From: Joseph Saad (joseph.samir.saad@gmail.com)
Date: Wed Mar 19 2008 - 06:25:13 ART
Andrew,
You'll need mls qos vlan-based under the switchports that are members of
this VLAN.
You'll also need to enable mls qos globally, if you haven't done this
already.
Joseph.
On Wed, Mar 19, 2008 at 12:03 PM, Andrew Larkins <
Andrew.Larkins@btgroup.co.za> wrote:
> Hi,
>
>
>
> I have a 3650G with QoS on the VLAN interface - using a "service policy"
> command. Software version is now c3560-advipservicesk9-mz.122-44.SE1.bin
> since there were issues in the c3560-advipservicesk9-mz.122-40.SE.bin
> code not reporting interface usage correctly wrt input and output rates
> - showed zero for all.
>
>
>
> This switch is running BGP to our MPLS peer and is the default gateway
> for our hosted VLAN. I need to classify packets coming back from the
> Internet from a ERP site with specific DSCP tags - configs below. I have
> applied the policy to the vlan interface, but nothing get matched at
> all. Even If I try the physical interface I get no matches.
>
>
>
> Since all traffic must go through vlan 100 - default gateway
>
>
>
> interface Vlan100
>
> description Internal
>
> ip address 172.20.230.1 255.255.255.0
>
> no ip redirects
>
> no ip unreachables
>
> no ip proxy-arp
>
> load-interval 30
>
> service-policy input Ingress-Tag
>
> !
>
> interface Vlan759
>
> description MPLS - BGP Peering
>
> ip address 172.20.255.46 255.255.255.252
>
> no ip redirects
>
> no ip unreachables
>
> no ip proxy-arp
>
> load-interval 30
>
>
>
> interface GigabitEthernet0/1
>
> description 802.1q Trunk Uplink to Firewall
>
> switchport trunk encapsulation dot1q
>
> switchport trunk allowed vlan 100,200,300,796
>
> switchport mode trunk
>
> load-interval 30
>
>
>
> interface GigabitEthernet0/2
>
> description Trunk Uplink to MPLS
>
> switchport trunk encapsulation dot1q
>
> switchport trunk native vlan 759
>
> switchport trunk allowed vlan 759,796
>
> switchport mode trunk
>
> switchport nonegotiate
>
>
>
> policy-map Ingress-Tag
>
> class VPN_Remote
>
> set ip dscp af11
>
> class ERP
>
> set ip dscp af21
>
> class class-default
>
> set ip dscp default
>
>
>
> Access-list
>
> Extended IP access list 100
>
> 10 permit ip 172.20.253.0 0.0.0.255 any
>
> Extended IP access list 101
>
> 10 permit ip host <ERP IP> any
>
>
>
> Service-policy input: Ingress-Tag
>
>
>
> Class-map: VPN_Remote (match-all)
>
> 0 packets, 0 bytes
>
> 30 second offered rate 0 bps, drop rate 0 bps
>
> Match: access-group 100
>
>
>
> Class-map: ERP (match-any)
>
> 0 packets, 0 bytes
>
> 30 second offered rate 0 bps, drop rate 0 bps
>
> Match: access-group 101
>
> 0 packets, 0 bytes
>
> 30 second rate 0 bps
>
>
>
> Class-map: class-default (match-any)
>
> 0 packets, 0 bytes
>
> 30 second offered rate 0 bps, drop rate 0 bps
>
> Match: any
>
> 0 packets, 0 bytes
>
> 30 second rate 0 bps
>
>
>
> Any guidance here appreciated please.
>
>
>
> Andrew
>
>
>
>
> The information contained in this message and or attachments is intended
> only for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient
> is prohibited. If you received this in error, please contact the sender
> and
> delete the material from any system and destroy any copies.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:53 ART