Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
0
Helpful
3
Replies

QoS on trunked access links

Go to solution
boxhallbr
Level 1
Level 1

‎02-03-2010 03:33 PM - edited ‎03-06-2019 09:34 AM

I've been tasked with configuring QoS across the network of where I work.  Currently the configs have some legacy QoS statements on the switches for the voice VLAN but I'm not sure if they are working or not.  These statements are meant to only mark the voice traffic DSCP values.

The company I work for use Avaya VoIP phones and the switch access ports are configured as trunked ports.  When I performed show policy-map interface xxx and show access-lists it appears that nothing is hitting the access lists or the policy map.  Is this because the access-lists and policy-maps will only apply to the native VLAN or am I missing something?

Should the marking of the traffic happen on the router sub-interfaces?

Configs and show statements below.

Thanks in advance for your help.

Regards,

Bryce.

interface GigabitEthernet2/0/1                                   !My interface
description Connection to Avaya IP phone
switchport trunk encapsulation dot1q
switchport trunk native vlan 410
switchport trunk allowed vlan 210,410
switchport mode trunk
switchport port-security maximum 4
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape  3  0  0  0
priority-queue out
no cdp enable
spanning-tree portfast trunk
spanning-tree bpduguard enable
service-policy input mark_IPCOMM                         !Applied policy-map
end

policy-map mark_IPCOMM                                     !Policy-map
class VOICE_RTP
  set dscp ef
  police 176000 8000 exceed-action drop
class VOICE_CONTROL
  set dscp af31
  police 176000 8000 exceed-action drop
class class-default
  set dscp default
!

ip access-list extended VOICE                              !Relevant access-lists
permit udp any any range 2048 3327
ip access-list extended VOICE-CONTROL
remark Match VoIP Control Traffic
permit udp any any eq 1719
permit tcp any any eq 1720
!

sh policy-map interface gi2/0/1                              !Show commands - no packets and no bytes
GigabitEthernet2/0/1

  Service-policy input: mark_IPCOMM

    Class-map: VOICE_RTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name VOICE

    Class-map: VOICE_CONTROL (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name VOICE-CONTROL
        0 packets, 0 bytes
        5 minute rate 0 bps

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps

sh access-lists                                                        !No matches for access-lists
Extended IP access list VOICE
    10 permit udp any any range 2048 3327
Extended IP access list VOICE-CONTROL
    10 permit udp any any eq 1719
    20 permit tcp any any eq 1720

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎02-03-2010 04:07 PM

You won't see counters from show policy-map interface on switches as this task is performed in hardware while those are software counters.

If you have a 3560/3750 switch, the command show mls qos interface statistics will display hardware counters for dscp values.

In your case, these counters will be seen on egress as the ingress is performing the marking of the packets.

View solution in original post

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to boxhallbr

‎02-04-2010 12:07 PM

1) Closest to the source as possible - the answer is marking at ingress in the switchport

2) Correct

3) Only routers are able to shape traffic on egress. There are some switches that are able to shape on egress but require special WAN modules.

Please rate helpful posts!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎02-03-2010 04:07 PM

You won't see counters from show policy-map interface on switches as this task is performed in hardware while those are software counters.

If you have a 3560/3750 switch, the command show mls qos interface statistics will display hardware counters for dscp values.

In your case, these counters will be seen on egress as the ingress is performing the marking of the packets.

0 Helpful

Go to solution
boxhallbr
Level 1
Level 1
In response to Edison Ortiz

‎02-03-2010 07:02 PM

Edison,

Thanks for your quick response.  I'm able to see the required information now.

I have several other questions/clarifications regarding the upcoming QoS project and hopefully you can help.

1.  Should I continue marking the packets at the switch access ports?  This is best practice isn't it?  Or should I mark them at the router LAN port?

2.  Once the packet has been marked the dscp values will stay the same through to the router (as long as the command mls qos trust dscp is done etc).  Is this correct?

3.  Where should I apply the class-maps and policy-maps for shaping?  Is this then done at the router/layer 3 switch?

Thanks in advance.

Bryce.

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to boxhallbr

‎02-04-2010 12:07 PM

1) Closest to the source as possible - the answer is marking at ingress in the switchport

2) Correct

3) Only routers are able to shape traffic on egress. There are some switches that are able to shape on egress but require special WAN modules.

Please rate helpful posts!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card