From: CCIE3000 (ccie3000@googlemail.com)
Date: Fri Jun 06 2008 - 09:56:43 ART
Adedayo, has hit the nail right on the head, after playing a bit I can
confirm.
With the trust, be it with the policy-map or on the interface it will just
pass the traffic leaving it with the DSCP value set by the sending host.
If you have a policy-map WITHOUT the the trust statement (on the interface
or in the policy-map) then as long as the DSCP value of the traffic being
sent by the host matches the DSCP value in the class map match statement the
traffic will be re-written, if the traffic does not match the match dscp
value then it will remark to default.
Easy when you know how :) At least its cemented in the grey matter
now.......for how long....this remains to be seen ;)
On 6/5/08, adedayo ademuyiwa <dayo@ademuyiwa.co.uk> wrote:
> i am not expecting trust statement under the policy map. Policy map
> statement without trust will work. you will only need trust if precedence or
> dscp cos is going to transit a switch and you dont want it not to
> be remarked .
>
> why it was not remark is that you configured trust in the policy statement,
> definately, it will not remark it, it will trust the dscp ef
>
>
> On 6/5/08, CCIE3000 <ccie3000@googlemail.com> wrote:
>
>> Hi Mike,
>>
>> I'd configured the policy map to trust dscp, if it were re-writing it to
>> dscp default, it would make more sense, it was just passing the traffic as
>> dscp ef even though I was trying to re-write it to dscp cs4....
>>
>> Now, I don't actually believe this has worked, but it has hhhmmmm....
>>
>> I've attached configs so that you can see for yourselves:
>>
>> So to recap, I'm sending out traffic from R1 marked with dscp ef, it goes
>> to
>> SW1 which just trusts dscp, it then crosses a trunk to SW2 where I have a
>> policy-map, basically matching dscp ef and remarking to cs4, traffic then
>> goes out an interface to R2.
>>
>> Check this out, config from SW2:
>>
>> class-map match-all MATCH_EF
>> match ip dscp ef
>> !
>> policy-map DSCP_EF
>> class MATCH_EF
>> set ip dscp cs4
>> !
>> interface FastEthernet0/13
>> service-policy input DSCP_EF
>> !
>> Access list on R2 is showing that it's being re-written to CS4
>>
>> Rack1R2#SHO IP ACCESS | in match
>> 10 permit ip any any dscp default (72 matches)
>> 330 permit ip any any dscp cs4 (3000 matches)
>>
>> Now we take a closer look at SW2:
>>
>> Rack1SW2#sho mls qos int fa0/13
>> FastEthernet0/13
>> Attached policy-map for Ingress: DSCP_EF
>> trust state: not trusted
>> trust mode: not trusted
>> COS override: dis
>> default COS: 0
>> DSCP Mutation Map: Default DSCP Mutation Map
>> Trust device: none
>>
>> + there is no trust statement in the policy-map......but yet when I did
>> have
>> the trust statement in the policy-map as below. Yep, it trusted it alright
>> but it wouldn't re-mark to CS4.
>>
>> policy-map DSCP_EF
>> class MATCH_EF
>> trust dscp
>> set ip dscp cs4
>>
>> Now I don't have any trust statement and it's working as I'd
>> expected.....tis a strange one.
>>
>> Cheers,
>>
>> On 6/5/08, Mike Haddad <mike.haddad@hotmail.com> wrote:
>> >
>> > Please note that if you enable mls qos on the transit switches the
>> marking
>> > will be removed when traffic cross the trunk. This is becuase you didn't
>> set
>> > the trust on the trunk interfaces and the default level is not to trust
>> any
>> > marking. THerefore, if you enable trust on the transit switches you will
>> > need to enable trust on the trunks.
>> >
>> > > Date: Thu, 5 Jun 2008 09:04:58 +0300
>> > > From: ccie3000@googlemail.com
>> > > To: Huan.Pham@peopletelecom.com.au
>> > > Subject: Re: Can somebody spot my mistake coz I can't see what's up
>> > > CC: ccielab@groupstudy.com
>> > >
>> > > Hi Guys,
>> > >
>> > > Yep, mls qos is enabled globally and I have ip accounting precedence
>> on
>> > the
>> > > interface as well as the acl.
>> > > The traffic is going through DSCP EF and NOT being remarked. I was
>> > testing
>> > > with mutation maps before and they worked fine, although the strange
>> > thing
>> > > was when I applied it to inerface fa0/13 it actually applied it on all
>> > > interfaces from fa0/13 to fa0/24 ?? All of the remarking is being.
>> > >
>> > > sw1 3560 has mls qos and mls qos trust dscp on the interface
>> connecting
>> > to
>> > > R1 and SW2 3550 is configured to do the remarking, but tis not
>> working.
>> > >
>> > > I'm going to be out of the offic all day so I won't have access to the
>> > rack.
>> > > When I get back a bit later I'll reload the switch with a clear
>> config,
>> > > start again with a clear head, try some other things and report back.
>> > >
>> > > Thanks,
>> > >
>> > >
>> > > On 6/5/08, Huan Pham <Huan.Pham@peopletelecom.com.au> wrote:
>> > > >
>> > > > Hi,
>> > > >
>> > > > You need to enable mls qos globally on SW2 as well. Have you?
>> > > >
>> > > > -----Original Message-----
>> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
>> Behalf
>> > Of
>> > > > CCIE3000
>> > > > Sent: Thursday, 5 June 2008 5:16 AM
>> > > > To: Cisco certification
>> > > > Subject: Can somebody spot my mistake coz I can't see what's up
>> > > >
>> > > > Hi Guys,
>> > > >
>> > > > Doing some QOS on switches and I just can't get it to work, I think
>> > I've
>> > > > crossed the T's and dotted the i's but it ain't working.
>> > > >
>> > > > Setup
>> > > >
>> > > > 3560
>> > > > 3550
>> > > > R1 fa0/0------fa0/1 SW1 fa0/13 -----TRUNK------ fa0/13 SW2
>> > > > fa0/2-----------fa0/0 R2
>> > > >
>> > > > R1
>> > > > class default matching everything going out to SW and marking it as
>> > DSCP
>> > > > EF
>> > > >
>> > > > SW1
>> > > > mls qos
>> > > > int fa0/1
>> > > > mls qos trust dscp
>> > > >
>> > > > SW2
>> > > > class-map match all MATCH_EF
>> > > > match ip dscp ef
>> > > > policy-map MARK_EF
>> > > > class MATCH_EF
>> > > > trust dscp
>> > > > set dscp cs4
>> > > >
>> > > > interface fa0/13
>> > > > service-policy input MARK_EF
>> > > >
>> > > > I've configure an acl on R2 to match ip any any for all dscp values.
>> > I'm
>> > > > still seeing it as EF.
>> > > > When I do a show policy-map int fa0/13 I see the correct policy-map
>> but
>> > > > I'm not seeing any packets on either the MATCH_EF class or the
>> default
>> > > > class.
>> > > >
>> > > > Any ideas what I'm missing? I've configure the class-map first, then
>> > the
>> > > > policy-map and then applied it to the interface so I don't think
>> I've
>> > > > caused problem with order of operation (if there was one), I've also
>> > > > reloaded the switch, but still no joy.
>> > > >
>> > > > I'd appreciate any input if you guys can.
>> > > >
>> > > > Thanks,
>> > > >
>> > > >
>> > > >
>> _______________________________________________________________________
>> > > > Subscription information may be found at:
>> > > > http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> > >
>> _______________________________________________________________________
>> > > Subscription information may be found at:
>> > > http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> > >
>> > >
>> >
>> > ------------------------------
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART