QoS on trunked access links

Answered Question
Feb 3rd, 2010

I've been tasked with configuring QoS across the network of where I work.  Currently the configs have some legacy QoS statements on the switches for the voice VLAN but I'm not sure if they are working or not.  These statements are meant to only mark the voice traffic DSCP values.

The company I work for use Avaya VoIP phones and the switch access ports are configured as trunked ports.  When I performed show policy-map interface xxx and show access-lists it appears that nothing is hitting the access lists or the policy map.  Is this because the access-lists and policy-maps will only apply to the native VLAN or am I missing something?

Should the marking of the traffic happen on the router sub-interfaces?

Configs and show statements below.

Thanks in advance for your help.

Regards,

Bryce.

interface GigabitEthernet2/0/1                                   !My interface
description Connection to Avaya IP phone
switchport trunk encapsulation dot1q
switchport trunk native vlan 410
switchport trunk allowed vlan 210,410
switchport mode trunk
switchport port-security maximum 4
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape  3  0  0  0
priority-queue out
no cdp enable
spanning-tree portfast trunk
spanning-tree bpduguard enable
service-policy input mark_IPCOMM                         !Applied policy-map
end

policy-map mark_IPCOMM                                     !Policy-map
class VOICE_RTP
  set dscp ef
  police 176000 8000 exceed-action drop
class VOICE_CONTROL
  set dscp af31
  police 176000 8000 exceed-action drop
class class-default
  set dscp default
!

ip access-list extended VOICE                              !Relevant access-lists
permit udp any any range 2048 3327
ip access-list extended VOICE-CONTROL
remark Match VoIP Control Traffic
permit udp any any eq 1719
permit tcp any any eq 1720
!

sh policy-map interface gi2/0/1                              !Show commands - no packets and no bytes
GigabitEthernet2/0/1

  Service-policy input: mark_IPCOMM

    Class-map: VOICE_RTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name VOICE

    Class-map: VOICE_CONTROL (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name VOICE-CONTROL
        0 packets, 0 bytes
        5 minute rate 0 bps

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps

sh access-lists                                                        !No matches for access-lists
Extended IP access list VOICE
    10 permit udp any any range 2048 3327
Extended IP access list VOICE-CONTROL
    10 permit udp any any eq 1719
    20 permit tcp any any eq 1720

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 6 years 9 months ago

1) Closest to the source as possible - the answer is marking at ingress in the switchport

2) Correct

3) Only routers are able to shape traffic on egress. There are some switches that are able to shape on egress but require special WAN modules.

Please rate helpful posts!

Correct Answer by Edison Ortiz about 6 years 9 months ago

You won't see counters from show policy-map interface on switches as this task is performed in hardware while those are software counters.

If you have a 3560/3750 switch, the command show mls qos interface statistics will display hardware counters for dscp values.

In your case, these counters will be seen on egress as the ingress is performing the marking of the packets.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Edison Ortiz Wed, 02/03/2010 - 16:07

You won't see counters from show policy-map interface on switches as this task is performed in hardware while those are software counters.

If you have a 3560/3750 switch, the command show mls qos interface statistics will display hardware counters for dscp values.

In your case, these counters will be seen on egress as the ingress is performing the marking of the packets.

boxhallbr Wed, 02/03/2010 - 19:02

Edison,

Thanks for your quick response.  I'm able to see the required information now.

I have several other questions/clarifications regarding the upcoming QoS project and hopefully you can help.

1.  Should I continue marking the packets at the switch access ports?  This is best practice isn't it?  Or should I mark them at the router LAN port?

2.  Once the packet has been marked the dscp values will stay the same through to the router (as long as the command mls qos trust dscp is done etc).  Is this correct?

3.  Where should I apply the class-maps and policy-maps for shaping?  Is this then done at the router/layer 3 switch?

Thanks in advance.

Bryce.

Correct Answer
Edison Ortiz Thu, 02/04/2010 - 12:07

1) Closest to the source as possible - the answer is marking at ingress in the switchport

2) Correct

3) Only routers are able to shape traffic on egress. There are some switches that are able to shape on egress but require special WAN modules.

Please rate helpful posts!

Actions

This Discussion