QoS question

Unanswered Question
Feb 21st, 2009
User Badges:


I want to implement QoS in our network but I have a question. I've read that for non-ip traffic I have to perform the classification based on a configured Layer 2 MAC ACL. What does it mean? I need to mark the DSCP value in the access layer switches based on the destination IP and TCP port. Is this possible? or I have to mark the DSCP based on the MAC addresses?

Our access and distribution layers are 3750 switches, inter-vlan routing is performed in the distribution layer.

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
Giuseppe Larosa Sat, 02/21/2009 - 21:41
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Blai,

because you want to mark based on destination IP and TCP port you can use an IP ACL to define traffic to be marked

access-list 101 permit tcp eq 80

class-map web-traffic

match address 101

policy-map mark-traffic

class web-traffic

set dscp af21

then you can apply this inbound on physical port receiving traffic

int gix/y

service-policy input mark-traffic

or you can think to implement marking and policing at the SVI but I see it is not your case the device is a L2 access switch



So no problems your traffic is IP based and is handled by modular QoS.

You may need some thinking if you want also to limit traffic but if you just want to mark the example is fine.

Hope to help


octroncisco Sun, 02/22/2009 - 01:28
User Badges:

Thanks for the answer Giuseppe. But Is the traffic considered IP based in the access switches? The routing is performed in the distribution layer. I'm confused with the definition of "IP traffic" and "non-IP traffic" on the configuration guide. This guide say: "You can classify IP traffic by using IP standard or IP extended ACLs; you can classify non-IP traffic by using Layer 2 MAC ACLs."

Giuseppe Larosa Sun, 02/22/2009 - 03:11
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Blai,

you don't have an SVI and you can apply the service policy to physical interfaces but the switch is still a multilayer switch and is able to classify IP traffic.

A possible workaround to be sure to be in mulilayer mode can be:

enable ip routing

and just configure a

default static route

ip route gw

It should work you don't need a L3 access layer to perform marking based on IPv4 or TCP ports

I would try with no changes to your config (even with ip routing disabled if it is )

Hope to help


naveen_b81 Mon, 02/23/2009 - 00:55
User Badges:

The term IP traffic means the traffic which uses the IP(Internet Protocol) protocol suite. The term Non-IP traffic means the traffic which uses all other protocols like DECNET/VINES other than IP.


This Discussion