C3560E trying to mark ip packets in a 8021q interface

Answered Question
May 19th, 2010

Hi.

Somebody knows if there is a problem with the 3560E doing the policy base marking or I am doing something bad in the following configuration:

=====8021q======>(marking and PBR------VLAN INTERFACE-------)>=======PORT-CHANNEL3=========>

TENGIGA 0/1--------->----------------SW 3560E---------------------------->----------------PORT-CHANNEL(giga ethernet interfaces----------

policy-map DSCP_VLAN_3602
  class class-default
   set dscp af21
!
interface TenGigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 3
switchport trunk allowed vlan 3602,3603
switchport mode trunk
mls qos vlan-based
!

interface Port-channel3
  description ### Data-Grid ###
  no switchport
  ip address 192.168.3.2 255.255.255.0
  load-interval 30
  delay 100
  keepalive 1
!
interface Vlan3602
ip address 172.21.50.10 255.255.255.252
ip policy route-map TO_GRID_1_from_Suba
service-policy input DSCP_VLAN_3602
!
route-map TO_GRID_1_from_Suba permit 10
match ip address ANY_TCP
set ip next-hop 192.168.3.1
!
ip access-list extended ANY_TCP
permit tcp any any

I see not matches on the show policy-map interfaces and I dont see matches in an access list I configure out the Portchannel doing match to DSCP af21 so I can say that no mark is working, but downstream the packets are using the marck (AF21) to do another PBR and it seem it is working fine ( because the trafic is reaching the destination). So What are not seeing nothing marked here? 3560 have any problem with the statistics?

Thanks

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 6 months ago

p.diaz wrote:

Hi.

Somebody knows if there is a problem with the 3560E doing the policy base marking or I am doing something bad in the following configuration:

I see not matches on the show policy-map interfaces and I dont see matches in an access list I configure out the Portchannel doing match to DSCP af21 so I can say that no mark is working, but downstream the packets are using the marck (AF21) to do another PBR and it seem it is working fine ( because the trafic is reaching the destination). So What are not seeing nothing marked here? 3560 have any problem with the statistics?

Thanks

This is a well known limitation with the 3560 and 3750 switches. Because the packets are switched in hardware the 3560 switch does not keep acl or QOS policy map counters.

The best you can do on these switches is "sh mls qos interface statistics" which gives some general info on what is happening with QOS on the switch.

If you are happy that the packets are actually being marked correctly then it is nothing to worry about.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 05/19/2010 - 10:25

p.diaz wrote:

Hi.

Somebody knows if there is a problem with the 3560E doing the policy base marking or I am doing something bad in the following configuration:

I see not matches on the show policy-map interfaces and I dont see matches in an access list I configure out the Portchannel doing match to DSCP af21 so I can say that no mark is working, but downstream the packets are using the marck (AF21) to do another PBR and it seem it is working fine ( because the trafic is reaching the destination). So What are not seeing nothing marked here? 3560 have any problem with the statistics?

Thanks

This is a well known limitation with the 3560 and 3750 switches. Because the packets are switched in hardware the 3560 switch does not keep acl or QOS policy map counters.

The best you can do on these switches is "sh mls qos interface statistics" which gives some general info on what is happening with QOS on the switch.

If you are happy that the packets are actually being marked correctly then it is nothing to worry about.

Jon

p.diaz Wed, 05/19/2010 - 11:31

Very Good. Or need to say Very bad?

You cleared me

Thank you very much.

Actions

This Discussion