QoS in Switch L3

Chriskoh · ‎10-04-2019

A new challenge for me which our organization is going to rollup MS TEAMS very soon. However, I stuck those requirements how to apply QOS in our L3 switches that requested by our voice vendor as below:-

Voice, Video and File sharing traffic originating from Windows clients should be tagged with DSCP markings
L3 switches should be configured to identify the real time voice and video traffic based on the DSCP bits tagged done by Windows clients.
Once the application is classified, appropriate prioritization and reservation can be set
Voice traffic should be part of Priority queue on switches
Recommend increasing the buffer size for video queue to handle any addition burst traffic

What is the easiest way to configure to give voice priority and requirement as above? Note that ONE switch port has 2 vLANs (data and voice). It will connect through hard phone first in Vlan 20, then from phone connecting to PC (PC in vlan 10 has configured the QOS in windows registry file as below):

Audio DSCP value 46
Video DSCP value 34
Screen sharing DSCP value 18

** Hard phone is non cisco phone and it has DSCP value of 46

Our voice traffic flows as follows: PC & Hardphone => Switch 2960x based => Firewall => edge router => local internet breakout

I provided our current L3 switches port interface configuration and there are no class map, policy map or access list in place. The mls qos in our L3 switch is enable. I need you to give me technical advise by giving me a draft configuration in L3 to meet those requirements, so I have an idea how the configuration works in voice priority

interface GigabitEthernet1/0/26

switchport access vlan 10

switchport mode access

switchport voice vlan 20

priority-queue out

no snmp trap link-status

mls qos trust dscp

spanning-tree portfast

spanning-tree bpdufilter enable

end

Thanks in advance

Leo Laohoo · ‎10-04-2019

Classic IOS switches can operate fine with "default" or no QoS enabled.

Deepak Kumar · ‎10-05-2019

Hi,

As shared information is only for the interface but we need actual QoS configuration details. As you mentioned that you are using 2960X in your network so I am sharing QoS guide for the same:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/qos/configuration_guide/b_qos_152ex_2960-x_cg/b_qos_152ex_2960-x_cg_chapter_011.html

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Chriskoh · ‎10-06-2019

Thanks for your reply, Deepak.

As below is a test configuration which i am trying.

As said that PC softphone has a DSCP value of 46 (EF) for Audio, DSCP value of 34 (AF41) for PC video and DSCP value of 18 (AF21) for PC screensharing. All have been registered in PC windows registries as QOS in Vlan 10. For hardphone in Vlan20 has DSCP of 46 (EF). Therefore, i configured "mls qos trust dscp" for port interface as i trust PC and hardphone in DSCP.

Besides, i created ACL to match PC traffic based on source ip and destination port numbers. Then i can match this ACL in class-map and create a policy map to trust these traffic. However, i have an error when i apply the policy on that interface as below. Anyone can assist to fix this error? Also i have no ideas how it works for the "class-map match-all Class-TmsDscp" ?. what i want is any packet ip header consist DSCP values for ingress, match the conditions against the DSCP values ( EF, AF41 or AF21) that i've listed, then apply the policy and trust DSCP. Maybe my conditions are not making sense which i wanted all these voice traffics to set high priority. Please enlighten me.

-ip access-list extended Tms_AllTraffic

permit ip 172.30.0.0 0.0.255.255 any

permit tcp any any eq 5067

permit udp any any eq 5067

permit tcp any any range 3478 3481

permit udp any any range 3478 3481

permit tcp any any range 50000 50059

permit udp any any range 50000 50059

exit

-class-map Class-TmsAccess

match access-group name Tms_AllTraffic

exit

-class-map match-any Class-TmsDscp

match ip dscp AF21

match ip dscp AF41

match ip dscp EF

exit

-policy-map Tms_Policies

Class Class-TmsAccess

Trust Cos

Class Class-TmsDscp

trust dscp

exit

/*** Port Interface ***/

interface GigabitEthernet1/0/26
switchport access vlan 10
switchport mode access
switchport voice vlan 20
priority-queue out
no snmp trap link-status
mls qos trust dscp
spanning-tree portfast
spanning-tree bpdufilter enable
end

/*** Error while applied the service policy into port interface ***/
switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)#int gig1/0/26
switch(config-if)#service-policy input Tms_Policies
QoS: class(Class-TmsDscp) match ip can be used only with match protocol in a match-all class [GigabitEthernet1/0/26]
Service Policy attachment failed

Georg Pauwen · ‎10-06-2019

Hello,

what image are those switches running ? If you have anything higher than LAN Lite, you can also consider Auto-Qos...

Chriskoh · ‎10-06-2019

Hi

See below:- Do you think auto QoS is really help ? I read through some Cisco forums with regards auto QoS , sometimes it doesn't fit into the organisation as those people comments. Have your organisation use AutoQoS? If so, how is the performance for voice traffic? One thing i really don't understand if the hardphones & PC softphones have those dscp values of 46 itself, those port interfaces which i indicated "mls qos trust dscp" , should my "policy-map" indicated "trust dscp" before i apply into those port interfaces ? Or should i remap it "set dscp 46"?

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 28 WS-C2960S-24PS-L 12.2(55)SE7 C2960S-UNIVERSALK9-M

Please advise and thanks