QoS on Cisco 3560

Unanswered Question
Dec 16th, 2008
User Badges:

Hi All,

I am having issues setting up and achieving the desired thoroughput after applying QoS. I would like to prioritze citrix application, but when our office uses FTP to transfer big files to another office, citrix users experience very slow network, even sometimes they can't use it while FTP is on. Attached is a trunkated running config and couple of show output detail. Please advise if there's anything to make it better? Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Tue, 12/16/2008 - 16:22
User Badges:
  • Super Bronze, 10000 points or more

Please fully describe the topology between offices.

shawkatalvi Tue, 12/16/2008 - 17:19
User Badges:

Offices are connected via ATM network. fa0/24 is the trunk port that connects to the ATM switch and to the other office. we use EIGRP. the WAN connection is 2mbps. Hope this helps.

Joseph W. Doherty Tue, 12/16/2008 - 17:53
User Badges:
  • Super Bronze, 10000 points or more

Yes that helps.

There are several things you'll want to do.

First, you need to shape your outbound interface to match the effective WAN bandwidth. There's a command to idle 3560/3750 Ethernet interfaces part of the time (srr-queue bandwidth limit), but it's not exact which is why you'll want to reduce the bandwidth to 10 Mbps.

Second, then configure the interface active usage command to somewhere between 1.5 to 1.6 Mbps (e.g. srr-queue bandwidth limit 15 assuming 10 Mbps).

Third, you have 4 egress queue you can work with. I recommend reserving queue one for (future) real-time traffic (priority-queue out), queue 2 for known bulk traffic (e.g. FTP), queue 3 for BE traffic, and queue 4 for mission-critical traffic (e.g. Citrix). You might try 10:1 bandwidth ratios between the non-RT queues, e.g. srr-queue bandwidth share 200 1 10 100.

Fourth, you'll need to insure, via markings, the correct traffic gets into the correct queue.

The Configuring QoS chapter in the configuraiton guide will provide additional details and examples concerning the commands I mentioned, above.

shawkatalvi Thu, 12/18/2008 - 15:58
User Badges:

Thanks for your reply. I will try out those options mentioned above. Can you suggest with the config that I posted should work?

Joseph W. Doherty Thu, 12/18/2008 - 16:19
User Badges:
  • Super Bronze, 10000 points or more

"Can you suggest with the config that I posted should work?"

You current configuration likely won't work effectively because it does not limit your outbound speed to be at, or less than, your WAN bandwidth.

Your input policy map and its markings are fine in principle, but I don't recall what the DSCP to default egress queue mappings are. For instance, BE and your bulk traffic might map into the same egress queue.

You've have redefined queue 1 to be an expediated queue, but again, I'm unsure DSCP EF will by default into it, although I suspect it would.

Without changing the default egress queue ratios, they'll all be 1:1:1. There's a good chance this might not be a critical issue; depends on how much bandwidth your non-bulk traffic needs.

shawkatalvi Mon, 12/22/2008 - 16:34
User Badges:

I am trying to put QoS on Cisco 3560 (WS-C3560-24PS 12.2(44)SE2 C3560-IPSERVICESK9-M). But I can't put egress policy on the interface. It doesn't support priority or bandwidth under the policy-map as well.Any alternative way to do that? My WAN link is 2Mbps.This is the config I am trying:

class-map match-any BULK

match access-group name QOS_bulk_data

class-map match-any VOICE_TRAFFIC

match access-group name QOS_voice

class-map match-any CRITICAL_DATA

match access-group name QOS_critical_data

class-map match-any VIDEO

match access-group name QOS_video

ip access-list extended QOS_bulk_data

remark QOS Classification for bulk data

permit tcp any any eq ftp

permit tcp any any eq ftp-data

permit tcp any any eq smtp

permit tcp any eq ftp any

permit tcp any eq ftp-data any

permit tcp any eq smtp any

permit tcp any eq www any

permit tcp any any eq www

permit tcp any eq 443 any

permit tcp any any eq 443

ip access-list extended QOS_critical_data

remark QOS Classification for critical data

permit tcp any any eq telnet

permit tcp any eq telnet any

permit tcp any any eq 1494

permit tcp any eq 1494 any

permit tcp any eq 2598 any

permit tcp any any eq 2598

ip access-list extended QOS_video

remark QOS Classification for video

ip access-list extended QOS_voice


policy-map WAN-Link


priority 64

class VIDEO

bandwith 64


bandwith 500

class Telnet-Traffic

bandwidth 64

class BULK

bandwidth 450

class Mail-Traffic

bandwidth 384

class class-default



This Discussion