Re: mls qos use policy-map for marking

Oh, BTW "show policy-map interface" is not "supported" on the 3550 : )
 Yes, it will run but the numbers basically mean nothing : ) To test
your markings try something like what I have shown above.

On Wed, Apr 21, 2010 at 2:54 AM, Joe Astorino <jastorino_at_ipexpert.com> wrote:
> What does your configuration look like? I have tested this myself and
> it seems to work for me. However, I would agree with Kambiz that you
> should check out the documentation:
>
> R1---Cat1---R2
>
> Here I have R1 and R2 connected to the same 3550 switch: They operate
> on VLAN 12 on the 12.12.12.0/24 subnet. I have the following ACL
> configured on R2 inbound:
> access-list 101 permit ip any any dscp ef
> access-list 101 permit ip any any dscp default
>
>
> Cat1
> --------
>
> mls qos
> !
> vlan 12
> !
> access-list 101 permit ip any any
> !
> class-map match-all MARK-EF
> match access-group 101
> !
> !
> policy-map foo
> class MARK-EF
> set dscp ef
> !
> interface FastEthernet0/1
> description R1
> switchport access vlan 12
> switchport mode access
> spanning-tree portfast
> service-policy input foo
> !
> interface GigabitEthernet0/2
> description R2
> switchport access vlan 12
> switchport mode access
> spanning-tree portfast
>
>
> Here are the results when R2 pings R1. Note that the 3550 marks the
> return packet as DSCP EF:
>
> R2#show access-list 101
> Extended IP access list 101
> 10 permit ip any any dscp ef
> 20 permit ip any any dscp default
>
> R2#sh run int gi0/0 | i access
> ip access-group 101 in
>
> R2#ping 12.12.12.1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
> R2#show access-list 101
> Extended IP access list 101
> 10 permit ip any any dscp ef (5 matches)
> 20 permit ip any any dscp default
>
>
> With regards to your "mls qos trust dscp" on a trunk port -- Yes, it
> is a layer 2 port but it is still a layer 3 switch : ) The 3550 still
> has the ability to look into the IP header and take action based on
> that information. If you configure that command it will allow the
> trunk to trust the layer 3 DSCP markings on incoming IP traffic
>
>
>
>
>
> On Wed, Apr 21, 2010 at 2:27 AM, Kambiz Agahian <kagahian_at_ccbootcamp.com> wrote:
>> Hi Bao,
>>
>> Instead of a YES/NO answer I want you to spend a couple of hours on the
>> following link:
>>
>> http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186
>> a00800feff5.shtml
>>
>> Believe me; rarely does Cisco develop such a nice article.
>>
>> --------------------------
>> Kambiz Agahian
>> CCIE (R&S)
>> CCSI, WAASSE, RSSSE
>> Technical Instructor
>> CCBOOTCAMP - Cisco Learning Solutions Partner (CLSP)
>> Email: kagahian_at_ccbootcamp.com
>> Toll Free: 877-654-2243 begin_of_the_skype_highlighting
>> 877-654-2243 end_of_the_skype_highlighting
>> International: +1-702-968-5100 begin_of_the_skype_highlighting
>> +1-702-968-5100 end_of_the_skype_highlighting
>> Skype: skype:ccbootcamp?call
>> FAX: +1-702-446-8012
>> YES! We take Cisco Learning Credits!
>> Training And Remote Racks: http://www.ccbootcamp.com
>> OEQ Voice Waiver: http://www.ccbootcamp.com/noeqvoice.html
>> OEQ R&S Waiver: http://www.ccbootcamp.com/noeqrs.html
>> OEQ Commercial: http://www.ccbootcamp.com/noeq.mp
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com on behalf of Bao Bao Chou
>> Sent: Tue 4/20/2010 10:50 PM
>> To: ccielab_at_groupstudy.com
>> Subject: mls qos use policy-map for marking
>>
>> Hi Group Study experts
>>
>> Recently i tested use policy-map for marking on my 3550 switch. And found some
>> problems.
>>
>> First, i configured a class map to match all the traffic, and use policy-map
>> to match that class to set dscp EF. Then i applied that policy map to the
>> incoming direction of an access port(layer 2), which is connected to a router.
>> After that i tried generate some traffic from the router, and then on the
>> switch, i found there is nothing matched when i tried "show policy-map
>> interface".
>>
>> but after i changed the switch port to a layer 3 port, the marking is
>> successfully done.
>>
>> so i am wondering policy-map marking is only working on a layer 3 port. Please
>> help me to confirm it. Thanks a lot.
>>
>>
>> And by the way, what is the meaning if i put "mls qos trust dscp " on a trunk
>> port?? since trunk port is a layer 2 port, it wont check layer 3 portion, is
>> it??
>>
>>
>>
>>
>>
>>
>> _________________________________________________________________
>> Hotmail: Powerful Free email with security by Microsoft.
>> https://signup.live.com/signup.aspx?id=60969
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
> --
> Regards,
>
>
>
> Joe Astorino - CCIE #24347
> Sr. Technical Instructor - IPexpert
> Mailto: jastorino_at_ipexpert.com
> Telephone: +1.810.326.1444
> Live Assistance, Please visit: www.ipexpert.com/chat
> eFax: +1.810.454.0130
>
> IPexpert is a premier provider of Self-Study Workbooks, Video on
> Demand, Audio Tools, Online Hardware Rental and Classroom Training for
> the Cisco CCIE (R&S, Voice, Security & Service Provider)
> certification(s) with training locations throughout the United States,
> Europe, South Asia and Australia. Be sure to visit our online
> communities at www.ipexpert.com/communities and our public website at
> www.ipexpert.com
>

-- 
Regards,
Joe Astorino - CCIE #24347
Sr. Technical Instructor - IPexpert
Mailto: jastorino_at_ipexpert.com
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on
Demand, Audio Tools, Online Hardware Rental and Classroom Training for
the Cisco CCIE (R&S, Voice, Security & Service Provider)
certification(s) with training locations throughout the United States,
Europe, South Asia and Australia. Be sure to visit our online
communities at www.ipexpert.com/communities and our public website at
www.ipexpert.com
Blogs and organic groups at http://www.ccie.net