Cisco Support Community
Community Member

QoS Classification question for configuring Nexus 5548

We (my network teammates) are running several Nexus switches in 2 connected Data Centers.  I'm trying to get ready to start configuring QoS classification on these switches and I notice I cannot configure object-groups.  That kind of puts a damper on things for me since I used them as much as possible.  That means my ACLs will be considerably longer than I had planned.

1. Are object-groups just not available with the image we're using?

2. If not, are there any plans for them in the future (I notice a "show object-group" command in the configuration guide)?

XXXXX-5548-1(config-acl)# show ver
Cisco Nexus Operating System (NX-OS) Software
TAC support:
Copyright (c) 2002-2011, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at

  BIOS:      version 3.5.0
  loader:    version N/A
  kickstart: version 5.0(3)N1(1a)
  system:    version 5.0(3)N1(1a)
  power-seq: Module 1: version v3.0
             Module 2: version v1.0
             Module 3: version v2.0
  uC:        version v1.1.0.1
  BIOS compile time:       02/03/2011
  kickstart image file is: bootflash:/n5000-uk9-kickstart.5.0.3.N1.1a.bin
  kickstart compile time:  3/7/2011 23:00:00 [03/08/2011 07:23:28]
  system image file is:    bootflash:/n5000-uk9.5.0.3.N1.1a.bin
  system compile time:     3/7/2011 23:00:00 [03/08/2011 09:43:53]

  cisco Nexus5548 Chassis ("O2 32X10GE/Modular Supervisor")
  Intel(R) Xeon(R) CPU         with 8299528 kB of memory.
  Processor Board ID JAF1453AELN

  Device name: CWY1-01A-5548-1
  bootflash:    2007040 kB

Kernel uptime is 54 day(s), 23 hour(s), 3 minute(s), 36 second(s)

Last reset at 898319 usecs after  Tue Sep 20 01:08:53 2011

  Reason: Reset triggered due to HA policy of Reset
  System version: 5.0(3)N1(1a)
  Service: port-profile hap reset

  Core Plugin, Ethernet Plugin



Community Member

QoS Classification question for configuring Nexus 5548

I guess I should reword my questions so they make more sense.

1.Are object-groups just not available in the image we're using?

2.Are object-groups available in any image in the n5000 family?

3.If not, are there any plans for object-groups?

4.If not, why is the command "show object-groups" listed in the configuration guide on page 50-10 as being a part of the "show tech" output?



Community Member

QoS Classification question for configuring Nexus 5548

I'm sure some of you who have viewed this know how dumb it feels to reply to your own post.

Anyway, I finally opened a TAC case about the object-group question (which was promptly closed by the engineer who took ownership of the case).

Object-groups are not supported on the 5k. That was a simple answer. Also, there has been a request to correct the documentation.

So on with my task. I now have over 300 lines of ACLs to classify traffic for one (1) application. Ok, I'm over it.

I have my 'type qos' class maps configuration and my policy-map ready to configure (almost). In doing so I noticed several differences from the 6500s (nothing new in that fact, everyone knows there are a ton of differences).

1. For one, the verification commands are different. I notice when typing "show policy-map system" that all of the policies show to be disabled. policy statistics status: disabled

This can also be seen in the QoS Configuration Guide (oddly enough).

This begs the question, how do you enable a policy?

2. There is not an option to 'trust dscp' in the policy-map configuration mode (most all older switches require us to either 'set' the dscp value or 'trust' the dscp marking unless we specifically want it to be re-marked with the default marking).

So does the NX-OS treat packets the same way? No. I found the answer to this one.

Trust Boundaries

The trust boundary is enforced by the incoming interface as follows:

• All Fibre Channel and virtual Fibre Channel interfaces are automatically classified into the FCoE system class.

By default, all Ethernet interfaces are trusted interfaces. A packet tagged with a 802.1p CoS value is classified into a system class using the value in the packet.

• Any packet not tagged with an 802.1p CoS value is classified into the default drop system class. If the untagged packet is sent over a trunk, it is tagged with the default untagged CoS value, which is zero.

• You can override the default untagged CoS value for an Ethernet interface or port channel.

After the system applies the untagged CoS value, QoS functions the same as for a packet that entered the system tagged with the CoS value.

3. The Nexus presents us with qos-groups. I'm still confused about all of the options I have for qos-groups and why I should use them.

For example:

I'm ready to add my QoS classification configuration but I still don't know if I should add my Voice and Video to qos-group (1) with FCoE traffic so I can apply Pause No Drop to all of it. I guess that just goes to show my lack of undertstanding of the Pause No Drop concept and the flexibility of qos-groups.

Please, anyone and everyone who is interested enough to view this, feel free to post your thoughts and add your own research or experience to this.



CreatePlease to create content