Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4500
Views
0
Helpful
21
Replies

QoS tagging on 3750G with existing vrf-lite config

joshking1
Level 1
Level 1

‎09-06-2011 06:31 AM - edited ‎03-07-2019 02:04 AM

Hi,

Please I need some help with a vrf-lite deployment which is currently working ok at one of my sites. But the problem I am now facing is ho to tag some interesting traffic sourced from vlans within the two seperate vrfs I am using. The first problem I noticed was that none of the access lists were getting any hits and therefore the policy cannot be applied. I have researched and read a lot of previous discussions on srr and QoS on 3750 from the cisco website but none of the approaches I tried seem to work for the QoS tagging. I am running IOS version c3750-advipservicesk9-mz.122-46.SE.bin and a snapshot of the config is shown below. I tried applying the policy on trunk int gig1/0/1 connected to my ISP CE (also tried applying it on the vlans in the two vrfs).

Any helpful suggestions or solutions will be really appreciated.

system mtu routing 1500
vtp domain test

vtp mode transparent
ip subnet-zero
ip routing
no ip domain-lookup

ip domain-name network.test.net

ip vrf red

  description RED-VRF

rd 10000:1

!

ip vrf blue

description BLUE-VRF

rd 20000:1

!

mls qos

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

vlan 10

!

vlan 20

!

!

ip ssh version 2

!

class-map match-all CM_QoS_PREC_0

match access-group 100

class-map match-all CM_QoS_PREC_2

match access-group 102

class-map match-all CM_QoS_PREC_4

match access-group 104

class-map match-all CM_QoS_PREC_5

match access-group 105

!

policy-map PM_QoS_PREC

class CM_QoS_PREC_0

  set ip precedence 0

class CM_QoS_PREC_2

  set ip precedence 2

class CM_QoS_PREC_4

  set ip precedence 4

class CM_QoS_PREC_5

  set ip precedence 5

!

!

interface GigabitEthernet1/0/1

description Trunk to ISP

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20

switchport mode trunk

speed 100

duplex full

service-policy input PM_QoS_PREC

!

interface GigabitEthernet1/0/3
description To RED VRF SWITCH

switchport access vlan 10
switchport mode access
speed 100
duplex full
service-policy input PM_QoS_PREC
!
interface GigabitEthernet1/0/4
description TO BLUE VRF SWITCH

switchport access vlan 20
switchport mode access
speed 100
duplex full
service-policy input PM_QoS_PREC

!

interface Vlan1
no ip address
no ip mroute-cache
shutdown
!
interface Vlan10
description CORPORATE_VLAN
ip vrf forwarding red

ip address 172.31.60.1 255.255.255.0
!
interface Vlan20
description BLUE-VRF

ip vrf forwarding blue

ip address 10.44.96.1 255.255.255.240
!

ip classless
ip route vrf red 0.0.0.0 0.0.0.0 172.31.60.14
ip route vrf blue 0.0.0.0 0.0.0.0 10.44.96.14
no ip http server
no ip http secure-server
!
!

access-list 100 permit ip 172.31.60.0 0.0.3.255 any
access-list 100 permit ip 10.44.96.0 0.0.31.255 any
access-list 10 remark SNMP Logging
access-list 10 permit 172.31.3.1

Note: Most of the access lists and other non-relevant part of the config has been removed to focus on main issue I am currently facing. The snmp access-list gets hits on it but any other access list for subnets within vrf red or blue do not get any hits even though those subnets are passing traffic. So my service-policy is not doing anything even when applied to the vlan interface.

Labels:
0 Helpful
21 Replies 21

joshking1
Level 1
Level 1
In response to Edison Ortiz

‎09-07-2011 09:52 AM

Ok, I will apply the command and send the result of the show mls qos maps

0 Helpful

joshking1
Level 1
Level 1
In response to joshking1

‎09-08-2011 07:18 AM

Here is the output of show mls qos maps after applying the map command

Cos-dscp map:

        cos:   0  1  2  3  4  5  6  7

     --------------------------------

       dscp:   0  8 16 24 32 46 48 56

   IpPrecedence-dscp map:

     ipprec:   0  1  2  3  4  5  6  7

     --------------------------------

       dscp:   0  8 16 24 32 40 48 56

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to joshking1

‎09-08-2011 07:22 AM

Since you are using ip-precedence for marking, you should modify that map as well.

0 Helpful

joshking1
Level 1
Level 1
In response to Edison Ortiz

‎09-08-2011 07:29 AM

Both Ip-Prec and Cos maps are now thesame.

Cos-dscp map:
        cos:   0  1  2  3  4  5  6  7
     --------------------------------
       dscp:   0  8 16 24 32 46 48 56

  

IpPrecedence-dscp map:
     ipprec:   0  1  2  3  4  5  6  7
     --------------------------------
       dscp:   0  8 16 24 32 46 48 56

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to joshking1

‎09-08-2011 08:24 AM

You are set, if you are tagging IP Prec 5, you should see DSCP 46 counters incrementing.

0 Helpful

joshking1
Level 1
Level 1
In response to Edison Ortiz

‎09-08-2011 08:56 AM

I will try it out and update you.

Thanks

0 Helpful

joshking1
Level 1
Level 1
In response to joshking1

‎09-27-2011 05:08 AM

Hi,

Sorry for the long silence which was not intended....got lots of other stuff I was doing.

I have retested the policy both with the port based policy and the vlan-based option but it still does not seem to be working ok.

I still don't see packets being queued properly with the assigned precedence and also the ACL used for the classification seem to be blocking or stopping some traffic even though I have a permit ip any any statement for cos 0 packets.

I am still not sure of what or where the problem could be.

Thanks

0 Helpful
Customers Also Viewed These Support Documents