@Collin Clark AutoQos is enabled on the switch on the switch, and I intended to enable QoS auto-classify on the edge ports using the AUTOQOS-SRND4-CLASSIFY-POLICY then remark the traffic at the router level. So Yes, I want the switch's edge ports to be the marking/trust edge ports. The configuration will be something like this :
class-map match-all AUTOQOS_MULTIENHANCED_CONF_CLASS match access-group name AUTOQOS-ACL-MULTIENHANCED-CONF
class-map match-all AUTOQOS_DEFAULT_CLASS match access-group name AUTOQOS-ACL-DEFAULT
class-map match-all AUTOQOS_TRANSACTION_CLASS match access-group name AUTOQOS-ACL-TRANSACTIONAL-DATA
class-map match-all AUTOQOS_SIGNALING_CLASS match access-group name AUTOQOS-ACL-SIGNALING
class-map match-all AUTOQOS_BULK_DATA_CLASS match access-group name AUTOQOS-ACL-BULK-DATA
class-map match-all AUTOQOS_SCAVANGER_CLASS match access-group name AUTOQOS-ACL-SCAVANGER !
policy-map AUTOQOS-SRND4-CLASSIFY-POLICY class AUTOQOS_MULTIENHANCED_CONF_CLASS set dscp af41 class AUTOQOS_BULK_DATA_CLASS set dscp af11 class AUTOQOS_TRANSACTION_CLASS set dscp af21 class AUTOQOS_SCAVANGER_CLASS set dscp cs1 class AUTOQOS_SIGNALING_CLASS set dscp cs3 class AUTOQOS_DEFAULT_CLASS set dscp default
GigabitEthernet1/0/x-y auto qos classify
switchport mode trunk srr-queue bandwidth share 1 30 35 5 priority-queue out
mls qos trust cos (or dscp)
Now The issue I see with enabling Auto QoS on the switch interfaces is the following :
Since most of the switches I use are 2960-X, the QoS auto-classify command will generate a new ACL with a list of ports (port range) to match. If an application is not found within the port range defined in the ACL, it will be marked as default until it gets to the router, where NBAR will reclassify it. Another issue is the amount of auto-generated classes. Six classes only, what if I want the voice traffic to be treated differently? Is there a different way to deal with the QoS at the switch level ??
... View more
I am deploying the QoS on a couple of routers and switches on a router-in-a-stick topology. Since NBAR is already classifying the traffic, why would I need to enable auto QoS on the switches again? Don't want to deal with the ACL thing and being stuck updating it every a new protocol is discovered. I am looking for advise on best practices to deploy QoS using NBAR. Here is my configuration below :
interface GigabitEthernet1/0/24 description Trunk to the router switchport mode trunk srr-queue bandwidth share 10 10 45 35 srr-queue bandwidth shape 10 0 0 0 udld port aggressive mls qos trust cos flowcontrol receive desired spanning-tree link-type point-to-point
on the router on the other hand I have the following config applied :
class-map match-all CLASS-NBAR-VOICE match protocol attribute traffic-class voip-telephony match protocol attribute business-relevance business-relevant class-map match-any CLASS-NBAR-SCAVENGER match protocol attribute business-relevance business-irrelevant match protocol attribute sub-category os-updates match protocol attribute sub-category backup-systems class-map match-all CLASS-NBAR-REAL-TIME-INTERACTIVE match protocol attribute traffic-class real-time-interactive match protocol attribute business-relevance business-relevant class-map match-all CLASS-NBAR-CALL-SIGNALING match protocol attribute traffic-class signaling match protocol attribute business-relevance business-relevant class-map match-all CLASS-NBAR-TRANSACTIONAL-DATA match protocol attribute traffic-class transactional-data match protocol attribute business-relevance business-relevant class-map match-all CLASS-NBAR-MULTIMEDIA-STREAMING match protocol attribute traffic-class multimedia-streaming match protocol attribute business-relevance business-relevant class-map match-all CLASS-NBAR-NETWORK-MANAGEMENT match protocol attribute traffic-class ops-admin-mgmt match protocol attribute business-relevance business-relevant
class-map match-all CLASS-NBAR-NETWORK-CONTROL match protocol attribute traffic-class network-control match protocol attribute business-relevance business-relevant class-map match-all CLASS-NBAR-MULTIMEDIA-CONFERENCING match protocol attribute traffic-class multimedia-conferencing match protocol attribute business-relevance business-relevant class-map match-all CLASS-NBAR-BROADCAST-VIDEO match protocol attribute traffic-class broadcast-video match protocol attribute business-relevance business-relevant
policy-map POLICY-INGRESS-LAN-MARKING class CLASS-NBAR-VOICE set dscp ef class CLASS-NBAR-REAL-TIME-INTERACTIVE set dscp cs4 class CLASS-NBAR-MULTIMEDIA-STREAMING set dscp af31 class CLASS-NBAR-CALL-SIGNALING set dscp cs3 class CLASS-NBAR-NETWORK-MANAGEMENT set dscp cs2 class CLASS-NBAR-SCAVENGER set dscp cs1 class CLASS-NBAR-NETWORK-CONTROL set dscp cs6 class CLASS-NBAR-TRANSACTIONAL-DATA set dscp af21 class CLASS-NBAR-MULTIMEDIA-CONFERENCING set dscp af41 class CLASS-NBAR-BROADCAST-VIDEO set dscp cs5 class class-default set dscp default
interface GigabitEthernet0/0 description trunk port to the Switch ip nbar protocol-discovery ipv4 ip flow monitor NetFlow-Monitor-v4 input ip flow monitor NetFlow-Monitor-v4 output duplex auto speed auto service-policy input POLICY-INGRESS-LAN-MARKING service-policy output POLICY-INGRESS-LAN-MARKING end
now on the WAN side, facing the service provider I have grouped the classes defined earlier into a 6 Classes model and applied a Policy-map as well. Would that be okay to keep it as it is?
... View more
The eigrp stub-site command is mutually exclusive with the eigrp stub command. You cannot execute both commands on a device. It is also worth saying that this eigrp stub-site command resets the peers on WAN interfaces and initiates relearning of routes from WAN neighbors. I hope this helps !
... View more