Marking DSCP on 3560

Unanswered Question
Jul 2nd, 2009
User Badges:

Hi,


I am trying to use a policy map on a 3560 L2 interface for marking all traffic. Based on sniffer captures the config I have doesn't seem to be working. Any suggestions are greatly appreciated.


Many tkank's


following the configuration


mls qos

!

!

class-map match-any toto-visio

match any

!

!

policy-map toto-policy

class toto-visio

set dscp cs2

!

interface FastEthernet0/41

mls qos trust dscp

service-policy input toto-policy-visio

!



...#sh mls qos interface fa0/41

FastEthernet0/41

Attached policy-map for Ingress: toto-policy-visio

trust state: trust dscp

trust mode: trust dscp

trust enabled flag: ena

COS override: dis

default COS: 0

DSCP Mutation Map: Default DSCP Mutation Map

Trust device: none

qos mode: port-based



...#sh policy-map interface

FastEthernet0/41


Service-policy input: toto-policy-visio


Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joseph W. Doherty Thu, 07/02/2009 - 04:00
User Badges:
  • Super Bronze, 10000 points or more

Latest 3560 QoS configuration guide documentation doesn't list "match any". Didn't check command reference doc, although did look to see if "match any" (in configuration guide) documented as not supported, (which I didn't find it was).


From your config it appears you want to mark all traffic from that port's ingress as DSCP CS2, if so, you might not need an explicit class-map nor trust port DSCP.


Don't have a 3560 in front of me to test with at the moment, but see if this config is accepted:


policy-map toto-policy

class class-default

set dscp cs2

!

interface FastEthernet0/41

service-policy input toto-policy


BTW:


This looks bad:


"class-map match-any toto-visio

match any

!

!

policy-map toto-policy

class toto-visio

set dscp cs2

!

interface FastEthernet0/41

mls qos trust dscp

service-policy input toto-policy-visio"




fernandezj Thu, 07/02/2009 - 06:08
User Badges:

Oups...

I Clean my configuration...but is not ok..

New configuration:

!

policy-map toto-policy-visio

class class-default

set ip dscp cs2

!

interface FastEthernet0/41

mls qos trust dscp

service-policy input toto-policy-visio

!

..


Thanks for your help






Edison Ortiz Thu, 07/02/2009 - 06:55
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Jerome,


You don't need the 'mls qos trust dscp' on the interface if you are remarking every single packet entering the interface as CS2.


A trust is applied when you want to honor the DSCP marking from the directly connected device, not when you want to remark it per your example.


As for capturing the information, 'show mls qos int fx/x stat' will provide the information you need. On 35xx switches, the 'show policy-map interface' won't provide any hits.


In your case, you will see hits for DSCP 16 on switchports with 'mls qos trust dscp' enabled or with a service-policy (please understand the differences).


Per your example, you won't see hits against DSCP 16 on switchport F0/41 incoming as the packet is marked after entering the switchport but you will see hits against DSCP 16 on returning traffic.


Here is a little example:


R1 (f0/0)<-->(f0/1) SW1 (f0/15)<--> (f0/15) SW2


SW1 config:


mls qos

!

!

policy-map DSCP-16

class class-default

set dscp cs2

!

interface FastEthernet0/1

switchport access vlan 18

switchport mode access

service-policy input DSCP-16

!

interface FastEthernet0/15

switchport access vlan 18

switchport mode access

mls qos trust dscp

!


Troubleshooting:


sh mls qos int f0/1 st | i 15 - 19

15 - 19 : 0 0 0 0 0

15 - 19 : 0 99929 0 0 0


!

!

!

sh mls qos int f0/15 st | i 15 - 19

15 - 19 : 0 100037 0 0 0

15 - 19 : 0 100039 0 0 0


HTH,


__


Edison.


Actions

This Discussion