Re: Can somebody spot my mistake coz I can't see what's up

From: CCIE3000 (ccie3000@googlemail.com)
Date: Thu Jun 05 2008 - 12:59:38 ART

Hi Mike,

I'd configured the policy map to trust dscp, if it were re-writing it to
dscp default, it would make more sense, it was just passing the traffic as
dscp ef even though I was trying to re-write it to dscp cs4....

Now, I don't actually believe this has worked, but it has hhhmmmm....

I've attached configs so that you can see for yourselves:

So to recap, I'm sending out traffic from R1 marked with dscp ef, it goes to
SW1 which just trusts dscp, it then crosses a trunk to SW2 where I have a
policy-map, basically matching dscp ef and remarking to cs4, traffic then
goes out an interface to R2.

Check this out, config from SW2:

class-map match-all MATCH_EF
 match ip dscp ef
!
policy-map DSCP_EF
 class MATCH_EF
  set ip dscp cs4
!
interface FastEthernet0/13
 service-policy input DSCP_EF
!
Access list on R2 is showing that it's being re-written to CS4

Rack1R2#SHO IP ACCESS | in match
    10 permit ip any any dscp default (72 matches)
    330 permit ip any any dscp cs4 (3000 matches)

Now we take a closer look at SW2:

Rack1SW2#sho mls qos int fa0/13
FastEthernet0/13
Attached policy-map for Ingress: DSCP_EF
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none

+ there is no trust statement in the policy-map......but yet when I did have
the trust statement in the policy-map as below. Yep, it trusted it alright
but it wouldn't re-mark to CS4.

policy-map DSCP_EF
 class MATCH_EF
    trust dscp
  set ip dscp cs4

Now I don't have any trust statement and it's working as I'd
expected.....tis a strange one.

Cheers,

On 6/5/08, Mike Haddad <mike.haddad@hotmail.com> wrote:
>
> Please note that if you enable mls qos on the transit switches the marking
> will be removed when traffic cross the trunk. This is becuase you didn't set
> the trust on the trunk interfaces and the default level is not to trust any
> marking. THerefore, if you enable trust on the transit switches you will
> need to enable trust on the trunks.
>
> > Date: Thu, 5 Jun 2008 09:04:58 +0300
> > From: ccie3000@googlemail.com
> > To: Huan.Pham@peopletelecom.com.au
> > Subject: Re: Can somebody spot my mistake coz I can't see what's up
> > CC: ccielab@groupstudy.com
> >
> > Hi Guys,
> >
> > Yep, mls qos is enabled globally and I have ip accounting precedence on
> the
> > interface as well as the acl.
> > The traffic is going through DSCP EF and NOT being remarked. I was
> testing
> > with mutation maps before and they worked fine, although the strange
> thing
> > was when I applied it to inerface fa0/13 it actually applied it on all
> > interfaces from fa0/13 to fa0/24 ?? All of the remarking is being.
> >
> > sw1 3560 has mls qos and mls qos trust dscp on the interface connecting
> to
> > R1 and SW2 3550 is configured to do the remarking, but tis not working.
> >
> > I'm going to be out of the offic all day so I won't have access to the
> rack.
> > When I get back a bit later I'll reload the switch with a clear config,
> > start again with a clear head, try some other things and report back.
> >
> > Thanks,
> >
> >
> > On 6/5/08, Huan Pham <Huan.Pham@peopletelecom.com.au> wrote:
> > >
> > > Hi,
> > >
> > > You need to enable mls qos globally on SW2 as well. Have you?
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > > CCIE3000
> > > Sent: Thursday, 5 June 2008 5:16 AM
> > > To: Cisco certification
> > > Subject: Can somebody spot my mistake coz I can't see what's up
> > >
> > > Hi Guys,
> > >
> > > Doing some QOS on switches and I just can't get it to work, I think
> I've
> > > crossed the T's and dotted the i's but it ain't working.
> > >
> > > Setup
> > >
> > > 3560
> > > 3550
> > > R1 fa0/0------fa0/1 SW1 fa0/13 -----TRUNK------ fa0/13 SW2
> > > fa0/2-----------fa0/0 R2
> > >
> > > R1
> > > class default matching everything going out to SW and marking it as
> DSCP
> > > EF
> > >
> > > SW1
> > > mls qos
> > > int fa0/1
> > > mls qos trust dscp
> > >
> > > SW2
> > > class-map match all MATCH_EF
> > > match ip dscp ef
> > > policy-map MARK_EF
> > > class MATCH_EF
> > > trust dscp
> > > set dscp cs4
> > >
> > > interface fa0/13
> > > service-policy input MARK_EF
> > >
> > > I've configure an acl on R2 to match ip any any for all dscp values.
> I'm
> > > still seeing it as EF.
> > > When I do a show policy-map int fa0/13 I see the correct policy-map but
> > > I'm not seeing any packets on either the MATCH_EF class or the default
> > > class.
> > >
> > > Any ideas what I'm missing? I've configure the class-map first, then
> the
> > > policy-map and then applied it to the interface so I don't think I've
> > > caused problem with order of operation (if there was one), I've also
> > > reloaded the switch, but still no joy.
> > >
> > > I'd appreciate any input if you guys can.
> > >
> > > Thanks,
> > >
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
>
> ------------------------------

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:20 ART