Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
5
Helpful
3
Replies

Remarking CoS tags on egress - 3560CX switch

CiscoUserSince98
Level 1
Level 1

‎09-02-2020 01:19 PM - edited ‎09-02-2020 01:31 PM

Hi all.  We have a situation where we need to roll out a 3560CX as a L3 WAN switch for a small branch location.  The WAN carrier requires that all traffic handed to it be marked with Dot1q tags and marked with CoS.  The CoS tags have to be either 2, 3, or 5.  Anything other than that is put into the scavenger tier.  I have successfully accomplished this using MQC on C9300 switches, but those commands are not available on the 3560CX.  Looks like it's one of the last current models using MLS QoS commands. 

The client ports will usually consist of a Cisco IP phone and a workstation.

The approach I have found to get me working is paraphrased below:

mls qos

mls qos map dscp-cos 0 8 10 12 14 32 34 36 to 2
mls qos map dscp-cos 38 to 3
mls qos map dscp-cos 48 56 to 5
!
interface GigabitEthernet0/1

desc WAN

switchport trunk allowed vlan 504
switchport mode trunk
!
interface range GigabitEthernet0/2-7

desc WkstPort
switchport access vlan 208

switchport voice vlan 345
switchport mode access
mls qos trust dscp

This approach works, but it gives me little granularity.  Can anyone suggest a better approach?

TIA,

Brian

 

Labels:
0 Helpful
3 Replies 3

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-02-2020 01:52 PM - edited ‎09-02-2020 01:53 PM

What additional granularity do you need?  You're changing L3 ToS (DSCP) to L2 CoS.  However, you should be able to use an ingress policy map to manipulate ToS/CoS.

If you haven't already seen it, this TechNote: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/91862-cat3750-qos-config.html?dtid=osscdc000283#concept22 might help you too.

BTW, since QoS is enabled on the switch, what do you want to do with the traffic to your branch hosts?  I.e. prioritize VoIP packets to the phones and perhaps remark L2 CoS to L3 ToS (the latter shouldn't really be needed).

0 Helpful

CiscoUserSince98
Level 1
Level 1
In response to Joseph W. Doherty

‎09-03-2020 05:48 AM

Joseph, as it stands, my solution works: the workstations mark with DSCP 0, and I can put them into CoS 2 (Premium tier), and the Cisco IP phones mark at DSCP EF, and that's already mapped to CoS 5 (Priority tier).  But, I may need to put some credit card swipers into CoS 5 based on their IP address, and MQC seems a great way to do that.  I'll have to lab up my test unit and try some ingress policy maps. 

I imagine the flow would go: credit card swiper passes traffic to a port that trusts DSCP, the MQC ingress policy rewrites DSCP based on access list that matches IP address, and the DSCP-to-CoS map assigns the proper CoS on egress?

To your question, on the branch hosts, I'd be satisfied with prioritizing the VoIP packets for the phones.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to CiscoUserSince98

‎09-03-2020 10:00 AM - edited ‎09-03-2020 10:01 AM

I recall an ingress policy overrides any "trust" statement.

For egress, whether to WAN provider or to access ports, once QoS is enable, you'll likely want to PQ VoIP traffic, and to do that, you need to enable PQ per access port.  You'll also need to insure traffic is mapped to egress queues, as desired.

The TechNote reference, I believe, has such information about that too.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card