QoS issue

vyas.nilay · ‎09-14-2014

I have a network with two sites. Both site has the 3750 as a the core switch. One site is running code 12.2(50)SE2 and other site is running code 12.2(58)SE2 .

Site P - QoS working fine. 12.2(58)SE2

Site W - QoS not working. 12.2(50)SE2

Site P,

WAN - Core Switch - Access Switches.

Core Switch configured with Service Policy - Class Map - Access list

Service policy is applied in all the interfaces on the core switch.

Access switch is configured with mls qos trust dscp.

Voice server is connected to core switch and packet capture shows marking is right as per the classification.

Site W,

WAN- CoreSwitch- Access Switches - Access switch

Core Switch configured with Service Policy - Class Map - Access list

Service policy is applied in all the interfaces on the core switch and some interfaces also has mls qos trust dscp command.

Access switch are not configured with any trust command.

I have run the Wireshark on Core Switch WAN port and no Marking being detected.

Access List on both places:

Extended IP access list Real_time_queue
    10 permit udp any any range 2300 2363
    20 permit udp any any range 5200 5391
    30 permit udp any any range 5400 5439
    40 permit tcp any any range 5400 5439
    50 permit udp any any range 20480 20511
    60 permit udp any any range 16384 32767
    70 permit tcp any host 10.6.1.241 range 49152 57500
    80 permit udp any host 10.6.1.241 range 49152 57500

Class Map

Class Map match-any Real (id 2)
Match access-group name Real_time_queue

Policy Map DSCP_Marking
Class Real
set dscp ef

Interface configuration on W SITE

interface FastEthernet1/0/1
description link to 2960 Access Switch.
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
service-policy input DSCP_Marking
!
interface FastEthernet1/0/2
description PC and VoIP
switchport trunk encapsulation dot1q
switchport trunk native vlan 120
switchport trunk allowed vlan 120,220
switchport mode trunk
switchport voice vlan 220
mls qos trust dscp
spanning-tree portfast
service-policy input DSCP_Marking

I am not sure what is going wrong as configuration on both side is mostly identical .

If someone has any idea please let me know.

Kind Regards,

Nilay Vyas.

Akash Agrawal · ‎09-15-2014

Hi,

You can not do DSCP marking on packets coming on trusted port. for example, if you want to do dscp marking on below interface, remove command "mls qos trust dscp"

interface FastEthernet1/0/2
description PC and VoIP
switchport trunk encapsulation dot1q
switchport trunk native vlan 120
switchport trunk allowed vlan 120,220
switchport mode trunk
switchport voice vlan 220
mls qos trust dscp <<<<<<<<<<<<< need to be removed
spanning-tree portfast
service-policy input DSCP_Marking

--Pls dont forget to rate helpful posts--

Regards,

Akash

vyas.nilay · ‎09-15-2014

Hi Akash,

Thanks for the reply. I have figured that out already during the troubleshooting of the P site. It is making DSCP value 0.

However, with W site I have removed trust dscp commands from the access switch uplink port. only re-marking is enable but it is not working.. I am still receiving DSCP marking as 0.

interface FastEthernet1/0/1
description link to 2960 Access Switch.
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
service-policy input DSCP_Marking

Am I missing anything?

Akash Agrawal · ‎09-16-2014

Please check if within service-policy (inside class) also we have option to untrust the DSCP.

vyas.nilay · ‎09-16-2014

What would you like me to check, Please elaborate a little. .. I have already given entire configuration in my original post.

no mls qos trust dscp command should untrust the DSCP.. I have already remove that command from the switch port where other switch is connected.

Akash Agrawal · ‎09-17-2014

Hi,

We are applying policy-map on layer2 interface and matching traffic based on IP ACL. Can we do marking on layer 3 interface?

-Akash