Re: mls qos map policed-dscp

Here is my results. Please let me know if I am missing something, this was a
rather hastily put together test, but as you can see I did not configure
mappings. Only the default exists.

[R1] e0/0 ------ f0/1 [SW1] ------ [SW2] f0/2 ------ e0/0 [R2]

R1 and R2 are on vlan 12, subnet 192.168.0.0/24. Switches are 3560s and at
DEFAULT. Here is what I configure, from the start:

On SW1:

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host SW1
SW1(config)#int f0/13
SW1(config-if)#sw tr e dot
SW1(config-if)#sw mo tr
SW1(config-if)#int f0/1
SW1(config-if)#sw mo a
SW1(config-if)#sw ac v 12
% Access VLAN does not exist. Creating vlan 12
SW1(config-if)#mls qos
SW1(config)#int f0/1
SW1(config-if)#mls qos trust dscp

On SW2:

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host SW2
SW2(config)#int f0/2
SW2(config-if)#sw mo a
SW2(config-if)#sw ac vlan 12
% Access VLAN does not exist. Creating vlan 12
SW2(config-if)#int rang f0/14 - 24
SW2(config-if-range)#shut
SW2(config-if-range)#int f0/13
% Command exited out of interface range and its sub-modes.
  Not executing the command for second and later interfaces
SW2(config-if)#sw t e d
SW2(config-if)#sw mo tr
SW2(config-if)#monito sess 1 sou int f0/13
SW2(config)#monito sess 1 des int f0/12 enca replicate

On R1:

R1(config)#policy-map SET-DSCP
R1(config-pmap)#class class-default
R1(config-pmap-c)#set dscp 46
R1(config-pmap-c)#int e0/0
R1(config-if)#service-policy output SET-DSCP

Now I have both routers on VLAN 12 with a trunk between the two switches.
SW1 has mls qos configured, SW2 does not so it leaves the marking alone. On
port f0/12 I have a PC with wireshark. When I send pings from R1 to R2 they
have DSCP 46. When the packets reach SW2 over the trunk they have DSCP46 and
COS 5. SW1 set this without any mappings configured. The mappings are
default.

SW1#sho mls qos map dscp-co
   Dscp-cos map:
     d1 : d2 0 1 2 3 4 5 6 7 8 9
     ---------------------------------------
      0 : 00 00 00 00 00 00 00 00 01 01
      1 : 01 01 01 01 01 01 02 02 02 02
      2 : 02 02 02 02 03 03 03 03 03 03
      3 : 03 03 04 04 04 04 04 04 04 04
      4 : 05 05 05 05 05 05 05 05 06 06
      5 : 06 06 06 06 06 06 07 07 07 07
      6 : 07 07 07 07
SW1#

If you want the packet capture, I can unicast it to you. I don't think the
list accepts attachments.

Bryan Bartik
CCIE #23707, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com

On Sat, May 2, 2009 at 9:36 PM, Narbik Kocharians <narbikk_at_gmail.com> wrote:

