Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1090
Views
8
Helpful
2
Replies

QOS with ACL on L2 port.

Go to solution
chrisbell1
Level 1
Level 1

‎05-23-2015 03:09 PM - edited ‎03-08-2019 12:09 AM

Hi Guys,

I'm new to the QoS scene and have a question regarding class maps on a L2 port, please forgive my ignorance.

I have created a class map which matches an ACL, then referenced this class map in a policy map and then applied the policy map to a L2 switch port on a cisco 3550.

When I view the traffic statistics on the interface using show policy-map interface "" I get no results. If I change things around and make the port a L3 port I do get statistics.

Is this because the L2 port is unable to see the IP address of the incoming packets as it looks at the ethernet header? Therefor when traffic is entering a L2 port we can only match on it using the COS value in the 802.1Q frame?

If we tried to match on a DSCP value on a L2 port we can't as we are only looking at the ethernet header, and the DSCP value is contained in the IP header. 

Any help to set me straight would be much appreciated!

Thanks,

Chris

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
acampbell
VIP Alumni
VIP Alumni

‎05-25-2015 03:04 AM

Hi Chris,

A steep learning curve then on QOS - a very big subject :)

On a 3550 along with many other Lan switch models you have to look at the
relevant config guide for your IOS version.

Picking on IOS 12.2.44(SE) as an example.(Check for your own IOS version)
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-2_44_se/configuration/guide/3550SCG.html

Then look down at the "Configuring QOS" section

Find "show policy-map interface" with your browser


"
•Do not use the show policy-map interface privileged EXEC command to display classification information for incoming traffic. The interface keyword is not supported, and you should ignore the statistics shown in the display. Instead, you should specify the DSCPs to be monitored by using the mls qos monitor dscp dscp1 ... dscp8 interface configuration command, and then you should use the show mls qos interface interface-id statistics privileged EXEC command. For more information about these commands, see the command reference for this release. "

Regards
Alex

Regards, Alex. Please rate useful posts.

View solution in original post

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎05-25-2015 03:14 AM

newer switches at layer 2 you can use mls qos trust dscp if its older switch like 3550 you should be able to use mls trust cos if it does not support dscp , the switch then maps it to dscp in global config using mls qos map cos-dscp statements , l2 ports on a 3550 may not support dscp , cos values are in layer 2 header , dscp are in layer 3 header , policy-maps are usually layer 3

As below the cos 5 maps to dscp 46 ef which would be correct

sw-ipt1#sh mls qos maps cos-dscp
   Cos-dscp map:
        cos:   0  1  2  3  4  5  6  7
     --------------------------------
       dscp:   0  8 16 24 32 46 48 56

 

 

View solution in original post

2 Replies 2

Go to solution
acampbell
VIP Alumni
VIP Alumni

‎05-25-2015 03:04 AM

Hi Chris,

A steep learning curve then on QOS - a very big subject :)

On a 3550 along with many other Lan switch models you have to look at the
relevant config guide for your IOS version.

Picking on IOS 12.2.44(SE) as an example.(Check for your own IOS version)
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-2_44_se/configuration/guide/3550SCG.html

Then look down at the "Configuring QOS" section

Find "show policy-map interface" with your browser


"
•Do not use the show policy-map interface privileged EXEC command to display classification information for incoming traffic. The interface keyword is not supported, and you should ignore the statistics shown in the display. Instead, you should specify the DSCPs to be monitored by using the mls qos monitor dscp dscp1 ... dscp8 interface configuration command, and then you should use the show mls qos interface interface-id statistics privileged EXEC command. For more information about these commands, see the command reference for this release. "

Regards
Alex

Regards, Alex. Please rate useful posts.

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎05-25-2015 03:14 AM

newer switches at layer 2 you can use mls qos trust dscp if its older switch like 3550 you should be able to use mls trust cos if it does not support dscp , the switch then maps it to dscp in global config using mls qos map cos-dscp statements , l2 ports on a 3550 may not support dscp , cos values are in layer 2 header , dscp are in layer 3 header , policy-maps are usually layer 3

As below the cos 5 maps to dscp 46 ef which would be correct

sw-ipt1#sh mls qos maps cos-dscp
   Cos-dscp map:
        cos:   0  1  2  3  4  5  6  7
     --------------------------------
       dscp:   0  8 16 24 32 46 48 56

 

 

Customers Also Viewed These Support Documents