02-21-2009 02:53 PM - edited 03-06-2019 04:09 AM
Hi,
I want to implement QoS in our network but I have a question. I've read that for non-ip traffic I have to perform the classification based on a configured Layer 2 MAC ACL. What does it mean? I need to mark the DSCP value in the access layer switches based on the destination IP and TCP port. Is this possible? or I have to mark the DSCP based on the MAC addresses?
Our access and distribution layers are 3750 switches, inter-vlan routing is performed in the distribution layer.
Thanks in advance
02-21-2009 09:41 PM
Hello Blai,
because you want to mark based on destination IP and TCP port you can use an IP ACL to define traffic to be marked
access-list 101 permit tcp 10.10.10.0 0.0.0.255 10.100.200.0 0.0.0.255 eq 80
class-map web-traffic
match address 101
policy-map mark-traffic
class web-traffic
set dscp af21
then you can apply this inbound on physical port receiving traffic
int gix/y
service-policy input mark-traffic
or you can think to implement marking and policing at the SVI but I see it is not your case the device is a L2 access switch
see
So no problems your traffic is IP based and is handled by modular QoS.
You may need some thinking if you want also to limit traffic but if you just want to mark the example is fine.
Hope to help
Giuseppe
02-22-2009 01:28 AM
Thanks for the answer Giuseppe. But Is the traffic considered IP based in the access switches? The routing is performed in the distribution layer. I'm confused with the definition of "IP traffic" and "non-IP traffic" on the configuration guide. This guide say: "You can classify IP traffic by using IP standard or IP extended ACLs; you can classify non-IP traffic by using Layer 2 MAC ACLs."
02-22-2009 03:11 AM
Hello Blai,
you don't have an SVI and you can apply the service policy to physical interfaces but the switch is still a multilayer switch and is able to classify IP traffic.
A possible workaround to be sure to be in mulilayer mode can be:
enable ip routing
and just configure a
default static route
ip route 0.0.0.0. 0.0.0.0 gw
It should work you don't need a L3 access layer to perform marking based on IPv4 or TCP ports
I would try with no changes to your config (even with ip routing disabled if it is )
Hope to help
Giuseppe
02-22-2009 11:10 PM
I'll try it. Thank you very much Giuseppe.
02-23-2009 12:55 AM
The term IP traffic means the traffic which uses the IP(Internet Protocol) protocol suite. The term Non-IP traffic means the traffic which uses all other protocols like DECNET/VINES other than IP.
02-23-2009 06:04 AM
Thank you for the explanation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide