QoS question

Unanswered Question
Feb 21st, 2009

Hi,


I want to implement QoS in our network but I have a question. I've read that for non-ip traffic I have to perform the classification based on a configured Layer 2 MAC ACL. What does it mean? I need to mark the DSCP value in the access layer switches based on the destination IP and TCP port. Is this possible? or I have to mark the DSCP based on the MAC addresses?


Our access and distribution layers are 3750 switches, inter-vlan routing is performed in the distribution layer.


Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
Loading.
Giuseppe Larosa Sat, 02/21/2009 - 21:41

Hello Blai,


because you want to mark based on destination IP and TCP port you can use an IP ACL to define traffic to be marked


access-list 101 permit tcp 10.10.10.0 0.0.0.255 10.100.200.0 0.0.0.255 eq 80


class-map web-traffic

match address 101


policy-map mark-traffic


class web-traffic

set dscp af21


then you can apply this inbound on physical port receiving traffic


int gix/y

service-policy input mark-traffic


or you can think to implement marking and policing at the SVI but I see it is not your case the device is a L2 access switch



see


http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swqos.html#wp1730425


So no problems your traffic is IP based and is handled by modular QoS.


You may need some thinking if you want also to limit traffic but if you just want to mark the example is fine.


Hope to help

Giuseppe


octroncisco Sun, 02/22/2009 - 01:28

Thanks for the answer Giuseppe. But Is the traffic considered IP based in the access switches? The routing is performed in the distribution layer. I'm confused with the definition of "IP traffic" and "non-IP traffic" on the configuration guide. This guide say: "You can classify IP traffic by using IP standard or IP extended ACLs; you can classify non-IP traffic by using Layer 2 MAC ACLs."

Giuseppe Larosa Sun, 02/22/2009 - 03:11

Hello Blai,

you don't have an SVI and you can apply the service policy to physical interfaces but the switch is still a multilayer switch and is able to classify IP traffic.


A possible workaround to be sure to be in mulilayer mode can be:


enable ip routing

and just configure a

default static route

ip route 0.0.0.0. 0.0.0.0 gw


It should work you don't need a L3 access layer to perform marking based on IPv4 or TCP ports


I would try with no changes to your config (even with ip routing disabled if it is )


Hope to help

Giuseppe


naveen_b81 Mon, 02/23/2009 - 00:55

The term IP traffic means the traffic which uses the IP(Internet Protocol) protocol suite. The term Non-IP traffic means the traffic which uses all other protocols like DECNET/VINES other than IP.

Actions

This Discussion