thank you all...
On Wed, Feb 3, 2010 at 3:41 AM, Marko Milivojevic <markom_at_ipexpert.com>wrote:
> On Tue, Feb 2, 2010 at 18:05, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
> > Hello,
> >
> > one question about mls qos on 3560, just to make sure that I've
> understood.
> > Diagram:
> >
> >
> R1-----------------------SW1-----------trunk-----------------SW2---------------R2
> >
> R3-----------------------SW1-----------trunk-----------------SW2---------------R4
> >
> > R1 and R2 are in VLAN 12, R3 and R4 are in VLAN 34. SW1 is routing
> > between VLANs via SVI interfaces configured for each VLAN.
> > Traffic in VLAN 12 should be mapped with ip prec 3, and traffic from
> > VLAN 34 with ip prec 4.
> > On SW1 I configured policy-map under interface vlan 12 (inbound) which
> > should mark packets according to task. Same thing for interface vlan
> > 34. On the same switch I put mls qos vlan-based on trunk ports.
> > When I ping from R1 to R2 packets are NOT marked. When I ping from R2
> > to R1, packets are marked correctly.
> > Is the reason for that mls qos vlan-based command under trunk
> > interface? I mean, does it work only when traffic is going INBOUND
> > into physical interface? Actual marking is done on physical int or on
> > SVI int? Obviously interVLAN traffic is coming IN SVI interface on
> > SW1, but traffic still isn't marked with correct ip prec value.
>
> You are right in so many ways here, especially so in being confused.
> Per-VLAN QoS on all Cisco switches works differently. While certainly
> not the most creative use of SVI interfaces*, it is one that may
> confuse people who see it for the first time.
>
> So... while you are indeed applying service-policy inbound on the SVI,
> this is actually processed "on the physical interface", i.e. on all
> interfaces that have that VLAN and have VLAN-based QoS enabled. Those
> interfaces that do not have this feature applied, will not be
> processed.
>
> So, when your R1 sends the traffic and it hits the switch, since you
> don't have per-V:AN QoS enabled on that port, it is simply switched
> where it needs to go. Traffic form R2 is "caught" by per-VLAN QoS and
> passed on to the appropriate service-policy.
>
> [*] Really mind-blowing one is 6500/7600 and IGMP snooping. For
> example, if you want to disable IGMP snooping on a VLAN, you do it
> under SVI. It is recommended to have SVI in shutdown if it's not
> used... yet, the snooping is disabled. This took TAC engineer and me
> quite some time to digest. He actually needed to call development team
> to confirm.
>
> --
> Marko Milivojevic - CCIE #18427
> Senior Technical Instructor - IPexpert
>
> Mailto: markom_at_ipexpert.com
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Community: http://www.ipexpert.com/communities
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 03 2010 - 11:54:57 ART
This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART