Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

QOS - DSCP Cat 6500 Sup720

So I am trying to get traffic from 192.168.1.33 on UDP ports 10000-20000 and port 5222 (udp) to have DSCP set to EF and  Forwarded accordingly.   Any thoughts?

           

Building configuration...

Current configuration : 32481 bytes
!
! Last configuration change at 22:52:11 UTC Mon Jul 30 2012
!
version 12.2
no mls acl tcam share-global
mls netflow interface
mls qos
mls cef error action freeze
vty-async
!
!
spanning-tree mode pvst
diagnostic bootup level complete
access-list 99 permit 192.168.1.51
access-list 99 permit 192.168.1.9
access-list 99 permit 192.168.1.8
access-list 99 permit 192.168.1.12
access-list 111 permit udp any any range 10000 20000
access-list 111 permit udp any any range 1 9999
access-list 111 permit tcp any any
access-list 111 permit udp any any range 20001 49151
access-list 111 permit udp any any range 50000 65535
access-list 150 permit udp any any eq 5060
!
redundancy
main-cpu
  auto-sync running-config
mode sso
!
ip access-list extended Modesto_Office
remark Wireless Link
permit tcp any any established
permit icmp any any
permit udp host 65.214.162.12 host 99.24.26.84 eq tftp
permit ip host 65.214.162.24 host 12.201.135.195
permit tcp host 65.214.162.24 host 12.201.135.195
permit udp host 65.214.162.24 host 12.201.135.195
permit ip host 65.214.162.12 host 12.201.135.195
permit icmp any host 12.201.135.195 echo
permit tcp host 65.214.162.12 host 12.201.135.195
permit tcp any host 12.201.135.196 eq www
permit tcp any host 12.201.135.196 eq 9010
permit tcp any host 12.201.135.196 eq 9011
permit ip host 206.169.144.166 host 12.201.135.195
permit tcp any host 12.201.135.198 eq 8000
permit tcp any host 12.201.135.198 eq 9000
permit tcp host 216.147.191.159 host 12.201.135.198 range 10000 20000
permit tcp host 216.147.191.159 host 12.201.135.199 range 10000 20000
permit tcp any host 12.201.135.198 eq 5061
permit tcp any host 12.201.135.199 eq 5061
permit tcp any host 12.201.135.198 eq 5222
permit tcp any host 12.201.135.199 eq 5222
permit tcp host 66.201.45.122 host 12.201.135.199 eq 3389
permit udp any host 12.201.135.199 eq 5061
permit tcp any host 12.198.135.198 eq 5060
permit tcp any host 12.198.135.199 eq 5060
permit udp any host 12.198.135.199 eq 5060
permit udp any host 12.198.135.198 eq 5060
deny   ip host 90.230.133.128 any
deny   tcp any any eq 135
deny   tcp any any eq 137
deny   tcp any any eq 138
deny   tcp any any eq 445
ip access-list extended PhoneQoS
permit udp any range 10000 20000 any
permit udp any portgroup 5060 any
permit ip any any dscp ef
permit udp host 192.168.1.33 host 192.168.1.8 range 10000 20000
permit udp host 192.168.1.33 host 192.168.1.8 eq 5222
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
class-map match-all voip
  description dialer
class-map match-all PhoneModesto
  match access-group name PhoneQoS
class-map match-all adamtest
class-map match-all rate_limit
  match access-group 111
class-map match-all Other
!
!
policy-map PhoneQoS
  class PhoneModesto
   set dscp ef
!
!
interface GigabitEthernet1/1
switchport
switchport access vlan 100
switchport mode access
switchport mode access
mls qos trust dscp
service-policy input PhoneQoS
!
interface GigabitEthernet1/2
switchport
switchport access vlan 100
switchport mode access
mls qos trust dscp
service-policy input PhoneQoS
!
interface GigabitEthernet1/3
switchport
switchport access vlan 100
switchport mode access
mls qos trust dscp
service-policy input PhoneQoS
!
interface GigabitEthernet1/4
switchport
switchport access vlan 100
switchport mode access
mls qos trust dscp
service-policy input PhoneQoS
!
interface GigabitEthernet1/5
switchport
switchport access vlan 100
switchport mode access
mls qos trust dscp
service-policy input PhoneQoS
!
!
!
Interfaces Thru  GigabitEthernet4/48 Omited
!
!
!

interface GigabitEthernet5/1
no ip address
shutdown
!
interface GigabitEthernet5/2
switchport
switchport access vlan 100
switchport mode access
media-type rj45
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
ip address 192.168.1.234 255.255.255.0
service-policy input PhoneQoS
!
interface Vlan115
ip address 192.168.15.1 255.255.255.0
shutdown
!
ip default-gateway 192.168.1.1
ip classless
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 66.242.169.126
ip route 172.16.0.0 255.255.0.0 192.168.1.2
!
!
ip http server
!
!
route-map voip permit 10
match ip address 99
match policy-list voip
set ip next-hop 66.242.169.112
!
route-map pol permit 10
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!

1 REPLY
Hall of Fame Super Bronze

Re: QOS - DSCP Cat 6500 Sup720

Based on your requirements, the configuration does not exactly match.

You stated only traffic from 192.168.1.33 on UDP ports 10000-20000 and port 5222 (udp).

While the configuration has:

ip access-list extended PhoneQoS

permit udp any range 10000 20000 any

permit udp any portgroup 5060 any

permit ip any any dscp ef

So any traffic sourcing from Vlan100 using those ports will have DSCP EF. Also port 5060 is listed instead of 5222.

Additionally, it should be

permit udp any eq 5222 any

instead of

permit udp any portgroup 5222 any

You need to modify your ACL accordingly.

Another issue I see, you are using port based QoS and Vlan based QoS.

Port based QoS will work fine on 6500 boxes but you may run out of internal resources if you apply a high number of port based policies with some QoS features, just be aware.

We often recommend Vlan based QoS on deployments but for them to be active, you need to enter the following command under each physical port that is part of that Vlan: mls qos vlan-based

This document should be useful for you on your implementation:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008014a29f.shtml

Regards,

Edison

1425
Views
0
Helpful
1
Replies
CreatePlease login to create content