RE: Setting ingress DSCP value on 3550 L2 port

From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Fri Sep 09 2005 - 14:06:47 GMT-3

Here is what I was able to determine in the lab regarding MQC to do this
and setting up the 3550 to use priority queueing for voice traffic (I
had received a unicast question on that).

Before starting, please be aware of the following restrictions for QoS
on the 3550

QoS
Unsupported Global Configuration Commands
policy-map policy-map-name bandwidth
policy-map policy-map-name set mpls
Unsupported Class-Map Configuration Commands
match any
match destination-address
match input-interface
match mpls
match not
match protocol
match source-address

This is taken from
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configura
tion_guide_chapter09186a0080211d4f.html#wp1010072

The simple setup is as follows:

R1 (F0/0; 10.1.1.1)
|
|
(F0/1)
Sw-3550A
(F0/2)
|
|
R2(F0/0; 10.1.1.2)

I setup the following access list on R2, inbound on F0/0

access-list 100 permit icmp any any dscp cs2

If I ping 10.1.1.2 from R1 I get U.U.U as expected.

I now set the dscp to 2 for ICMP traffic on R1 with the following:

!
 class-map match-all icmp
  match access-group 110
!
!
 policy-map dscp
  class icmp
   set dscp cs2
!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 service-policy output dscp
 duplex auto
 speed auto
!
Access-list 110 permit icmp any any

Now if I ping 10.1.1.2 from R1 the ping works and I get hits in the
show access-list on R2.

R2(config)#do sho access-list 100
Extended IP access list 100
    10 permit icmp any any dscp cs2 (20 matches)

So far so good, I have a tested base to work from to see how the 3550
operates, I now remove the service policy from R1 F0/0 and see if I can
get the 3550 to mark the traffic.

Now I put the following configuration on the switch and test

class-map match-all icmp
  match access-group 100
!
policy-map dscp
  class icmp
    set ip dscp 16
!
interface FastEthernet0/1
 switchport access vlan 12
 switchport mode access
 service-policy input dscp
!
access-list 100 permit icmp any any

Note that I entered set ip dscp cs2, but the parser changed it to 16.

I ping 10.1.1.2 from R1 and it fails. If I add mls qos to the global
configuration of the switch, it works.

So to reply to Toonsh's original question, was mls qos globally enabled?
Also the Set dscp command does not seem to be there, you need set ip
dscp, at least in the IOS on my switch. However, the basic functionality
works.

Now to the question of setting a priority queue for the 3550 for voice
traffic.

MQC will not work for this, if I try, I get the following:

SW-3550A(config-pmap-c)#?
QoS policy-map class configuration commands:
  bandwidth Bandwidth
  exit Exit from QoS class action configuration mode
  no Negate or set default values of a command
  trust Set trust value for the class
  <cr>
  police Police
  set Set QoS values

This is running 12.1(20)EA, the release I'd expect to see on the exam.

There is no option. Now I admit this is tricky, some commands appear in
here that are listed as not supported, so I suspect if you use them, you
will lose points on the exam. It is easy here though, as the priority
keyword is not even listed, so we have to resort to the legacy commands.

Now the short cut to doing this is as follows:

SW-3550A(config-if)#auto qos voip ?
  cisco-phone Trust the QoS marking of Cisco IP Phone
  cisco-softphone Trust the QoS marking of Cisco IP SoftPhone
  trust Trust the DSCP/CoS marking

I was in F0/1 and after selecting the csico-phone option, the autoqos
voip macro runs and I get this configuration

mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 85
mls qos min-reserve 7 51
mls qos min-reserve 8 34
mls qos
!
interface FastEthernet0/1
 switchport access vlan 12
 switchport mode access
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 wrr-queue bandwidth 10 20 70 1
 wrr-queue min-reserve 1 5
 wrr-queue min-reserve 2 6
 wrr-queue min-reserve 3 7
 wrr-queue min-reserve 4 8
 wrr-queue cos-map 1 0 1
 wrr-queue cos-map 2 2 4
 wrr-queue cos-map 3 3 6 7
 wrr-queue cos-map 4 5
 priority-queue out

Now this typically will not be enough to meet the requirements, and
you'll probably want to run no auto qos voip cisco phone on the interace
to remove this once you've copied it for further use, but it is a great
start to look at the commands you need to configure. So what should we
try to accompish here?

The auto qos script has created configurations that affect things
inbound and outbound. Inbound it is trusting cos from the cisco phone,
however the rest is for outbound traffic from the port to the phone,
which is where we'll focus here.

Each 3550 port has 4 hardware queues, only one of them can be used for
priority queuing, queue 4.

The interface command priority-queue out sets transmit queue 4 as the
priority queue. However, to use priority queuing, you would have to make
sure that the CoS value for the packets you want priority queued ended
up in transmit queue 4 by some means. The auto qos voip script assumes
packets going through the switch to be egressed out interface Fa0/1 will
be marked with precedence 5 and places them in queue 4 with the command
Wrr-queue cos-map 4 5

So how much bandwidth is assign to the priority queue? The documentation
gives us this example:

Switch(config)# interface gigabitethernet0/1
Switch(config-if)# wrr-queue bandwidth 1 2 3 4

"The ratio of the bandwidth allocated for each queue is 1/(1+2+3+4),
2/(1+2+3+4), 3/(1+2+3+4), and 4/(1+2+3+4), which is 1/10, 1/5, 3/10, and
2/5 for queues 1, 2, 3, and 4. "

This suggests that the auto qos script has assigned 1/101 to the
priority queue, however, the documentation also tells us

"All four queues participate in the WRR unless the expedite queue (queue
4) is enabled, in which case weight4 is ignored (not used in the ratio
calculation). The expedite queue is a priority queue, and it is serviced
until empty before the other queues are serviced"

So you never need to set a bandwidth level for the priority queue on the
3550.

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Niche
Sent: Thursday, September 08, 2005 7:49 PM
To: toonsh dosh
Cc: ccielab@groupstudy.com
Subject: Re: Setting ingress DSCP value on 3550 L2 port

Hi,

As far as I can remember, dscp is layer 3 marking, so if you want to do
what you want and the you don't have any cos marking in the packet in
advance before it enter into the cat3550. You should create a cos-dscp
mapping in global configuration, then set the default cos of the
incoming traffic to that related dscp value.

Then apply the service policy on the outgoing interface and use
access-list to check again at the remote end.

Again, just my thinking, please correct me if I have anything wrong =)

Jacky

On 9/8/05, toonsh dosh <toonsh@hotmail.com> wrote:
>
> Hi,
>
> I have just run some tests trying to set ingress traffic on a 3550 L2
> port to a DSCP value of 45.
>
> mls qos
> !
> class-map match-all ICMP
> match access-group 101
> !
> !
> policy-map TEST
> class ICMP
> set dscp 45
> !
> access-list 101 permit icmp any any
> !
> int f0/1
> service-policy input TEST
>
> If I run a trace on the receiving end I see the DSCP value has
> remained unchanged. Am I missing something ? What are some other ways
> of setting ingress traffic PREC or DSCP values.
>
> Thanks
>
> _________________________________________________________________
> We've put MSN Search Toolbar on steroids - download today, it's FREE!
> http://toolbar.msn.co.za?DI=1054&XAPID=2083
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3