09-14-2014 03:46 PM - edited 03-07-2019 08:45 PM
I have a network with two sites. Both site has the 3750 as a the core switch. One site is running code 12.2(50)SE2 and other site is running code 12.2(58)SE2 .
Site P - QoS working fine. 12.2(58)SE2
Site W - QoS not working. 12.2(50)SE2
Site P,
WAN - Core Switch - Access Switches.
Core Switch configured with Service Policy - Class Map - Access list
Service policy is applied in all the interfaces on the core switch.
Access switch is configured with mls qos trust dscp.
Voice server is connected to core switch and packet capture shows marking is right as per the classification.
Site W,
WAN- CoreSwitch- Access Switches - Access switch
Core Switch configured with Service Policy - Class Map - Access list
Service policy is applied in all the interfaces on the core switch and some interfaces also has mls qos trust dscp command.
Access switch are not configured with any trust command.
I have run the Wireshark on Core Switch WAN port and no Marking being detected.
Access List on both places:
Extended IP access list Real_time_queue
10 permit udp any any range 2300 2363
20 permit udp any any range 5200 5391
30 permit udp any any range 5400 5439
40 permit tcp any any range 5400 5439
50 permit udp any any range 20480 20511
60 permit udp any any range 16384 32767
70 permit tcp any host 10.6.1.241 range 49152 57500
80 permit udp any host 10.6.1.241 range 49152 57500
Class Map
Class Map match-any Real (id 2)
Match access-group name Real_time_queue
Policy Map DSCP_Marking
Class Real
set dscp ef
Interface configuration on W SITE
interface FastEthernet1/0/1
description link to 2960 Access Switch.
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
service-policy input DSCP_Marking
!
interface FastEthernet1/0/2
description PC and VoIP
switchport trunk encapsulation dot1q
switchport trunk native vlan 120
switchport trunk allowed vlan 120,220
switchport mode trunk
switchport voice vlan 220
mls qos trust dscp
spanning-tree portfast
service-policy input DSCP_Marking
I am not sure what is going wrong as configuration on both side is mostly identical .
If someone has any idea please let me know.
Kind Regards,
Nilay Vyas.
09-15-2014 11:06 AM
Hi,
You can not do DSCP marking on packets coming on trusted port. for example, if you want to do dscp marking on below interface, remove command "mls qos trust dscp"
interface FastEthernet1/0/2
description PC and VoIP
switchport trunk encapsulation dot1q
switchport trunk native vlan 120
switchport trunk allowed vlan 120,220
switchport mode trunk
switchport voice vlan 220
mls qos trust dscp <<<<<<<<<<<<< need to be removed
spanning-tree portfast
service-policy input DSCP_Marking
--Pls dont forget to rate helpful posts--
Regards,
Akash
09-15-2014 01:29 PM
Hi Akash,
Thanks for the reply. I have figured that out already during the troubleshooting of the P site. It is making DSCP value 0.
However, with W site I have removed trust dscp commands from the access switch uplink port. only re-marking is enable but it is not working.. I am still receiving DSCP marking as 0.
interface FastEthernet1/0/1
description link to 2960 Access Switch.
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
service-policy input DSCP_Marking
Am I missing anything?
09-16-2014 11:06 AM
Please check if within service-policy (inside class) also we have option to untrust the DSCP.
09-16-2014 06:15 PM
What would you like me to check, Please elaborate a little. .. I have already given entire configuration in my original post.
no mls qos trust dscp command should untrust the DSCP.. I have already remove that command from the switch port where other switch is connected.
09-17-2014 11:38 AM
Hi,
We are applying policy-map on layer2 interface and matching traffic based on IP ACL. Can we do marking on layer 3 interface?
-Akash
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide