3750 ingress service-policy

Unanswered Question
Feb 18th, 2008
User Badges:

I'm using the Cisco QoS Baseline with an untrusted device with a softphone. Here are the class-maps and policy.


ip access-list extended SOFTWARE-BASED-ENDPOINT-SIGNALING

permit ip any any dscp cs3

ip access-list extended SOFTWARE-BASED-ENDPOINT-VIDEO

permit ip any any dscp af41

ip access-list extended SOFTWARE-BASED-ENDPOINT-VOICE

permit ip any any dscp ef


class-map match-all SOFTWARE-BASED-ENDPOINT-VIDEO

match access-group name SOFTWARE-BASED-ENDPOINT-VIDEO

class-map match-all SOFTWARE-BASED-ENDPOINT-VOICE

match access-group name SOFTWARE-BASED-ENDPOINT-VOICE

class-map match-all SOFTWARE-BASED-ENDPOINT-SIGNALING

match access-group name SOFTWARE-BASED-ENDPOINT-SIGNLAING

!

policy-map SOFTWARE-BASED-ENDPOINT

class SOFTWARE-BASED-ENDPOINT-VOICE

police 128000 8000 exceed-action drop

class SOFTWARE-BASED-ENDPOINT-VIDEO

police 50000000 8000 exceed-action policed-dscp-transmit

class SOFTWARE-BASED-ENDPOINT-SIGNALING

police 32000 8000 exceed-action policed-dscp-transmit

class class-default

set ip dscp default


all basic checks such as mls qos enabled etc checked.


The problem is that no packets are matched on the ingress policy from any softphone client.


Service-policy input: SOFTWARE-BASED-ENDPOINT


Class-map: SOFTWARE-BASED-ENDPOINT-VOICE (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name SOFTWARE-BASED-ENDPOINT-VOICE


Class-map: SOFTWARE-BASED-ENDPOINT-VIDEO (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name SOFTWARE-BASED-ENDPOINT-VIDEO


Class-map: SOFTWARE-BASED-ENDPOINT-SIGNALING (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name SOFTWARE-BASED-ENDPOINT-SIGNLAING


Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps


Do i need to configure sdm prefer routing for this to function? The switch is running 12.2.40 enhanced image.


interface FastEthernetx/x/x

switchport access vlan x

switchport mode access

switchport voice vlan y

mls qos trust device cisco-phone

service-policy input SOFTWARE-BASED-ENDPOINT

end






  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joseph W. Doherty Fri, 02/22/2008 - 08:47
User Badges:
  • Super Bronze, 10000 points or more

Are you positive the "softphone" uses the DSCP markings you expect?

dankennedy Sun, 02/24/2008 - 13:21
User Badges:

Yes. I have since found out from Cisco that the show policy-map command does not work at all on the 3750 platform. In addition access-lists will also never be matched in this manner since "the processing is in hardware".


So why the SRND documentation provides configuration that cannot be verified is very strange. They say you should use the 'show mls qos interface statitics' command but that increments if you have a service-policy applied, trust or nothing so is basically useless!



mlinsemier Mon, 03/10/2008 - 12:29
User Badges:

I have ran into this as well.


You can use show mls qos interface statistics to see what's getting marked, but that's about it. It's not very helpful when you are trying to troubleshoot why traffic is not getting marked as it should.


Matt

dankennedy Mon, 03/10/2008 - 14:47
User Badges:

Actually its worse than you think. The 'show mls qos stats ' counters increase even if the port is not trusted, but packets from an end device are marked. So it doesn't show what packets are getting marked by the switch, just what came from the end device. Given that the switch should re-mark with 0 values this is not at all helpful. Conseqeuntly there is no record of how many packets the switch is marking.

Actions

This Discussion