×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

QoS issue

Unanswered Question
Sep 14th, 2014
User Badges:

I have a network with two sites. Both site has the 3750 as a the core switch. One site is running code 12.2(50)SE2  and other site is running code  12.2(58)SE2 .

Site P - QoS working fine. 12.2(58)SE2

Site W - QoS not working. 12.2(50)SE2

Site P,

 WAN - Core Switch - Access Switches.

Core Switch configured with Service Policy - Class Map - Access list

Service policy is applied in all the interfaces on the core switch.

Access switch is configured with mls qos trust dscp.

Voice server is connected to core switch and packet capture shows marking is right as per the classification.

Site W,

WAN- CoreSwitch- Access Switches - Access switch

Core Switch configured with Service Policy - Class Map - Access list

Service policy is applied in all the interfaces on the core switch and some interfaces also has mls qos trust dscp command.

Access switch are not configured with any trust command.

I have run the Wireshark on Core Switch WAN port and no Marking being detected.

Access List on both places:

Extended IP access list Real_time_queue
    10 permit udp any any range 2300 2363
    20 permit udp any any range 5200 5391
    30 permit udp any any range 5400 5439
    40 permit tcp any any range 5400 5439
    50 permit udp any any range 20480 20511
    60 permit udp any any range 16384 32767
    70 permit tcp any host 10.6.1.241 range 49152 57500
    80 permit udp any host 10.6.1.241 range 49152 57500

Class Map

 Class Map match-any Real (id 2)
   Match access-group name Real_time_queue

  Policy Map DSCP_Marking
    Class Real
      set dscp ef

 

Interface configuration on W SITE

 

interface FastEthernet1/0/1
 description link to 2960 Access Switch.
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode on
 service-policy input DSCP_Marking
!
interface FastEthernet1/0/2
 description PC and VoIP
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 120
 switchport trunk allowed vlan 120,220
 switchport mode trunk
 switchport voice vlan 220
 mls qos trust dscp
 spanning-tree portfast
 service-policy input DSCP_Marking

 

I am not sure what is going wrong as configuration on both side is mostly identical .

 

If someone has any idea please let me know.

 

Kind Regards,

Nilay Vyas.

 

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Akash Agrawal Mon, 09/15/2014 - 11:06
User Badges:
  • Cisco Employee,

Hi,

 

You can not do DSCP marking on packets coming on trusted port. for example, if you want to do dscp marking on below interface, remove command "mls qos trust dscp"

 

interface FastEthernet1/0/2
 description PC and VoIP
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 120
 switchport trunk allowed vlan 120,220
 switchport mode trunk
 switchport voice vlan 220
 mls qos trust dscp  <<<<<<<<<<<<< need to be removed
 spanning-tree portfast
 service-policy input DSCP_Marking

 

--Pls dont forget to rate helpful posts--

Regards,

Akash

vyas.nilay Mon, 09/15/2014 - 13:29
User Badges:

Hi Akash,

 

Thanks for the reply. I have figured that out already during the troubleshooting of the P site. It is making DSCP value 0.

 

However, with W site I have removed trust dscp commands from the access switch uplink port. only re-marking is enable but it is not working.. I am still receiving DSCP marking as 0.

 

interface FastEthernet1/0/1
 description link to 2960 Access Switch.
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-group 1 mode on
 service-policy input DSCP_Marking

 

Am I missing anything?

 

 

Akash Agrawal Tue, 09/16/2014 - 11:06
User Badges:
  • Cisco Employee,

 

Please check if within service-policy (inside class) also we have option to untrust the DSCP. 

vyas.nilay Tue, 09/16/2014 - 18:15
User Badges:

What would you like me to check, Please elaborate a little.  .. I have already given entire configuration in my original post.

no mls qos trust dscp command should untrust the DSCP.. I have already remove that command from the switch port where other switch is connected.

Akash Agrawal Wed, 09/17/2014 - 11:38
User Badges:
  • Cisco Employee,

Hi,

 

We are applying policy-map on layer2 interface and matching traffic based on IP ACL. Can we do marking on layer 3 interface?

 

-Akash

Actions

This Discussion

Related Content