> It will NOT happen by just entering mls qos trust dscp. You need to
> configure the map manually.
>
>
> On Sat, May 2, 2009 at 8:25 PM, Bryan Bartik <bbartik_at_ipexpert.com> wrote:
>
>> Narbik,
>>
>> What do you mean "unless you change the mapping." There are default maps
>> that will make the COS when you trust DSCP. I have tried it! :-)
>>
>>
>> Bryan Bartik
>> CCIE #23707, CCNP
>> Sr. Support Engineer - IPexpert, Inc.
>> URL: http://www.IPexpert.com <http://www.ipexpert.com/>
>>
>> On Sat, May 2, 2009 at 8:06 PM, Narbik Kocharians <narbikk_at_gmail.com>wrote:
>>
>>> *if I have interface with just mls qos trust dscp, if port receives
>>> packet
>>>
>>> with for example DSCP 46, does it remark also COS field when it sends
>>> packet
>>> to anoter switch over trunk.*
>>> *NO,* it does NOT, when you enter "mls qos trust dscp", it ONLY trusts
>>> the
>>> DSCP value and it has NOTHING to do with CoS. UNLESS YOU change the
>>> mapping.
>>> That was your question and this is your answer. If in doubt, please try
>>> it,
>>> IOS WILL ALWAYS TELL YOU THE TRUTH.
>>>
>>> *Does mls qos map policed-dscp remark DSCP and COS field or just DSCP?*
>>>
>>> *NO,* it does NOT touch COS field at all. Unless its configured to do so.
>>>
>>> This is without twisting word around.
>>> On Sat, May 2, 2009 at 1:40 PM, Petr Lapukhov
>>> <petr_at_internetworkexpert.com>wrote:
>>>
>>> > Hi,
>>> >
>>> > In general, Catalyst switches implement "synchronous" marking logic:
>>> > i.e. all potential
>>> > QoS labels (L3,L2) are kept synchronized using the DSCP-to-CoS,
>>> > CoS-to-DSCP and IP Prec-to-CoS
>>> > global mapping tables. This is pretty natural if you think of
>>> > "uniform" QoS marking model.
>>> > In some cases it is possible to modify just one QoS marking point,
>>> > keeping the other intact.
>>> >
>>> > See below for more details.
>>> >
>>> > > Does mls qos map policed-dscp remark DSCP and COS field or just DSCP?
>>> >
>>> > Yes, CoS is modified according to the DSCP-to-CoS mapping table (in
>>> > both 3550 and 3560).
>>> > You may avoid CoS modification while policing in the 3550 model by
>>> > using the configuration
>>> > similar to the following:
>>> >
>>> > mls qos cos policy-map
>>> > !
>>> > policy-map POLICE_INBOUND
>>> > class ICMP
>>> > trust dscp
>>> > set cos 2
>>> > police 64000 16000 exceed-action policed-dscp-transmit
>>> >
>>> > Here you trust DSCP values and set CoS at the same time. Setting CoS
>>> > directly in policy-map in only
>>> > possible in the 3550 model when enabled by the special global-mode
>>> > command. The 3560 does
>>> > not provide such flexibility, and most of the time it is not needed.
>>> >
>>> > > if I have interface with just mls qos trust dscp, if port receives
>>> packet
>>> > > with for example DSCP 46, does it remark also COS field when it sends
>>> > packet
>>> > > to anoter switch over trunk.
>>> >
>>> > Yes, by default CoS is modified according to the DSCP to CoS mapping
>>> table.
>>> > In the 3550 model you may avoid this behavior by enabling special CoS
>>> > pass-thru mode:
>>> >
>>> > interface FastEthernet 0/4
>>> > mls qos trust dscp pass-through cos
>>> >
>>> > (there is symmetric DSCP pass-thru mode, configured using the command
>>> > "mls qos trust cos pass-through dscp")
>>> >
>>> > In the 3560 model, it is not possible to disable CoS rewrite. More
>>> > than that, you have to set
>>> > CoS values for non-IP packets by using the "set dscp" command, as there
>>> is
>>> > no "set cos" commad. Still, you can disable DSCP rewriting while
>>> trusting
>>> > CoS
>>> > (mls qos trust cos) by entering the global command "no mls qos rewrite
>>> ip
>>> > dscp"
>>> >
>>> > HTH,
>>> > --
>>> > Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice)
>>> > petr_at_INE.com
>>> >
>>> > Internetwork Expert, Inc.
>>> > http://www.INE.com <http://www.ine.com/> <http://www.ine.com/>
>>> > Toll Free: 877-224-8987
>>> > Outside US: 775-826-4344
>>> >
>>> > >
>>> > >
>>> > > Blogs and organic groups at http://www.ccie.net
>>> > >
>>> > >
>>> _______________________________________________________________________
>>> > > Subscription information may be found at:
>>> > > http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>>
>>>
>>> --
>>> Narbik Kocharians
>>> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
>>> www.MicronicsTraining.com <http://www.micronicstraining.com/>
>>> www.Net-Workbooks.com <http://www.net-workbooks.com/>
>>> Sr. Technical Instructor
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>>
>>
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com
> www.Net-Workbooks.com
> Sr. Technical Instructor
>

-- 
Bryan Bartik
CCIE #23707, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
Blogs and organic groups at http://www.ccie.net