Re: mls qos use policy-map for marking

What does your configuration look like? I have tested this myself and
it seems to work for me. However, I would agree with Kambiz that you
should check out the documentation:

R1---Cat1---R2

Here I have R1 and R2 connected to the same 3550 switch: They operate
on VLAN 12 on the 12.12.12.0/24 subnet. I have the following ACL
configured on R2 inbound:
access-list 101 permit ip any any dscp ef
access-list 101 permit ip any any dscp default

Cat1
--------

mls qos
!
vlan 12
!
access-list 101 permit ip any any
!
class-map match-all MARK-EF
 match access-group 101
!
!
policy-map foo
 class MARK-EF
  set dscp ef
!
interface FastEthernet0/1
 description R1
 switchport access vlan 12
 switchport mode access
 spanning-tree portfast
 service-policy input foo
!
interface GigabitEthernet0/2
 description R2
 switchport access vlan 12
 switchport mode access
 spanning-tree portfast

Here are the results when R2 pings R1. Note that the 3550 marks the
return packet as DSCP EF:

R2#show access-list 101
Extended IP access list 101
    10 permit ip any any dscp ef
    20 permit ip any any dscp default

R2#sh run int gi0/0 | i access
 ip access-group 101 in

R2#ping 12.12.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R2#show access-list 101
Extended IP access list 101
    10 permit ip any any dscp ef (5 matches)
    20 permit ip any any dscp default

With regards to your "mls qos trust dscp" on a trunk port -- Yes, it
is a layer 2 port but it is still a layer 3 switch : ) The 3550 still
has the ability to look into the IP header and take action based on
that information. If you configure that command it will allow the
trunk to trust the layer 3 DSCP markings on incoming IP traffic

On Wed, Apr 21, 2010 at 2:27 AM, Kambiz Agahian <kagahian_at_ccbootcamp.com> wrote:
> Hi Bao,
>
> Instead of a YES/NO answer I want you to spend a couple of hours on the
> following link:
>
> http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186
> a00800feff5.shtml
>
> Believe me; rarely does Cisco develop such a nice article.
>
> --------------------------
> Kambiz Agahian
> CCIE (R&S)
> CCSI, WAASSE, RSSSE
> Technical Instructor
> CCBOOTCAMP - Cisco Learning Solutions Partner (CLSP)
> Email: kagahian_at_ccbootcamp.com
> Toll Free: 877-654-2243 begin_of_the_skype_highlighting
> 877-654-2243 end_of_the_skype_highlighting
> International: +1-702-968-5100 begin_of_the_skype_highlighting
> +1-702-968-5100 end_of_the_skype_highlighting
> Skype: skype:ccbootcamp?call
> FAX: +1-702-446-8012
> YES! We take Cisco Learning Credits!
> Training And Remote Racks: http://www.ccbootcamp.com
> OEQ Voice Waiver: http://www.ccbootcamp.com/noeqvoice.html
> OEQ R&S Waiver: http://www.ccbootcamp.com/noeqrs.html
> OEQ Commercial: http://www.ccbootcamp.com/noeq.mp
>
>
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com on behalf of Bao Bao Chou
> Sent: Tue 4/20/2010 10:50 PM
> To: ccielab_at_groupstudy.com
> Subject: mls qos use policy-map for marking
>
> Hi Group Study experts
>
> Recently i tested use policy-map for marking on my 3550 switch. And found some
> problems.
>
> First, i configured a class map to match all the traffic, and use policy-map
> to match that class to set dscp EF. Then i applied that policy map to the
> incoming direction of an access port(layer 2), which is connected to a router.
> After that i tried generate some traffic from the router, and then on the
> switch, i found there is nothing matched when i tried "show policy-map
> interface".
>
> but after i changed the switch port to a layer 3 port, the marking is
> successfully done.
>
> so i am wondering policy-map marking is only working on a layer 3 port. Please
> help me to confirm it. Thanks a lot.
>
>
> And by the way, what is the meaning if i put "mls qos trust dscp " on a trunk
> port?? since trunk port is a layer 2 port, it wont check layer 3 portion, is
> it??
>
>
>
>
>
>
> _________________________________________________________________
> Hotmail: Powerful Free email with security by Microsoft.
> https://signup.live.com/signup.aspx?id=60969
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Regards,
Joe Astorino - CCIE #24347
Sr. Technical Instructor - IPexpert
Mailto: jastorino_at_ipexpert.com
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on
Demand, Audio Tools, Online Hardware Rental and Classroom Training for
the Cisco CCIE (R&S, Voice, Security & Service Provider)
certification(s) with training locations throughout the United States,
Europe, South Asia and Australia. Be sure to visit our online
communities at www.ipexpert.com/communities and our public website at
www.ipexpert.com
Blogs and organic groups at http://www.ccie.net