3750 ingress service-policy

Unanswered Question
Feb 18th, 2008

I'm using the Cisco QoS Baseline with an untrusted device with a softphone. Here are the class-maps and policy.

ip access-list extended SOFTWARE-BASED-ENDPOINT-SIGNALING

permit ip any any dscp cs3

ip access-list extended SOFTWARE-BASED-ENDPOINT-VIDEO

permit ip any any dscp af41

ip access-list extended SOFTWARE-BASED-ENDPOINT-VOICE

permit ip any any dscp ef

class-map match-all SOFTWARE-BASED-ENDPOINT-VIDEO

match access-group name SOFTWARE-BASED-ENDPOINT-VIDEO

class-map match-all SOFTWARE-BASED-ENDPOINT-VOICE

match access-group name SOFTWARE-BASED-ENDPOINT-VOICE

class-map match-all SOFTWARE-BASED-ENDPOINT-SIGNALING

match access-group name SOFTWARE-BASED-ENDPOINT-SIGNLAING

!

policy-map SOFTWARE-BASED-ENDPOINT

class SOFTWARE-BASED-ENDPOINT-VOICE

police 128000 8000 exceed-action drop

class SOFTWARE-BASED-ENDPOINT-VIDEO

police 50000000 8000 exceed-action policed-dscp-transmit

class SOFTWARE-BASED-ENDPOINT-SIGNALING

police 32000 8000 exceed-action policed-dscp-transmit

class class-default

set ip dscp default

all basic checks such as mls qos enabled etc checked.

The problem is that no packets are matched on the ingress policy from any softphone client.

Service-policy input: SOFTWARE-BASED-ENDPOINT

Class-map: SOFTWARE-BASED-ENDPOINT-VOICE (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name SOFTWARE-BASED-ENDPOINT-VOICE

Class-map: SOFTWARE-BASED-ENDPOINT-VIDEO (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name SOFTWARE-BASED-ENDPOINT-VIDEO

Class-map: SOFTWARE-BASED-ENDPOINT-SIGNALING (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name SOFTWARE-BASED-ENDPOINT-SIGNLAING

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps

Do i need to configure sdm prefer routing for this to function? The switch is running 12.2.40 enhanced image.

interface FastEthernetx/x/x

switchport access vlan x

switchport mode access

switchport voice vlan y

mls qos trust device cisco-phone

service-policy input SOFTWARE-BASED-ENDPOINT

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dankennedy Sun, 02/24/2008 - 13:21

Yes. I have since found out from Cisco that the show policy-map command does not work at all on the 3750 platform. In addition access-lists will also never be matched in this manner since "the processing is in hardware".

So why the SRND documentation provides configuration that cannot be verified is very strange. They say you should use the 'show mls qos interface statitics' command but that increments if you have a service-policy applied, trust or nothing so is basically useless!

mlinsemier Mon, 03/10/2008 - 12:29

I have ran into this as well.

You can use show mls qos interface statistics to see what's getting marked, but that's about it. It's not very helpful when you are trying to troubleshoot why traffic is not getting marked as it should.

Matt

dankennedy Mon, 03/10/2008 - 14:47

Actually its worse than you think. The 'show mls qos stats ' counters increase even if the port is not trusted, but packets from an end device are marked. So it doesn't show what packets are getting marked by the switch, just what came from the end device. Given that the switch should re-mark with 0 values this is not at all helpful. Conseqeuntly there is no record of how many packets the switch is marking.

Actions

This Discussion