Solved: Thank you very much - It

Nick Cutting · ‎04-01-2015

3850 running IP Services

(CAT3K_CAA-UNIVERSALK9-M), Version 03.03.05SE RELEASE SOFTWARE (fc1)

3850#sh sdm prefer
Showing SDM Template Info

This is the Advanced (high scale) template.

I have a 6mbit circuit on a 100 meg port. (Gi1/0/1 on the left in the diargam) The service provider polices this link upstream.

I am trying to shape a routed port for ALL traffic to 6Mbit before it get policed by the provider.

This seems somewhat difficult on a 3850. I understand that these switches use MQC (like a router) but they certainly do not behave the same way.

Applying to a routed port, when trying to shape the ANY ANY ACL

ip access-list extended ACL_PERMIT_ANY
permit ip any any

class-map match-any CM_CLASS_MATCH_PERMIT_ANY
match access-group name ACL_PERMIT_ANY

policy-map PM_SHAPE_6MB
class CM_CLASS_MATCH_PERMIT_ANY
shape average 5500000

Config does not take.

In the syslog:

Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence based classification!!!

When trying to use a DSCP 0 (i checked this in wireshark)

class-map match-any CM_CLASS_MATCH_DSCP_0
match dscp default

Order of classes in policy name PM_SHAPE_6MB is not consistent with installed policy

When moving the IP address to the SVI, and when applying to SVI:

Only Marking policy action is supported on SVI interface. Policy Rejected

When moving the IP address to the SVI, and when applying to an Access port in the correct VLAN:

Order of classes in policy name PM_SHAPE_6MB is not consistent with installed policy

I don't really want to read this again, It just does not help me.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/qos/configuration_guide/b_qos_3se_3850_cg/b_qos_3se_3850_cg_chapter_011.html

It doesn't mention my error messages, and expects the markings to be done by the phones/applications etc. 99 percent of my traffic is DSCP default. Also I do not want to change DSCP values for for types of traffic that have already been set.

I simply just want to shape ALL traffic outbound on a routed port / SVI to 6Mbits.

Any ideas?

Aninda Chatterjee · ‎04-08-2015

Hi Nick,

Not sure if this was addressed - as the error message states, there is a restriction when you have queueing actions. The restriction, in this particular case (regarding the first error), is that you cannot match based on just an 'any, any' statement. You need to match based on DSCP, qos label, etc.

I had no trouble matching on DSCP default (0) using your configuration:

3850-1#show class-map CM_CLASS_MATCH_PERMIT_ANY
Class Map match-any CM_CLASS_MATCH_PERMIT_ANY (id 6)
Match dscp default (0)

3850-1#show policy-map PM_SHAPE_6MB
Policy Map PM_SHAPE_6MB
    Class CM_CLASS_MATCH_PERMIT_ANY
      Average Rate Traffic Shaping
      cir 5500000 (bps)

3850-1#show run int gig1/0/2
Building configuration...

Current configuration : 127 bytes
!
interface GigabitEthernet1/0/2
no switchport
ip address 192.168.1.1 255.255.255.0
service-policy output PM_SHAPE_6MB
end

This was successfully installed in hardware.

3850-1#show platform qos policies PORT
Loc Interface IIF-ID Dir Policy State
--- ------------------ ------------------ --- ------------------ ---------------
L:1 Gi1/0/2 0x0109a3400000008c OUT PM_SHAPE_6MB INSTALLED IN HW

I tested this on 3.6.0SE. Once I get some more time, I'll see if I this works on 3.3.5 as well.

Hi Jerome,

Are you having the same problem as Nick? If so, please see above. If not, can you list out your specific concerns please?

Regards,

Aninda

View solution in original post

Jerome_N8 · ‎04-08-2015

Did you manage to get this fixed?

We have just bought some 3850's and I'm also having trouble implementing traffic shaping, can't seem to find too much info on this.

Aninda Chatterjee · ‎04-08-2015

Hi Nick,

Not sure if this was addressed - as the error message states, there is a restriction when you have queueing actions. The restriction, in this particular case (regarding the first error), is that you cannot match based on just an 'any, any' statement. You need to match based on DSCP, qos label, etc.

I had no trouble matching on DSCP default (0) using your configuration:

3850-1#show class-map CM_CLASS_MATCH_PERMIT_ANY
Class Map match-any CM_CLASS_MATCH_PERMIT_ANY (id 6)
Match dscp default (0)

3850-1#show policy-map PM_SHAPE_6MB
Policy Map PM_SHAPE_6MB
    Class CM_CLASS_MATCH_PERMIT_ANY
      Average Rate Traffic Shaping
      cir 5500000 (bps)

3850-1#show run int gig1/0/2
Building configuration...

