Re: 3550 QOS questions

From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Mon Jun 26 2006 - 04:29:29 ART

• Next message: ELDHO PAUL: "Multicast RP"
• Previous message: Bryant, Paul M: "RE: using 3750 switches for practice lab?"
• Maybe in reply to: san: "3550 QOS questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Correct,

"mls qos cos x"
requires "mls qos trust" command in order to be effective.

Note that you may also trust dscp/ipp here, and non-ip traffic
will have DSCP mapped from CoS value (if present in tag) or
from default CoS value (mls qos cos x), in the other case.

You may also use "override" feature with "mls qos cos" to
"unconditionally" mark every packet with desired CoS value.

HTH

-- 
Petr Lapukhov, CCIE #16379
petr@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
2006/6/26, Jake Rybak <jrybak@annese.com>:
>
> Hi Petr,
>
> I am looking at your answer to question one and wanted to clarify. It was
> confusing (to me at least) if you meant mls qos trust cos OR just mls qos
> was required.
>
> I always thought of it this way.
>
> mls qos cos 5 does require mls qos trust cos (along with the global mls
> qos
> statement) which will change any unmarked packets. If you want to change
> all
> traffic remove the trust and include mls qos cos override.
>
> Please correct me if I am wrong.
>
> Thanks,
>
> jake
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Petr
> Lapukhov
> Sent: Monday, June 26, 2006 01:14
> To: san
> Cc: Cisco certification
> Subject: Re: 3550 QOS questions
>
> San,
>
> 3550 QoS is a bit tricky, but it all revolves around the concept of
> *internal* dscp value. Even non-IP frames have that value assigned, moving
> through switch.  As for your cases:
>
> 1) Yes it is. Without MLS qos enable you will not have any kind of
> Diff-Serv
> mechanics enabled, all packets will simply flow unmodified.
>
> 2) "policed-dscp-transmit" works with *internal* dscp value. So you need
> to
> evaluate it somehow. Either use trust, with port or policy-map (cos, dscp,
> ipp) or set (dscp, cos, ipp) to give a value to internal dscp.
>
> 3) You can not. The most you can do is to pass CoS and DSCP values in IP
> packets separately. That is, you may set DSCP but leave CoS unmodified,
> and
> vice-versa. Remember, when you use "set dscp" in policy map, it sets
> *internal*
> dscp directly, and thus overrides any trust state enalbed on a port.
>
> You may, however, use "mls qos trust cos pass-through dscp".  That will
> calculate internal dscp from CoS value, but will prevent packet DSCP value
> from according modification.
>
> --
> Petr Lapukhov, CCIE #16379
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
>
> 2006/6/25, san <san.study@gmail.com>:
> >
> > Hi ,
> >
> >
> > Could you help me by answering the following questions:
> >
> >
> > Question 1:
> > ----------------
> > Is "mls qos trust cos"   mandatory for  using this command  "mls qos cos
> > 5"
> > under a Interface ?
> >
> >
> > Question 2:
> > ------------------
> >
> > In the below example , Is "trust dscp"  mandatory before modifying the
> > dscp in policed-dscp-transmit ??
> >
> > Example from :
> >
> > http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225se/3550
> > scg/swqos.htm
> >
> > This example shows how to create a policy map and attach it to an
> > ingress interface. In the configuration, the IP standard ACL permits
> > traffic from network 10.1.0.0. For traffic matching this
> > classification, the DSCP value in the incoming packet is trusted. If
> > the matched traffic exceeds an average traffic rate of 48000 bps and a
> > normal burst size of 8000 bytes, its DSCP is marked down (based on the
> > policed-DSCP map) and sent:
> >
> > Switch(config)# *access-list 1 permit 10.1.0.0 0.0.255.255
> > *
> >
> >   Switch(config)# *class-map ipclass1
> > *
> >
> >   Switch(config-cmap)# *match access-group 1
> > *
> >
> >   Switch(config-cmap)# *exit
> > *
> >
> >   Switch(config)# *policy-map flow1t
> > *
> >
> >   Switch(config-pmap)# *class ipclass1
> > *
> >
> >   Switch(config-pmap-c)# *trust dscp              ===========>   IS IT
> > MANDATORY TO TRUST BEFORE MODIFYING DSCP ??
> > *
> >
> >   Switch(config-pmap-c)# *police 48000 8000 exceed-action
> > policed-dscp-transmit
> > *
> >
> >   Switch(config-pmap-c)# *exit
> > *
> >
> >   Switch(config-pmap)# *exit
> > *
> >
> >   Switch(config)# *interface gigabitethernet0/1
> > *
> >
> >   Switch(config-if)# *service-policy input flow1t
> > *
> >
> >
> >
> >
> > Question 3:
> > ------------------
> > In the below example can i assume,   "trus dscp" is not manadatory ??t
> >
> > This example shows how to create a policy map and attach it to an
> > ingress interface. In the configuration, the IP extended ACL permits
> > TCP traffic with an IP precedence of 4 from any host destined for the
> > host at 224.0.0.5.
> > For traffic matching this classification, the DSCP value in the
> > incoming packet is set to 63.
> >
> > Switch(config)# *access-list 104 permit tcp any host 224.0.0.5
> > precedence
> > 4
> > *
> >
> >   Switch(config)# *class-map ipclass1
> > *
> >
> >   Switch(config-cmap)# *match access-group 104
> > *
> >
> >   Switch(config-cmap)# *exit
> > *
> >
> >   Switch(config)# *policy-map ip104
> > *
> >
> >   Switch(config-pmap)# *class ipclass1
> > *
> >
> >   Switch(config-pmap-c)# *set dscp 63
> > *
> >
> >   Switch(config-pmap-c)# *exit
> > *
> >
> >   Switch(config-pmap)# *exit
> > *
> >
> >   Switch(config)# *interface gigabitethernet0/1
> > *
> >
> >   Switch(config-if)# *service-policy input ip104
> > *
> >
> >
> > Question 4:
> > ----------------
> >
> > In the below example,  Can I trust the COS and manipulate the DSCP  on
> the
> > same interface ? .    So the above examples where trust dscp, cos values
> > of
> > outgoing packets will be zero ?
> >
> > Switch(config)# *policy-map macpolicy1
> > *
> >
> >   Switch(config-pmap)# *class macclass1
> > *
> >
> >   Switch(config-pmap-c)# *set dscp 63
> > *
> >
> >   Switch(config-pmap-c)# *exit
> > *
> >
> >   Switch(config-pmap)# *class macclass2
> > *
> >
> >   Switch(config-pmap-c)# *set dscp 45
> > *
> >
> >   Switch(config-pmap-c)# *exit
> > *
> >
> >   Switch(config-pmap)# *exit
> > *
> >
> >   Switch(config)# *interface gigabitethernet0/1
> > *
> >
> >   Switch(config-if)# *mls qos trust cos
> > *
> >
> >   Switch(config-if)# *service-policy input macpolicy1
> > *
> >
> >
> >
> >
> >
> >
> > --
> > Thanks & Rgds
> > SAN
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ELDHO PAUL: "Multicast RP"
• Previous message: Bryant, Paul M: "RE: using 3750 switches for practice lab?"
• Maybe in reply to: san: "3550 QOS questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:33 ART