Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1378
Views
0
Helpful
8
Replies

QoS on 3850

JEB-1181
Level 1
Level 1

‎08-21-2020 09:07 AM - edited ‎08-21-2020 09:09 AM

I am having a problem with QoS on the 3850 platform. It seems no matter what I do I cant get the switch to properly mark traffic. Basically, I have VPN users that use jabber for phone calls. I have successfully configured QoS on 2960x and 3750x switches so that Jabber traffic is marked as EF. I have verified this with packet captures and everything works great. But this 3850 is connected to our ASA that acts as an endpoint for AnyConnect VPN clients. All the Jabber traffic coming over the VPN is marked with CS0. I am wanting to mark that traffic as it comes off the ASA and onto this 3850 switch, but everything I have tried has not worked.

 

Below is a simple config I added to the switch:

 

ip access-list extended QoS-MultiEnhanced-Conf
  permit udp any range 16384 32767 any

class-map match-all Multimedia-Conf-CM
  match access-group name QoS-MultiEnhanced-Conf

policy-map Company-QoS-PM

  class Multimedia-Conf-CM
    set dscp ef

Interface - service-policy input Company-QoS-PM

 

When I do a packet capture on the switch for traffic leaving the switch, the traffic is still marked with the default CS0. I have tried using auto qos as well with the cisco-softphone argument. Still the traffic does not get marked with the new marking.

 

The 3850 info is WS-C3850-48T - 16.9.4

 

Labels:
0 Helpful
8 Replies 8

Georg Pauwen
VIP
VIP

‎08-21-2020 11:22 AM

Hello,

 

try and slightly change the access list from:

 

ip access-list extended QoS-MultiEnhanced-Conf
permit udp any range 16384 32767 any

 

to

 

ip access-list extended QoS-MultiEnhanced-Conf
  permit udp any any range 16384 32767

0 Helpful

JEB-1181
Level 1
Level 1
In response to Georg Pauwen

‎08-21-2020 01:16 PM

Thank you for your reply. That is how auto-qos configures the ACL. But my packet captures show that only the source UDP ports are within the range of 16384 32767. That is actually a detail that hindered me getting it working on the 2960x and 3750x switches we have. The destination port range is outside the 16384 32767 range. On my packet capture it is always 40000+. Once I changed it to "permit udp any range 16384 32767 any" on the 2960's, it started working like a champ. 

0 Helpful

Georg Pauwen
VIP
VIP
In response to JEB-1181

‎08-21-2020 01:51 PM

Hello,

 

can you, for the sake of testing, allow any udp port, and check if the DSCP gets set on anything then ?

 

ip access-list extended QoS-MultiEnhanced-Conf
permit udp any any

0 Helpful

JEB-1181
Level 1
Level 1
In response to Georg Pauwen

‎08-21-2020 02:09 PM

I have made those changes for testing, I just set it to a lower DSCP marking. But I still wasnt seeing that traffic get remarked. So it seems to be something with the switch. Not sure what it may be.

 

I am also doing the capture from the 3850, but I would think the traffic should be marked as it comes into the interface from the ASA, so when it is sent to the egress interface (which is where my capture is sourced) that traffic should already be marked.

0 Helpful

JEB-1181
Level 1
Level 1
In response to JEB-1181

‎08-26-2020 07:12 AM

Just FYI, the destination port range was different due to the traffic being sent to our AQM server. Standard Jabber traffic looks to be the standard port ranges, source audio 16384-24574 and destination 24575-32767 ranges.

 

According to Cisco TAC, they say it is not advised to use the EPC for packet captures of this nature. They recommend a SPAN port. Due to this equipment being in our Colo, I will have to make a trip out there to do a packet capture from a SPAN port for further testing.

0 Helpful

JEB-1181
Level 1
Level 1
In response to Georg Pauwen

‎08-21-2020 01:48 PM

The other strange thing is that I can see the packets match on the policy, but nothing gets marked appropriately. In this example I have it on the SVI, but I have also tried it on the physical interface with no difference.

 

Switch#sh policy-map interface vlan 836

Vlan836

 

  Service-policy input: Lexicon-QoS-PM

 

    Class-map: Multimedia-Conf-CM (match-all) 

      96800 packets

      Match: access-group name QoS-MultiEnhanced-Conf

      QoS Set

        dscp ef

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎08-21-2020 01:48 PM

IOS version and feature license(s)?
0 Helpful

JEB-1181
Level 1
Level 1
In response to Joseph W. Doherty

‎08-21-2020 01:52 PM

Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 56 WS-C3850-48T     16.9.4   CAT3K_CAA-UNIVERSALK9    BUNDLE
2 56    WS-C3850-48T     16.9.4   CAT3K_CAA-UNIVERSALK9    BUNDLE

 

Technology Package License Information:

------------------------------------------------------------------------------
Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------------------
ipservicesk9 Smart License ipservicesk9
None Subscription Smart License None

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card