Re: QoS DSCP marking

typeonegative · ‎03-30-2012

Hey,

I have C3560 and encoutered with such issue, that it doesn't mark packets I want. Configuration:

int vlan 100

...

service-policy input REDIRECT

!

class-map match-all HTTP

match access-group name ACL_HTTP

!

policy-map REDIRECT

class HTTP

set dscp 63

!

ip access-list extended ACL_HTTP

permit tcp host 192.168.1.6 any eq www

!

C3560#show mls qos

QoS is enabled

QoS ip packet dscp rewrite is enabled

I have the same configuration on C3750, everything works. Any ideas?

Donatas.

John Blakley · ‎03-30-2012

What do you get if you do a "sho policy-map inter vlan 100"?

HTH, John *** Please rate all useful posts ***

typeonegative · ‎03-30-2012

C3560#show policy-map interface vlan 100

Vlan100

Service-policy input: REDIRECT

Class-map: HTTP (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name ACL_HTTP

Class-map: class-default (match-any)

1893 packets, 398571 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

1893 packets, 398571 bytes

5 minute rate 0 bps

As I see 0 packets, 0 bytes ;-) Maybe here it's a problem.

John Blakley · ‎03-30-2012

Is your host 192.168.1.6 in vlan 100?

HTH, John *** Please rate all useful posts ***

typeonegative · ‎03-30-2012

Yes, ofcourse. I have internet from that host, but I don't understand, why C3560 doesn't catch this packet.

John Blakley · ‎03-30-2012

Well, my first thought is to try changing your www traffic to icmp. Ping from the 192 host to something out and see if it marks. If it does, it has to do with the direction that your web traffic is coming from. Is the 192 host a web server? If not, you may never see marking on web traffic inbound.

HTH, John *** Please rate all useful posts ***

typeonegative · ‎03-30-2012

I tried with access-list 101 permit icmp any any and with no success.

John Blakley · ‎03-30-2012

Can you post the interface configuration? "sh run int "

HTH, John *** Please rate all useful posts ***

John Blakley · ‎03-30-2012

Donatas,

On the ports that you need to have monitored, make sure that you have "mls qos vlan-based" configured on the port. Then you should be able to see packets.

John

Please rate all useful posts...

HTH, John *** Please rate all useful posts ***

Vasileios Bouloukos MSc, ITIL, CCIE · ‎03-30-2012

Hi Donatas,

Could you add also the next entry to your AL and check if it has hits? Please, check also with policy map if marks packets.

ip access-list extended ACL_HTTP

permit tcp host 192.168.1.6 any eq www

permit tcp host 192.168.1.6 eq www any

Then I would recommend to add the general entry

permit ip host 192.168.1.6 any

and check with policy map if marks packets.

Then, if still does not mark packets I would sugget to apply the service policy to the out direction too.

Hope that helps,

Vasilis

Steve Galarza · ‎10-22-2020

Hi All,

New at implementing DSCP. And hoping you can help.

We have moved to softphones and need to start marking DSCP for QoS on L2s. But I keep running into a problem where class-map is being mapped but the class-group does not. I am not sure what I am missing.

here is my config:

config) ip access-list extended VOIP
config-ext-nacl) permit udp any any range 16384 32767
exit

config) ip access-list extended SIP
config-ext-nacl) permit udp any any range 5060 5061
config-ext-nacl) permit tcp any any range 5060 5061
exit

config) class-map match-any VOIP-TRAFFIC
config-cmap) match access-group name VOIP

config-cmap) class-map match-any SIGNALLING
config-cmap) match access-group name SIP
exit

config) policy-map LTU-INGRESS-POLICY
config-pmap) class VOIP-TRAFFIC
config-pmap-c) set dscp ef
config-pmap-c) class SIGNALLING
config-pmap-c) set dscp CS3
exit

int gig1/0/37
service-policy input LTU-INGRESS-POLICY

Here is how I was monitoring the policy-map:

SW-LAB#show policy-map int gig1/0/37
GigabitEthernet1/0/37

Service-policy input: LTU-INGRESS-POLICY

Class-map: VOIP-TRAFFIC (match-any)
12431 packets
Match: access-group name VOIP
0 packets, 0 bytes
5 minute rate 0 bps
QoS Set
dscp ef

Class-map: SIGNALING (match-any)
545 packets
Match: access-group name SIP
0 packets, 0 bytes
5 minute rate 0 bps
QoS Set
dscp cs3

Class-map: class-default (match-any)
6399 packets
Match: any