RE: MLS QoS

Did anybody reply today?
I'm not seeing any mails
Regards,

Gaston

> From: markom_at_ipexpert.com
> Date: Wed, 13 Feb 2013 15:45:14 -0800
> Subject: Re: MLS QoS
> To: renorider_at_gmail.com
> CC: tom.kac_at_gmail.com; ccielab_at_groupstudy.com
>
> I also believe we have on our blog an article written by Vik Malhi
> that touches on this subject:
>
> This is part #1 of a 3-part series:
>
>
http://blog.ipexpert.com/2011/05/16/campus-qos-part-1-classification-and-mark
ing-on-the-catalyst-3750/
>
> --
> Marko Milivojevic - CCIE #18427 (SP R&S)
> Senior CCIE Instructor / Managing Partner - IPexpert
>
> On Wed, Feb 13, 2013 at 1:32 PM, marc edwards <renorider_at_gmail.com> wrote:
> > Tom,
> >
> > That is right on spot. I will test and let you know.
> >
> > Regards,
> >
> > Marc
> >
> > On Wed, Feb 13, 2013 at 12:20 PM, Tom Kacprzynski <tom.kac_at_gmail.com>
wrote:
> >> Marc,
> >> If I understand what you are trying to do try this:
> >>
> >>
> >> ip access-list extended EF
> >> deny ip 10.1.1.0 0.0.0.255 any dscp ef
> >> permit ip any any dscp ef
> >>
> >> ip access-list extended KNOWN-ACL
> >> permit ip 10.1.1.0 0.0.0.255 any dscp ef
> >>
> >>
> >>
> >> class-map match-all VOIP
> >> match access-group name EF
> >>
> >> class-map match-all KNOWN-APP
> >> match access-group name KNOWN-ACL
> >>
> >>
> >>
> >> policy-map POLICE
> >> class VOIP
> >> police 128000 8000 exceed-action drop
> >> trust dscp
> >> class KNOW-APP
> >> trust dscp
> >>
> >>
> >>
> >> interface FastEthernet0/1
> >> service-policy input POLICE
> >>
> >> ..I think what you are missing is that you can set trust setting on each
> >> class-map. I hope that's what you were looking for. I haven't tested the
> >> config, just for syntax. Let me know if that works for you. I used 3560
> >> Catalyst for this.
> >>
> >>
> >> Thanks
> >>
> >> Tom
> >>
> >>
> >>
> >>
> >>
> >> On Wed, Feb 13, 2013 at 1:10 PM, marc edwards <renorider_at_gmail.com>
wrote:
> >>>
> >>> ip access list extended EF deny ip 10.1.1.0 0.0.0.255 any dscp EF
> >>> <---known so bypass policer
> >>> ip access list EF permit ip any any dscp EF <--- unknown so police
> >>>
> >>> class-map VOICE
> >>> match access-group EF
> >>>
> >>> policy-map POLICE
> >>> class VOICE <Corrected
> >>> police 128 k 8000
> >>>
> >>> On Wed, Feb 13, 2013 at 11:09 AM, marc edwards <renorider_at_gmail.com>
> >>> wrote:
> >>> > BTW disappointed to find out 2960 doesn't have ingress queuing :(
keep
> >>> > that in mind
> >>> >
> >>> > On Wed, Feb 13, 2013 at 11:08 AM, marc edwards <renorider_at_gmail.com>
> >>> > wrote:
> >>> >> Thanks Tom. I am looking for a way to trust known apps w/out policer
> >>> >> but trust unknown apps w/policer AKA
> >>> >>
> >>> >> ip access list extended EF deny ip 10.1.1.0 0.0.0.255 any dscp EF
<---
> >>> >> known so bypass policer
> >>> >> ip access list EF permit ip any any dscp EF
> >>> >>
> >>> >> class-map VOICE
> >>> >> match access-group EF
> >>> >>
> >>> >> policy-map POLICE
> >>> >> class EF
> >>> >> police 128 k 8000
> >>> >>
> >>> >> Then trust all markings but have a policer to ward off any apps we
> >>> >> don't want hogging pipe. Does that make sense?
> >>> >>
> >>> >> Marc
> >>> >>
> >>> >> On Wed, Feb 13, 2013 at 10:37 AM, Tom Kacprzynski
<tom.kac_at_gmail.com>
> >>> >> wrote:
> >>> >>> I believe you'll be able to do that as long as your policy-map does
> >>> >>> not have
> >>> >>> any classification included. I think if it does, once you apply the
> >>> >>> policy-map it will remove the port trust.
> >>> >>> Can you send the policy-map?
> >>> >>>
> >>> >>> Thanks
> >>> >>>
> >>> >>>
> >>> >>> Tom Kacprzynski
> >>> >>>
> >>> >>>
> >>> >>> On Sat, Feb 9, 2013 at 8:40 PM, marc edwards <renorider_at_gmail.com>
> >>> >>> wrote:
> >>> >>>>
> >>> >>>> Can I trust and have service-policy policer work togethers?
> >>> >>>>
> >>> >>>> Is the following config kosher?
> >>> >>>>
> >>> >>>> !
> >>> >>>> interface GigabitEthernet1/0/1
> >>> >>>> switchport access vlan 7
> >>> >>>> srr-queue bandwidth share 10 10 60 20
> >>> >>>> priority-queue out
> >>> >>>> mls qos trust dscp
> >>> >>>> service-policy input INTOPORT
> >>> >>>> !
> >>> >>>>
> >>> >>>>
> >>> >>>> Blogs and organic groups at http://www.ccie.net
> >>> >>>>
> >>> >>>>
> >>> >>>>
Received on Thu Feb 14 2013 - 14:15:44 ART