Current configuration : 127 bytes
!
interface GigabitEthernet1/0/2
no switchport
ip address 192.168.1.1 255.255.255.0
service-policy output PM_SHAPE_6MB
end

This was successfully installed in hardware.

3850-1#show platform qos policies PORT
Loc Interface IIF-ID Dir Policy State
--- ------------------ ------------------ --- ------------------ ---------------
L:1 Gi1/0/2 0x0109a3400000008c OUT PM_SHAPE_6MB INSTALLED IN HW

I tested this on 3.6.0SE. Once I get some more time, I'll see if I this works on 3.3.5 as well.

Hi Jerome,

Are you having the same problem as Nick? If so, please see above. If not, can you list out your specific concerns please?

Regards,

Aninda

Nick Cutting · ‎04-09-2015

Thank you very much - It seems you are absolutely right. It does not work on any version of 3.3.x (I only tried 2 versions though)

I upgraded one of our 3850's stacks to

Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.06.02aE RELEASE SOFTWARE (fc1)

and now the exact same configuration works

3850-statck#show platform qos policies PORT switch 2
Loc Interface IIF-ID Dir Policy State
--- ------------------ ------------------ --- ------------------ ---------------
L:0 Gi2/0/40 0x0103d6c0000000fb OUT PM_SHAPE_6MB INSTALLED IN HW

Nick Cutting · ‎04-16-2015

Worked fine on the Test 3850...

The one in production runs auto Qos - and as these switches only have one ASIC across the fixed interfaces, I believe the class structures must match. As in you can only have one class structure, as this structure gets programmed into hardware.

Order of classes in policy name PM_SHAPE_6MB is not consistent with installed policy

%QOS-6-POLICY_INST_FAILED:
Service policy installation failed

I'm logging a TAC, as figuring out the hierachical MQC structure of Auto Qos is not quite as fun as a few martinis in a piano bar.

alladasainitin · ‎11-29-2017

I'm having a similar issue.

class-map match-any dscp-in1
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7

class-map match-any dscp-in2
match dscp af42
match dscp af43
match dscp cs4
match dscp af41
match dscp cs5
match dscp ef

policy-map PORT_INPUT
class dscp-in1
bandwidth percent 70
class dscp-in2
bandwidth percent 30
class qos-VOICE-BEARER
set dscp ef
police cir 1000000 bc 16000
conform-action transmit
exceed-action drop
class qos-VIDEO-BEARER
set dscp af41
police cir 4000000 bc 256000
conform-action transmit
exceed-action set-dscp-transmit dscp table markdown
class qos-TELEPRESENCE-BEARER
set dscp cs4
police cir 4000000 bc 256000
conform-action transmit
exceed-action set-dscp-transmit dscp table markdown
class qos-CALL-SIGNALING
set dscp cs3
police cir 1000000 bc 8000
conform-action transmit
exceed-action set-dscp-transmit dscp table markdown
class qos-BUSINESS-APPS
set dscp af21
police cir 1000000 bc 16000
conform-action transmit
exceed-action set-dscp-transmit dscp table markdown
class class-default
set dscp default
police cir 50000000 bc 512000
conform-action transmit
exceed-action set-dscp-transmit dscp table markdown

When I push this onto the interface, it throws the same error: " Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence based classification!!! "

I'm trying hard to find out the issue but did not get it. Can you help me on this?

darren-carr · ‎05-24-2018

Hi,

Did you resolve this? I am trying to use a class-map based on an access-group (extended ACL) and receiving the same error when attempting to apply it to an interface.

Thanks

gsepulveda@policenter.cl · ‎05-30-2019

Estimado pudo resolver el problemas? ya que me encuentro en la misma situación, si me pudieses ayudar te lo agradeceria

Gerardo Sepulveda

Georg Pauwen · ‎05-30-2019

Hola,

¿qué has configurado? ¿ Y en el 3850?

gsepulveda@policenter.cl · ‎05-30-2019

Te comento, estoy configurando qos para distintos tipos de servicios tanto para subida como para bajada, entre ellos web y lo tengo asi:

ip access-list extended 2103
permit tcp any any eq 80
permit tcp any any eq 443

class-map WEB
match access-group 2103
match dscp cs4

Policy-map QoS_rise

class WEB
bandwidth percent 20
set dscp cs4

policy-map QoS_descent

class WEB
bandwidth percent 15
set dscp cs4

(LAN = in)
interface gigabitethernet 1/0/1
service-policy input QoS_rise

(WAN = out)
interface gigabitethernet 1/0/2
service-policy output QoS_rise

(WAN = out)
interface gigabitethernet 1/0/1
service-policy output QoS_descent

(lAN = in)
interface gigabitethernet 1/0/2
service-policy input QoS_descent

Cuando trato de ver match no me marca nada, no se si estare marcando bien los paquetes, me deja ingresar todos la config pero no veo cambios.

QoS on routed ports for 3850