cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1593
Views
0
Helpful
7
Replies

QOS marking policy doesn't match on N7K

gilou_1973
Level 1
Level 1

Hello

I have a pair of Nexus 7K's running 6.0(1).

I have a handful of edge devices (Blades switches, CAtalyst switches)that I need to mark ingress traffic.

I've created and attached a very simple policy to the port-channel and noting matches in the Policy.

It's confirmed further in the backbone when I capture the traffic, the datas are still marked to default.

Here under is my configuration:

policy-map type qos test

    class  test

      set dscp cs2

class-map type qos match-any test

      match access-group name test

IP access list test

        10 permit tcp any any eq telnet

        20 permit tcp any eq telnet any

interface port-channel14

  description C2960-N-60.riziv.be

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 1,11-12,14-15,40,90

  spanning-tree guard root

  mac packet-classify

service-policy type qos input test

  vpc 14

  layer2-switched flow monitor v9_l2_standard input

Nexus_1# sh policy-map int po 14 type qos

Global statistics status :   enabled

port-channel14

  Service-policy (qos) input:   test

    SNMP Policy Index:  285216008

    Class-map (qos):   test (match-any)

     Aggregate forwarded :

      0 packets  0 bytes

      Match: access-group test

        0 packets

      set dscp cs2

I've generated traffic but as you can see packet counters remains null.

Any idea about my mistake?

By advance thanks

7 Replies 7

Jerry Ye
Cisco Employee
Cisco Employee

Did you put the QoS policy on both vPC peering switches??? Traffic might hit the other switch through the other vPC.

I tested this in my lab switch and the counter is increaming correctly for me. I am running 5.2(4) right now.

Regards,

jerry

Hello Jerry,

Yes, absolutely I've put the QOS on both N7K.

Do you think that it can be linked to the Line Card module.

I've set  it on a M148GT-11 card.

I'm going to test it on another line card and give you a feedback.

Another questions:

- When you do a " sh policy-map int po xx type qos", do you see matches ?

- Do you also have two input policies on your port, a queuing policy (the default one) and a qos policy?

Regards

Gildas

port-channel14

  Service-policy (qos) input:   test

    SNMP Policy Index:  285216008

    Class-map (qos):   test (match-any)

     Aggregate forwarded :

      0 packets  0 bytes

      Match: access-group test

        0 packets

      set dscp cs2

  Service-policy (queuing) input:   default-in-policy

    SNMP Policy Index:  301992025

    Class-map (queuing):   in-q1 (match-any)

      queue-limit percent 50

      bandwidth percent 80

      queue dropped pkts : 0

    Class-map (queuing):   in-q-default (match-any)

      queue-limit percent 50

      bandwidth percent 20

      queue dropped pkts : 0

Hello Jerry,

I've just tested on another line card, model

N7K-M148GS-11L

Same way, marking doesn't work.

Regards

Gildas

Can you ask how did you do your test?

Regards,

jerry

I just realized the problem.

interface port-channel14

  description C2960-N-60.riziv.be

  switchport

  switchport mode trunk

  switchport trunk allowed vlan 1,11-12,14-15,40,90

  spanning-tree guard root

  mac packet-classify <<<<< This is what causing it

   service-policy type qos input test

  vpc 14

  layer2-switched flow monitor v9_l2_standard input

I know you might need the mac packet-classify for other feature, like L2 netflow. My test doesn't have this on and it is working for me. If you removed that, it should be able to classify packets.

Regards,

jerry

Hello Jeye,

You're right Jeye.

I removed it from the interface and I can see matches in my qos policy.

And i's confirmed by packet capture, packets are well marked.

Does it mean that Netflow work no more for this interface?

Thanks a lot for your help.

Regards

Gildas

Yes, since your NetFlow is L2 based. All L2 based traffic classification needs to use the mac packet-classify to make it to work. This includes L2 NF, L2 VLAN filters (VACL), etc.

HTH,

jerry

Review Cisco Networking for a $25 gift card