03-24-2010 12:29 PM - edited 03-06-2019 10:18 AM
Hi folks:
3550 switch running 12.2.35 SE5
Have this QoS config:
ip access-list extended DATA
permit udp any any eq netbios-ns
permit udp any any eq netbios-dgm
permit udp any any eq netbios-ss
permit tcp any any eq telnet
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq 22
permit tcp any any eq ftp
class-map match-any DATA_CLASS_MAP
match access-group name DATA
!
!
policy-map SET_DSCP_MICROSOFT_TRAFFIC
class DATA_CLASS_MAP
set dscp af41
!
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
speed 100
duplex full
service-policy input SET_DSCP_MICROSOFT_TRAFFIC
I plugged my laptop into fa0/3 and generated all kinds of traffic to match the ACL for the class map...ran some telnets, pings, opened windows explorer, ran telnet on port 80, etc...
But I get no hits on the service policy on that interface:
Switch1#sh policy-map interface fa0/3 input
FastEthernet0/3
Service-policy input: SET_DSCP_MICROSOFT_TRAFFIC
Class-map: DATA_CLASS_MAP (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name DATA
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
3550#
How come?
Thanks
03-24-2010 12:33 PM
use the show mls qos interface fa0/3 statistics .
03-24-2010 01:00 PM
3550#show mls qos interface fa0/3 statistics
FastEthernet0/3
Ingress
dscp: incoming no_change classified policed dropped (in bytes)
Others: 0 0 0 0 0
Egress
dscp: incoming no_change classified policed dropped (in bytes)
Others: 0 n/a n/a 0 0
3550#
Nothing......
03-24-2010 01:09 PM
might sound stupid. Did you enable qos using mls qos?
03-24-2010 01:17 PM
Not stupid at all...I forgot to enable qos...
Now that I did, this is what I get:
3550#SH POLICy-map interface fa0/3 input
FastEthernet0/3
Service-policy input: SET_DSCP_MICROSOFT_TRAFFIC
Class-map: DATA_CLASS_MAP (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name DATA
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
3550#
3550#
3550#
3550#
3550#show mls qos interface fa0/3 statistics
FastEthernet0/3
Ingress
dscp: incoming no_change classified policed dropped (in bytes)
Others: 262 0 262 0 0
Egress (??)
dscp: incoming no_change classified policed dropped (in bytes)
Others: 6283 n/a n/a 0 0
3550#
I didnt set any egree policy......and I dont understand how to read this output..and it also seems to contradict the first command output...
03-24-2010 01:17 PM
Hi ex-engineer,
You need to
1, make sure qos is enabled.
2, configure mls qos monitor dscp 34 under the interface, and use the above command to check if traffic been marked to af41.
HTH,
Lei Tian
03-24-2010 01:28 PM
Have a look at this link.
http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml
03-24-2010 01:29 PM
3550#show mls qos interface fa0/3 statistics
FastEthernet0/3
Ingress
dscp: incoming no_change classified policed dropped (in bytes)
34: 0 0 0 0 0
Others: 522 0 522 0 0
Egress
dscp: incoming no_change classified policed dropped (in bytes)
34: 0 n/a n/a 0 0
Others: 40299 n/a n/a 0 0
thanks
I still dont understand how to interpret these statistics...what is this telling me?
03-24-2010 01:32 PM
And why no stats using this command
sh policy-map int fa0/3 input
FastEthernet0/3
Service-policy input: SET_DSCP_MICROSOFT_TRAFFIC
Class-map: DATA_CLASS_MAP (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name DATA
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
03-24-2010 01:56 PM
The QoS marking and ACL are done by hardware, or the ASIC. The show policy-map interface will not be able to capture the counter correctly, same is true for 3750s. This is one of the gotcha on these platform.
Regrading the meaning of the output,
dscp: incoming no_change classified policed dropped (in bytes)
incoming: number of packets enter this interface that have dscp 34
no_change: number of packets keep dscp 34 after qos process
classified: number of packet been classified to dscp 34
For your case, your output shows none packet been marked as af41.
HTH,
Lei Tian
03-24-2010 01:40 PM
The packets are coming in with a DSCP other that 34 and is getting marked at the ingress. That is why it zero everywhere and non-zero for other.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: