Carrying L2 CoS marking to router

Answered Question
Aug 27th, 2009

All,

This is more of a continuation yesterday. I set up an 871 series router connected to a 2950 switch. A host connects to the 2950 switch:

Host -> (f0/20)2950(f0/1) -> (fa0)871(fa4) -> out

I set up on port fa0/20 cos 5 like "mls qos cos 5"

On fa0/1, I'm trusting the marking (and may not need to because I think that's ingress), with "mls qos trust."

On the router, I set up a very simple class and policy map like:

class match-any DSCP

match cos 5

policy-map DSCP

class DSCP

set dscp af11

Two problems:

1.) While trying to apply the policy map to ANY of the interfaces, I get "'match cos' supported only with IEEE 802.1Q/ISL interfaces" I've tried to apply it to the trunk port that connects between the router and the switch also and in either direction.

2.) I've also tried a different class map that matches telnet traffic. I don't have any problems applying that policy map, but I don't get any hits for the tag.

I've also, instead of matching on cos 5, tried to match on dscp 40 since that's what my map shows on the switch:

Dscp-cos map:

dscp: 0 8 10 16 18 24 26 32 34 40 46 48 56

-----------------------------------------------

cos: 0 1 1 2 2 3 3 4 4 5 5 6 7

Cos-dscp map:

cos: 0 1 2 3 4 5 6 7

--------------------------------

dscp: 0 8 16 24 32 40 48 56

Does anyone have a good link on how these tags interconnect from L2 to L3 devices? I've found some documentation on the web, but most of it is L3 devices and the policy maps are created directly on the device that the host is attached to. I've also found some documentation referencing that the 2950 can support policy maps, but I have the latest IOS and I don't have this option either.

Thanks!

John

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 7 years 3 months ago

Hi John,

I haven't played with 2950 for quite some time and when I did - I always used the enhanced image.

I checked the documentation and it does not indicate any limitation on the standard image as far as creating class-maps:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/swqos.html#wp1045411

As for marking packets in Linux, I'm not sure how to do that but a quick google search provided this link:

http://www.voip-info.org/wiki/view/QoS+Linux

HTH,

__

Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
Giuseppe Larosa Thu, 08/27/2009 - 04:30

Hello John,

CoS 802.1p is carried within an 802.1Q header or an ISL header.

You need a router that supports vlan subinterfaces 802.1Q or ISL and you need to configure a L2 trunk on the switch side.

Hope to help

Giuseppe

Joseph W. Doherty Thu, 08/27/2009 - 04:50

John, I don't have a good single reference, but in brief, L2 CoS and L3 ToS are not directly related although devices that can work with both can make for a logical relationship between them.

The two also differ in that L2 CoS is only available within a tagged L2 frame, while L3 ToS is part of the IP header. (The former is likely why a device complained CoS was "supported only with IEEE 802.1Q/ISL interfaces" [in your #1].)

By default, most routers will leave L3 ToS alone, unless configured to change it. On Cisco switches, I believe L2 CoS is usually also left alone unless QoS enabled. If it is, Cisco switches tend to reset CoS (and ToS?) unless explictly configured to do otherwise. (NB: a pure L2 switch should leave L3 ToS alone, however "smart" L2 switches, often can work with L3 ToS in some manner, e.g. map L3 ToS to L2 Cos and the converse. Cisco's L3 switches seem to "inherit" "smart" L3 ToS features and then add some.)

With regard to using both L2 CoS and L3 ToS, the former only provides 3 priority bits, which used to easily be translated to/from the older ToS IP Precedense bits. With the newer DSCP ToS, usually you can translate to/from class selector bits (which correspond to the prior IP Precedence bits). E.g. CoS 5 would normally map to/from IP Prec 5 or CS5.

In your #2 example, I suspect you need to insure QoS is enabled on the switch to manipulate CoS/ToS. Plus, you would need to insure CoS/ToS is processed as you require. If, for example, the switch receives an incoming tagged frame with a CoS of 5, and then can insure the outgoing packet has the desired ToS value (in this case probably CS5), then the router should be able to match against that DSCP value. (You would also want to insure, that any network devices between the switch that translates the initial CoS to ToS don't reset ToS.)

