
Please refer to this support forum posting:
https://supportforums.cisco.com/docs/DOC-3949
Regards, MiKa
ā09-21-2012 08:33 AM
thanks,so,
the question was in relation to the marking of traffic, so check with a sniffer capture and politics mark. understand the bug that is why I mention validation with sniffer
I apply this policy in all my ports Sw
my question is whether or not the 3750 SW āāsupport QoS by ACL classigying
Regards, EML
ā09-25-2012 02:04 AM
Hi Edgar,
sorry... about ACL matching for class-maps on 3750: Yes, it works.
(I thought you were complaining about the empty values in the
show policy-map interface command...)
We use acl based class-maps for VoIP priorization: one access-list permitting VoIP-payload the other VoIP-signalling and use them for two class-maps. The policy maps then sets different dscp values, ef and af41.
Just be careful, there is a bug that acls may not be too complex if you use the command "mls qos trust dscp" on the interface where service policy input is used. We removed mls qos trust dscp on our interfaces and use only service policy commands.
The show mls qos interface [type slot/port] statistics suggests that the queues are processing the traffic correctly.
Regards, MiKa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide