Here's a simple example to classify all IP traffic to DSCP 40
If you are using non-IP traffic, you would use a mac access-list and match
on whatever parameters you choose
Cat3 Fa0/24 (is representing an IP Host) and is directly Connected to Cat4
Fa0/24 as an access port (Both switches are 3550s)
Config Cat3
------------------
mls qos
access-list 101 permit ip any any dscp 40 log
interface FastEthernet0/24
no switchport
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
mls qos trust dscp
end
Config Cat4
------------------
mls qos
access-list 1 permit any
class-map match-all IP
match access-group 1
policy-map fa0/24
class IP
set ip dscp cs5
interface FastEthernet0/24
switchport access vlan 111
switchport mode access
mls qos monitor dscp 0 8 16 24 32 40 48 56
service-policy input fa0/24
!
interface Vlan111
ip address 192.168.1.2 255.255.255.0
end
Just so we're counting packets in this example and not bytes - on Cat 4 I
add to fa0/13 "mls qos monitor packets"
Let's test it - we shall send traffic with a DSCP value of 32 (TOS byte
value of 128)
Cat3560-4#clear mls qos int fa0/24 statistics
Cat3560-3#clear ip access-list counters
Cat3560-3#ping ip
Target IP address: 192.168.1.2
Repeat count [5]: 1000
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]: 128
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/3/8 ms
Cat3560-3#sh ip access-lists
Extended IP access list 101
10 permit ip any any dscp cs5 log (2000 matches)
20 permit ip any any
FastEthernet0/24
Ingress
dscp: incoming no_change classified policed dropped (in pkts)
0 : 7 7 0 0 0
8 : 0 0 0 0 0
16: 0 0 0 0 0
24: 0 0 0 0 0
32: 1000 0 0 0 0
40: 0 0 1000 0 0
48: 0 0 0 0 0
56: 0 0 0 0 0
Others: 0 0 0 0 0
Egress
dscp: incoming no_change classified policed dropped (in pkts)
0 : 0 n/a n/a 0 0
8 : 0 n/a n/a 0 0
16: 0 n/a n/a 0 0
24: 0 n/a n/a 0 0
32: 0 n/a n/a 0 0
40: 1000 n/a n/a 0 0
48: 0 n/a n/a 0 0
56: 39 n/a n/a 0 0
Others: 0 n/a n/a 0 0
A bit of strangeness on the packet count on the ACL but I was more
interested in showing that return traffic was the same DSCP value as what it
was classified as when it entered Cat4
Cheers,
Adam
On Mon, Oct 4, 2010 at 2:56 AM, <dls152_at_cox.net> wrote:
> Adam,
>
> I would like to use MQC but how would I classify traffic from these ports?
> Match interface isn't option I only have acess-group, ip, or vlan. How can I
> classify this traffic from the interface?
>
>
> ---- Adam Booth <adam.booth_at_gmail.com> wrote:
> > Hi,
> >
> > To set the 802.1P value (Layer 2 CoS) value, you need to be using 802.1Q
> -
> > this is not possible on an access port (though if you are using a Cisco
> IP
> > phone, trunking will happen transparently using the Voice-VLAN feature if
> > configured but lets not go there)
> >
> > 3550s use the concept of an "internal DSCP" value for all frames that
> enter
> > the switch - even 802.1P CoS values get mapped to an internal DSCP which
> you
> > can see if you execute "sh mls qos maps cos-dscp"
> > By default ports are considered untrusted and therefore given an internal
> > DSCP of 0.
> > Upon egress from the switch, traffic will be placed into egress queues
> based
> > on the internal DSCP value
> > On the 3550, if you are carrying IP packets within those Layer 2 Frames
> you
> > will have the original IP DSCP value over-written with the internal DSCP
> > value
> > If you are egressing on a 802.1Q trunk, the 802.1P CoS value for the
> frame
> > will be written based on a dscp-cos mutation map.
> >
> > MQC would probably the be the best tool for what you want to do if you
> don't
> > trust the device coming in to have the correct DSCP value set - you can
> > force everything to have a particular DSCP value
> >
> > Cat3550-3#sh mls qos maps dscp-cos
> > Dscp-cos map:
> > d1 : d2 0 1 2 3 4 5 6 7 8 9
> > ---------------------------------------
> > 0 : 00 00 00 00 00 00 00 00 01 01
> > 1 : 01 01 01 01 01 01 02 02 02 02
> > 2 : 02 02 02 02 03 03 03 03 03 03
> > 3 : 03 03 04 04 04 04 04 04 04 04
> > 4 : 05 05 05 05 05 05 05 05 06 06
> > 5 : 06 06 06 06 06 06 07 07 07 07
> > 6 : 07 07 07 07
> >
> >
> > Looking at this, we can see internal DSCP values 40-47 match cos value 5
> (I
> > would probably pick DSCP 40 to use as the cos-dscp map associated cos
> value
> > 5 with internal DSCP 40)
> >
> > If you classify incoming traffic to be one of those DSCP values, it
> should
> > leave the switch on a trunk with a cos value of 5 (since the 3550 doesn't
> > support "no mls qos rewrite ip dscp" like 3560s do, the payload IP DSCP
> > values will be overwritten with the internal DSCP value)
> >
> > Remember when you are playing with qos on the switches, you need to
> enable
> > qos (mls qos) and unlike a router, show policy-map isn't actually going
> to
> > give you a useful output - so don't pull you hair out if things don't
> look
> > right there. The best you will be able to do on a 3550 is to add some
> > monitoring for particular internal DSCP values you want to match on such
> as
> > applying "mls qos monitor dscp 0 8 16 24 32 40 48 56" to the interface
> you
> > are interested in and then "show mls qos int <interfacename> statistics"
> >
> > Please note that the QoS behaviour between 3550 and 3560 does overlap a
> bit
> > but there are a number of differences you should be aware of since the
> CCIE
> > lab no longer uses the 3550.
> >
> > Cheers,
> > Adam
> >
> >
> >
> >
> > On Sun, Oct 3, 2010 at 4:17 AM, <dls152_at_cox.net> wrote:
> >
> > > Hello,
> > >
> > > I am trying to understand setting layer 2 cos on user interface. I have
> a
> > > machine that is connected to cisco 3550 on access port. I would like to
> set
> > > cos 5 on all the traffic that is coming out on this interface. I read
> in
> > > order to chance cos on packet you need 801.2q tag. I am thinking that
> the
> > > only way to get this tag is from a trunked port? But my user port is
> access
> > > port. Can this be done by just going to the access port and setting the
> cos
> > > on the interface? I did this but i am not sure if this is working
> because I
> > > am reading that the port has to be using 801.2q? Or can I use MQC and
> match
> > > the interface and then set the dscp value for all traffic coming out
> this
> > > interface?
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Oct 04 2010 - 08:00:01 ART
This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:05 ART