For the other direction, from router to switches, you would likely again need to insure the ToS isn't reset, when you don't intend it to be. Then you can also use the ToS, to map down to a CoS, where needed. The latter, again, would only work where tagged frames are being used. (BTW, if the switch is really "smart", you might be able to support QoS, at L2, using the L3 ToS. I.e., you might not need to map the L3 ToS down to a L2 CoS except for switches where you need QoS that can't directly use the L3 ToS.)

John Blakley Thu, 08/27/2009 - 05:46

Great post Joseph, thanks!

I have 2950s that have the standard image, and therefore don't support class maps, policy maps, etc. It also doesn't support the global "mls qos" command, and I have to do it on the port that the host is on. I was trying to mark everything with CoS 5 to see if I could get any hits on my router, but I wasn't able to.

I'm not sure if the CoS command on the port actually does anything for the incoming traffic if it's configured as an access port. According to a post by Edison, the CoS tag generally is for trunks between switches. So tonight I'm going to see if I can mark anything on that port with a dscp marking, but I'm afraid I might not be able to.

Thanks,

John

Edison Ortiz Thu, 08/27/2009 - 05:54

So tonight I'm going to see if I can mark anything on that port with a dscp marking, but I'm afraid I might not be able to.

policy-map DSCP-MARKING

class class-default

set ip dscp 40

interface fx/x

service-policy input DSCP-MARKING

Edison Ortiz Thu, 08/27/2009 - 04:52

John,

If your host is just a typical PC, do not use the 'cos' for marking as the host will not send 802.1q header - you must mark with 'dscp'.

The 'cos' is mostly used for inter-switch links for trusting. For markings, 'dscp' is the best choice.

Best Practice implementation is discussed on this document:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoSDesign.html#wp998433

__

Edison.

John Blakley Thu, 08/27/2009 - 05:56

Edison,

This is a great document! I have a 2950 that only has the standard image though. So, I have two questions:

The 2950 Enhanced image supports class-maps, but I'm under the impression that this isn't an IOS version, but more of a model like the 2950G...am I correct?

Second, if the 2950 doesn't support setting DSCP, then the only thing that it can really do is trust the packet that it's receiving on the port with "mls qos trust dscp?" (if I have that option on this switch.)

If the above is the case, then that means the device needs to set the dscp marking. Um..how good are you with Linux? :) Can I falsify a marking under Linux to see this work?

Thanks,

John

Correct Answer
Edison Ortiz Thu, 08/27/2009 - 07:39

Hi John,

I haven't played with 2950 for quite some time and when I did - I always used the enhanced image.

I checked the documentation and it does not indicate any limitation on the standard image as far as creating class-maps:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/swqos.html#wp1045411

As for marking packets in Linux, I'm not sure how to do that but a quick google search provided this link:

http://www.voip-info.org/wiki/view/QoS+Linux

HTH,

__

Edison.

John Blakley Thu, 08/27/2009 - 07:48

Thanks Edison; here's where I found the following:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps628/prod_qas09186a008009258e.html

Q. What is the difference between the Cisco Standard Image software and Cisco Enhanced Image software?

A. These two software image versions support different degrees of capability. The version of software depends solely on the model of switch selected, with no upgrade capabilities.

The Cisco Standard Image software is embedded in Cisco Catalyst 2950 12, Catalyst 2950 24, Catalyst 2950SX 24, Catalyst 2950T 48 SI, and Catalyst 2950SX 48 SI Switches and supports basic Cisco IOS Software functions, Fast Ethernet connectivity, and community management.

The Cisco Enhanced Image software is embedded in Cisco Catalyst 2950C 24, Catalyst 2950G 12 EI, Catalyst 2950G 24 EI, Catalyst 2950G 48 EI, and Catalyst 2950T 24 Switches and supports advanced intelligent services, gigabit connectivity, and a richer set of features. These features include Spanning Tree Protocol enhancements for high availability, access control parameters (ACPs) for enhanced network security, and differentiated services code point (DCSP) and rate limiting for advanced QoS.

So, I don't think I can use dscp on my 2950 that I have, but I'm going to try the Linux solution and see if the router recognizes the marking that comes into it from the host.

Thanks!

John

Edison Ortiz Thu, 08/27/2009 - 07:52

John,

Excellent find on the difference between the 2 releases, 5 points for you :)

Actions

This Discussion