From: Jake Rybak (jrybak@annese.com)
Date: Mon Jun 26 2006 - 04:11:23 ART
Hi Petr,
I am looking at your answer to question one and wanted to clarify. It was
confusing (to me at least) if you meant mls qos trust cos OR just mls qos
was required.
I always thought of it this way.
mls qos cos 5 does require mls qos trust cos (along with the global mls qos
statement) which will change any unmarked packets. If you want to change all
traffic remove the trust and include mls qos cos override.
Please correct me if I am wrong.
Thanks,
jake
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Petr
Lapukhov
Sent: Monday, June 26, 2006 01:14
To: san
Cc: Cisco certification
Subject: Re: 3550 QOS questions
San,
3550 QoS is a bit tricky, but it all revolves around the concept of
*internal* dscp value. Even non-IP frames have that value assigned, moving
through switch. As for your cases:
1) Yes it is. Without MLS qos enable you will not have any kind of Diff-Serv
mechanics enabled, all packets will simply flow unmodified.
2) "policed-dscp-transmit" works with *internal* dscp value. So you need to
evaluate it somehow. Either use trust, with port or policy-map (cos, dscp,
ipp) or set (dscp, cos, ipp) to give a value to internal dscp.
3) You can not. The most you can do is to pass CoS and DSCP values in IP
packets separately. That is, you may set DSCP but leave CoS unmodified, and
vice-versa. Remember, when you use "set dscp" in policy map, it sets
*internal*
dscp directly, and thus overrides any trust state enalbed on a port.
You may, however, use "mls qos trust cos pass-through dscp". That will
calculate internal dscp from CoS value, but will prevent packet DSCP value
from according modification.
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
2006/6/25, san <san.study@gmail.com>: > > Hi , > > > Could you help me by answering the following questions: > > > Question 1: > ---------------- > Is "mls qos trust cos" mandatory for using this command "mls qos cos > 5" > under a Interface ? > > > Question 2: > ------------------ > > In the below example , Is "trust dscp" mandatory before modifying the > dscp in policed-dscp-transmit ?? > > Example from : > > http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225se/3550 > scg/swqos.htm > > This example shows how to create a policy map and attach it to an > ingress interface. In the configuration, the IP standard ACL permits > traffic from network 10.1.0.0. For traffic matching this > classification, the DSCP value in the incoming packet is trusted. If > the matched traffic exceeds an average traffic rate of 48000 bps and a > normal burst size of 8000 bytes, its DSCP is marked down (based on the > policed-DSCP map) and sent: > > Switch(config)# *access-list 1 permit 10.1.0.0 0.0.255.255 > * > > Switch(config)# *class-map ipclass1 > * > > Switch(config-cmap)# *match access-group 1 > * > > Switch(config-cmap)# *exit > * > > Switch(config)# *policy-map flow1t > * > > Switch(config-pmap)# *class ipclass1 > * > > Switch(config-pmap-c)# *trust dscp ===========> IS IT > MANDATORY TO TRUST BEFORE MODIFYING DSCP ?? > * > > Switch(config-pmap-c)# *police 48000 8000 exceed-action > policed-dscp-transmit > * > > Switch(config-pmap-c)# *exit > * > > Switch(config-pmap)# *exit > * > > Switch(config)# *interface gigabitethernet0/1 > * > > Switch(config-if)# *service-policy input flow1t > * > > > > > Question 3: > ------------------ > In the below example can i assume, "trus dscp" is not manadatory ??t > > This example shows how to create a policy map and attach it to an > ingress interface. In the configuration, the IP extended ACL permits > TCP traffic with an IP precedence of 4 from any host destined for the > host at 224.0.0.5. > For traffic matching this classification, the DSCP value in the > incoming packet is set to 63. > > Switch(config)# *access-list 104 permit tcp any host 224.0.0.5 > precedence > 4 > * > > Switch(config)# *class-map ipclass1 > * > > Switch(config-cmap)# *match access-group 104 > * > > Switch(config-cmap)# *exit > * > > Switch(config)# *policy-map ip104 > * > > Switch(config-pmap)# *class ipclass1 > * > > Switch(config-pmap-c)# *set dscp 63 > * > > Switch(config-pmap-c)# *exit > * > > Switch(config-pmap)# *exit > * > > Switch(config)# *interface gigabitethernet0/1 > * > > Switch(config-if)# *service-policy input ip104 > * > > > Question 4: > ---------------- > > In the below example, Can I trust the COS and manipulate the DSCP on the > same interface ? . So the above examples where trust dscp, cos values > of > outgoing packets will be zero ? > > Switch(config)# *policy-map macpolicy1 > * > > Switch(config-pmap)# *class macclass1 > * > > Switch(config-pmap-c)# *set dscp 63 > * > > Switch(config-pmap-c)# *exit > * > > Switch(config-pmap)# *class macclass2 > * > > Switch(config-pmap-c)# *set dscp 45 > * > > Switch(config-pmap-c)# *exit > * > > Switch(config-pmap)# *exit > * > > Switch(config)# *interface gigabitethernet0/1 > * > > Switch(config-if)# *mls qos trust cos > * > > Switch(config-if)# *service-policy input macpolicy1 > * > > > > > > > -- > Thanks & Rgds > SAN > > ______________________________________________________________________ > _ Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:33 ART