From: Mike Haddad (mike.haddad@hotmail.com)
Date: Thu Jun 05 2008 - 14:18:13 ART
What I meant is you have to set the trust on the trunk interface e.G
int f0/13
mls qos trust dscp
Now since you have a policy map there it is trying to match the class it is
not rewriting the dscp value. The below looks strange and it is always
prefered to set the trust on the interface level so you don't end into
rewriting the values to default.
Regards,
> Date: Thu, 5 Jun 2008 18:59:38 +0300> From: ccie3000@googlemail.com> To:
mike.haddad@hotmail.com> Subject: Re: Can somebody spot my mistake coz I can't
see what's up> CC: huan.pham@peopletelecom.com.au; ccielab@groupstudy.com> >
Hi Mike,> > I'd configured the policy map to trust dscp, if it were re-writing
it to> dscp default, it would make more sense, it was just passing the traffic
as> dscp ef even though I was trying to re-write it to dscp cs4....> > Now, I
don't actually believe this has worked, but it has hhhmmmm....> > I've
attached configs so that you can see for yourselves:> > So to recap, I'm
sending out traffic from R1 marked with dscp ef, it goes to> SW1 which just
trusts dscp, it then crosses a trunk to SW2 where I have a> policy-map,
basically matching dscp ef and remarking to cs4, traffic then> goes out an
interface to R2.> > Check this out, config from SW2:> > class-map match-all
MATCH_EF> match ip dscp ef> !> policy-map DSCP_EF> class MATCH_EF> set ip dscp
cs4> !> interface FastEthernet0/13> service-policy input DSCP_EF> !> Access
list on R2 is showing that it's being re-written to CS4> > Rack1R2#SHO IP
ACCESS | in match> 10 permit ip any any dscp default (72 matches)> 330 permit
ip any any dscp cs4 (3000 matches)> > Now we take a closer look at SW2:> >
Rack1SW2#sho mls qos int fa0/13> FastEthernet0/13> Attached policy-map for
Ingress: DSCP_EF> trust state: not trusted> trust mode: not trusted> COS
override: dis> default COS: 0> DSCP Mutation Map: Default DSCP Mutation Map>
Trust device: none> > + there is no trust statement in the policy-map......but
yet when I did have> the trust statement in the policy-map as below. Yep, it
trusted it alright> but it wouldn't re-mark to CS4.> > policy-map DSCP_EF>
class MATCH_EF> trust dscp> set ip dscp cs4> > Now I don't have any trust
statement and it's working as I'd> expected.....tis a strange one.> > Cheers,>
> On 6/5/08, Mike Haddad <mike.haddad@hotmail.com> wrote:> >> > Please note
that if you enable mls qos on the transit switches the marking> > will be
removed when traffic cross the trunk. This is becuase you didn't set> > the
trust on the trunk interfaces and the default level is not to trust any> >
marking. THerefore, if you enable trust on the transit switches you will> >
need to enable trust on the trunks.> >> > > Date: Thu, 5 Jun 2008 09:04:58
+0300> > > From: ccie3000@googlemail.com> > > To:
Huan.Pham@peopletelecom.com.au> > > Subject: Re: Can somebody spot my mistake
coz I can't see what's up> > > CC: ccielab@groupstudy.com> > >> > > Hi Guys,>
> >> > > Yep, mls qos is enabled globally and I have ip accounting precedence
on> > the> > > interface as well as the acl.> > > The traffic is going through
DSCP EF and NOT being remarked. I was> > testing> > > with mutation maps
before and they worked fine, although the strange> > thing> > > was when I
applied it to inerface fa0/13 it actually applied it on all> > > interfaces
from fa0/13 to fa0/24 ?? All of the remarking is being.> > >> > > sw1 3560 has
mls qos and mls qos trust dscp on the interface connecting> > to> > > R1 and
SW2 3550 is configured to do the remarking, but tis not working.> > >> > > I'm
going to be out of the offic all day so I won't have access to the> > rack.> >
> When I get back a bit later I'll reload the switch with a clear config,> > >
start again with a clear head, try some other things and report back.> > >> >
> Thanks,> > >> > >> > > On 6/5/08, Huan Pham <Huan.Pham@peopletelecom.com.au>
wrote:> > > >> > > > Hi,> > > >> > > > You need to enable mls qos globally on
SW2 as well. Have you?> > > >> > > > -----Original Message-----> > > > From:
nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf> > Of> > > >
CCIE3000> > > > Sent: Thursday, 5 June 2008 5:16 AM> > > > To: Cisco
certification> > > > Subject: Can somebody spot my mistake coz I can't see
what's up> > > >> > > > Hi Guys,> > > >> > > > Doing some QOS on switches and
I just can't get it to work, I think> > I've> > > > crossed the T's and dotted
the i's but it ain't working.> > > >> > > > Setup> > > >> > > > 3560> > > >
3550> > > > R1 fa0/0------fa0/1 SW1 fa0/13 -----TRUNK------ fa0/13 SW2> > > >
fa0/2-----------fa0/0 R2> > > >> > > > R1> > > > class default matching
everything going out to SW and marking it as> > DSCP> > > > EF> > > >> > > >
SW1> > > > mls qos> > > > int fa0/1> > > > mls qos trust dscp> > > >> > > >
SW2> > > > class-map match all MATCH_EF> > > > match ip dscp ef> > > >
policy-map MARK_EF> > > > class MATCH_EF> > > > trust dscp> > > > set dscp
cs4> > > >> > > > interface fa0/13> > > > service-policy input MARK_EF> > > >>
> > > I've configure an acl on R2 to match ip any any for all dscp values.> >
I'm> > > > still seeing it as EF.> > > > When I do a show policy-map int
fa0/13 I see the correct policy-map but> > > > I'm not seeing any packets on
either the MATCH_EF class or the default> > > > class.> > > >> > > > Any ideas
what I'm missing? I've configure the class-map first, then> > the> > > >
policy-map and then applied it to the interface so I don't think I've> > > >
caused problem with order of operation (if there was one), I've also> > > >
reloaded the switch, but still no joy.> > > >> > > > I'd appreciate any input
if you guys can.> > > >> > > > Thanks,> > > >> > > >> > > >
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:20 ART