3750 remarking dscp voice packets?

Unanswered Question


I have a CallManager 5.x connected to a 3750 stack with auto-qos enabled. Also off that stack, on another VLAN, I have my router connecting across the WAN. However, my service-policy on the router serial interface indicates that no control packets marked with eitehr COS3 or AF31 are coming in. "Show mls qos interface stat" on the 3750 shows packets coming in from CM marked with AF24 (CS3), however, the output of the 3750 port towards the router doesn't indicate packets with those same markings being transmitted towards the router. It appears as though the 3750 stack is re-writing the DSCP values for call-control. I have not done any QoS config on the 3750 interface VLANS. Does anyone have any idea? Please see the attached notepad for better illustrative purposes. THANKS!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
hadbou Fri, 03/07/2008 - 08:51
User Badges:
  • Bronze, 100 points or more

DiffServ is one of two QoS architectures for IP networks defined by the IETF. In this model, packets entering a DiffServ-enabled network are grouped into a small number of classes. For example, VoIP packets can be grouped into the premium class, while e-commerce HTTP packets are grouped into the gold class, and so on. Furthermore, each class has a color or mark associated with it. This makes packet classification extremely scalable and assures appropriate bandwidth and delay guarantees in the network core. Thus, when they enter the network, packets are marked based on classification policies at the network boundary nodes. The boundary nodes also apply traffic conditioning functions to control the amount of traffic entering the network. Traffic conditioning includes shaping (smoothing the rate at which packets are sent into the network) and policing (dropping packets that are in excess of a subscribed-to rate; or re-coloring the ones exceeding the rate, so that the probability of dropping them increases when there is congestion in the core). Each node within the network then applies different queuing and dropping policies on every packet based on the marking that packet carries.

mlinsemier Mon, 03/10/2008 - 12:25
User Badges:

Typically for both CallManager and Routers, you will want to trust DSCP rather than COS. The outgoing queue indicates that all of your traffic is being marked as COS 0 for that port as it is put on the wire.

A few things:

1) If you are going to stick with AutoQOS, try trusting DSCP on the CallManager and Router ports using mls qos trust dscp.

2) Use a service policy to map traffic:

class-map match-all VOICE

match access-group name RTP

class-map match-any SIGNALING

match access-group name SIGNALING

class-map match-any ROUTING

match ip dscp cs6

policy-map Mark-DSCP


set dscp cs6

class VOICE

set dscp ef


set dscp cs3

class class-default

set dscp default

ip access-list extended RTP

permit udp any any range 16383 32767

ip access-list extended SIGNALING

remark *** H245 ***

permit tcp any any range 11000 11999

permit tcp any range 11000 11999 any

remark *** H323 ***

permit udp any any range 1718 1719

permit tcp any range 1718 1719 any

permit tcp any any range 1720 1721

permit tcp any range 1720 1721 any

remark *** MGCP ***

permit udp any any eq 2427

permit udp any eq 2427 any

permit tcp any any eq 2428

permit tcp any eq 2428 any

permit udp any any eq 2727

permit udp any eq 2727 any

remark *** SCCP ***

permit tcp any any range 2000 2002

permit tcp any range 2000 2002 any

remark *** SIP ***

permit udp any any eq 5060

permit udp any eq 5060 any

permit tcp any any eq 5060

permit tcp any eq 5060 any

remark *** UCCX ***

permit tcp any any eq 2748

permit tcp any eq 2748 any

permit tcp any any eq 42027

permit tcp any eq 42027 any

remark *** RTSP ***

permit tcp any any eq 554

permit tcp any eq 554 any

permit udp any any eq 554

permit udp any eq 554 any

permit tcp any any eq 7070

permit tcp any eq 7070 any

permit udp any any eq 7070

permit udp any eq 7070 any

interface GigabitEthernet1/0/14

service policy input Mark-DSCP

interface GigabitEthernet1/0/23

service policy input Mark-DSCP

Hope this helps.


chrclark Wed, 03/12/2008 - 13:15
User Badges:
  • Cisco Employee,

The above recommendation to trust DSCP is a good one. Enabling mls qos in a switch also means that ports are NOT trusted unless specifically configured to do so. Not being trusted means the switch rewrites everything to 0 that is not trusted.

Also, just as an FYI --

DSCP is in the Layer 3 IP header, so it will go end-end.

COS is in the layer 2 VLAN header and only seen where packets trunked.

Trust DSCP per the QOS SRND( solution reference network design ).


Here is a list of all the design guides.



This Discussion