RE: checking DSCP marking on the traffic

All,

Thanx for the response.. I think access-list is the best option.

One more question..Where do we need to apply the command "mls qos trust dscp"
Inbound or outbound interface to preserve the DSCP marking ?

Rgds
Bala

From: Joe Astorino [mailto:joeastorino1982_at_gmail.com]
Sent: Friday, September 09, 2011 1:18 AM
To: James Poplawski
Cc: BALAKRISHNAN Balaji; ccielab_at_groupstudy.com
Subject: Re: checking DSCP marking on the traffic

I agree a good way to do this is to create an ACL with logging in the transit
path like below.

! ACL MATCHES WHATEVER DSCP YOU ARE LOOKING FOR
access-list 101 permit ip any any dscp 26 log
access-list 101 permit ip any any dscp 34 log
access-list 101 permit ip any any dscp 46 log
access-list 101 permit ip any any
!
int fa0/0
 ! APPLY TO TRANSIT ROUTER
 ip access-group 101 in
On Thu, Sep 8, 2011 at 6:15 PM, James Poplawski
<jb.poplawski_at_gmail.com<mailto:jb.poplawski_at_gmail.com>> wrote:
Can you implement an acl in transit somewhere? Permit a route any any
eq dscp af41 and then permit ip any any?

Sent from my iPhone

On Sep 8, 2011, at 5:12 PM, BALAKRISHNAN Balaji
<Balaji.BALAKRISHNAN_at_swift.com<mailto:Balaji.BALAKRISHNAN_at_swift.com>> wrote:

> Problem is I can't do show command on the originating switch.. I want to
check on the intermediate router or switch to confirm that the dscp marking
is preserved and not lost during the transit.
> No wireshark is not an option.
>
> Rgds
> Bala
>
>
>> -----Original Message-----
>> From: JB Poplawski
[mailto:jb.poplawski_at_gmail.com<mailto:jb.poplawski_at_gmail.com>]
>> Sent: Thursday, September 08, 2011 5:57 PM
>> To: BALAKRISHNAN Balaji
>> Cc: ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>
>> Subject: Re: checking DSCP marking on the traffic
>>
>> Well the hitcounts should show you it's happening. Narbik has a good
>> lab where you create an ACL with every marking and perform various
>> pings.
>>
>> The other option would be to span a port and use Wireshark. By the
>> way you worded that last comment, I'm assuming that's what you meant.
>> http://www.wireshark.org/
>>
>>
>> On Thu, Sep 8, 2011 at 4:52 PM, BALAKRISHNAN Balaji
>> <Balaji.BALAKRISHNAN_at_swift.com<mailto:Balaji.BALAKRISHNAN_at_swift.com>>
wrote:
>>> Thanx..
>>>
>>> But I am looking for something that shows that marking on the traffic
>>>
>>>
>>>
>>>> -----Original Message-----
>>>> From: JB Poplawski
[mailto:jb.poplawski_at_gmail.com<mailto:jb.poplawski_at_gmail.com>]
>>>> Sent: Thursday, September 08, 2011 5:20 PM
>>>> To: BALAKRISHNAN Balaji
>>>> Subject: Re: checking DSCP marking on the traffic
>>>>
>>>> show policy-map int
>>>>
>>>> You should see hit counts on the show commands.
>>>> JB
>>>>
>>>>
>>>> On Thu, Sep 8, 2011 at 3:49 PM, BALAKRISHNAN Balaji
>>>> <Balaji.BALAKRISHNAN_at_swift.com<mailto:Balaji.BALAKRISHNAN_at_swift.com>>
wrote:
>>>>> Hi all,
>>>>>
>>>>> Struggling to find any show or debug commands that would tell you the
DSCP
>>>>> setting/marking on the traffic. Following is the sample configs,
>>>>>
>>>>>
>>>>> policy-map PM-FIN
>>>>> class class-default
>>>>> set ip dscp af11
>>>>> !
>>>>> interface GigabitEthernet1/3
>>>>> service-policy input PM-FIN
>>>>> !
>>>>> class-map match-all CM-FIN
>>>>> match ip dscp af11
>>>>> !
>>>>> policy-map PM-child
>>>>> class CM-FIN
>>>>> bandwidth percent 40
>>>>> class class-default
>>>>> bandwidth percent 60
>>>>> !
>>>>> policy-map PM-parent
>>>>> class class-default
>>>>> shape average 1000000
>>>>> service-policy PM-child
>>>>>
>>>>> !
>>>>> interface GigabitEthernet0/3
>>>>> service-policy output PM-parent
>>>>>
>>>>>
>>>>>
>>>>> How do I verify that the traffic coming on the Gig 1/3 correctly marked
with
>>>>> af11 and correctly matched by the class CM-FIN ??
>>>>>
>>>>> Thanx for the help.
>>>>>
>>>>>
>>>>> Rgds
>>>>> Bala
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Sep 10 2011 - 00:40:59 ART