01-21-2009 06:00 AM - edited 03-06-2019 03:33 AM
Hi,
I've configured QoS on a 3750 stack to classify / mark traffic as it enters the SVI Vlan interfaces (Voice/EF, Video, General etc.). Traffic seems to be working for some classes - e.g. EF, AF41, CS0 etc. as I see these packets hitting the next hop WAN router and matching another Outbound policy on the WAN interface.
However, on the 3750 stack I see zero counters on most of the classes/policy applied to the SVI Vlan interfaces.
Do I need to configure 'mls qos vlan-based' on every port associated with each Vlan including Trunk links.?
I did this on one port and now see the AF41 (Video) traffic hitting the WAN router but the policy that captures/marks this on the SVI is still at zero counters.?
Any help appreciated.
Basic config as follows:
class-map match-any marking_voice_EF
match ip dscp ef
class-map match-any marking_CS3
description Premium Apps (CS3)
match access-group name Net-Premium-Apps
class-map match-any marking_CS0
match access-group name Net-Bulk-Apps
class-map match-any marking_CS6
description Marking Net Protocols (CS6)
match access-group name Net-protocols
class-map match-any marking_AF41
description Marking Video/Priority Data (AF41)
match access-group name AF41-class
class-map match-any marking_AF23
description Marking Transactional Low (AF23)
match access-group name AF23-class
class-map match-any marking_AF22
description Marking Transactional Medium (AF22)
match access-group name AF22-class
class-map match-any marking_AF21
description Marking Transactional High (AF21)
match access-group name AF21-class
class-map match-any marking_AF31
description Marking Mission Critical (AF31)
match access-group name AF31-class
policy-map lan_marking
class marking_voice_EF
set ip dscp ef
class marking_AF41
set ip dscp af41
class marking_AF31
set ip dscp af31
class marking_AF21
set ip dscp af21
class marking_AF22
set ip dscp af22
class marking_AF23
set ip dscp af23
class marking_CS6
set ip dscp cs6
class marking_CS3
set ip dscp cs3
class marking_CS0
set ip dscp default
* Various ACL's exist for classification.
interface Vlan5
ip address xxx.xxx.xxx.xxx
service-policy input lan_marking
!
interface Vlan10
ip address xxx.xxx.xxx.xxx
service-policy input lan_marking
Thanks
John
01-21-2009 06:03 AM
John
What command are you using to view the hits ?
There is an issue with 3560/3750 in that they do not keep counters for QOS/ACL's switched in hardware. Next best command is
sh mls qos interface
Jon
01-21-2009 06:37 AM
Hi Jon,
Thanks for the reply.
I',m using the 'show policy-map inteface vlan xxx' command which shows mostly zero counters on all vlans (see sample below). The 'show mls qos int stats' only shows physical interfaces and not SVI's.
If this is an issue with the switch that's fine I'll open a TAC case.
The QoS marking on the 3750 seems to be working as I see the QoS policy being hit for most classes on the next hop WAN router - although a few on there have zero counters as well - AF21/22/23 classes.?
Am I corect in saying the 'mls qos vlan-based' command should still be set on all physical interfaces on the 3750.?
Cheers...John
#sho policy-map interface vlan 11
Vlan11
Service-policy input: lan_marking
Class-map: marking_voice_EF (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: marking_AF41 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name AF41-class
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: marking_AF31 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name AF31-class
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: marking_AF21 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name AF21-class
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: marking_AF22 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name AF22-class
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: marking_AF23 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name AF23-class
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: marking_CS6 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name Net-protocols
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: marking_CS3 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name Net-Premium-Apps
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: marking_CS0 (match-any)
1179 packets, 140452 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name Net-Bulk-Apps
1179 packets, 140452 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
6 packets, 462 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
6 packets, 462 bytes
5 minute rate 0 bps
01-21-2009 08:20 AM
John
Yes, the sh policy-map command is a well known issue wirh 3560/3750 switches, see -
"Am I corect in saying the 'mls qos vlan-based' command should still be set on all physical interfaces on the 3750.?"
As far as i know, yes you need to add this to all ports.
Jon
01-21-2009 09:29 AM
Thanks again Jon. That's really helpful.
Just one thing on the 'msl qos vlan-based' command...
I'm using Cisco phones with Auto-Qos configured on each port. According to the Cisco 3750 docs it states that by enabling 'msl qos vlan-based' on a port the switch removes all inteface policy maps - which I don;t think is what I want.?
Here's the actually note:
"If VLAN-based QoS is configured on a physical port, the switch removes all the port-based policy maps on the port. The traffic on this physical port is now affected by the policy map attached to the SVI to which the physical port belongs. "
Cheers again
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: