Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


QoS Sanity Check! need help Now.

I have a 3560 L3 switch that is connected to a MAN network in a funny way.

the outward-facing port is configured as a trunk to pass vlan traffic across the metro fiber to a distant-end 6513 L3 switch. It also is placed in a vlan to pass L3 traffic across that same metro fiber.

Here is the config of that port:

interface GigabitEthernet0/1

description Connection to TLS

switchport access vlan 21

switchport trunk encapsulation dot1q

switchport trunk native vlan 21

switchport mode trunk

load-interval 60

The access ports are configured accordingly:

interface range FastEthernet0/1 - 24

description 10 / 100 Port

switchport access vlan 2

switchport mode access

switchport nonegotiate

load-interval 60

mls qos trust cos

speed auto

duplex auto

spanning-tree portfast

spanning-tree guard root


mls qos


class-map voip

match ip dscp ef

class-map hb

match access-group 100

class-map data

match access-group 101


policy-map TLS

class voip

set ip dscp ef

class hb

set ip dscp af41

class data

set ip dscp af31


interface g0/1


priority-queue out


service-policy output TLS


Access-list 100 permit tcp any any eq 580


Access-list 100 permit udp any any eq 580


Access-list 101 permit ip any


So, I want to classify and mark VoIP traffic, server heartbeat traffic and general data. No biggie.

And then I want to apply that QoS policy to the outward-facing gi0/1 metro fiber interface.


Everytime I try to enter the "service-policy output TLS" command, it says "Warning: Applying service policy to OUTPUT interface not supported"

Im confused. Dont I HAVE to apply it to the output so that the traffic LEAVING the 3560 and heading out to the outside world gets QoS'ed???

New Member

Re: QoS Sanity Check! need help Now.

Believe outbound service policies not supported on that platform. You can mark with an inbound policy.


Re: QoS Sanity Check! need help Now.

You need to apply your service-policy to a layer 3 interface. You need to configure Interface VLAN 2 and apply an IP address accociated with that VLAN. Then you can apply your Service-policy to it on the outbound traffic.... You cannot apply a service-policy to a layer 2 Trunk.. Try it out..Good Luck... Please rate...


Re: QoS Sanity Check! need help Now.

I changed it to service-policy intput and it took.

Pciacco does raise an interesting point:

is it the case that a service policy cannot be applied to a trunk port? I was thinking the same thing, but a QoS guru is th eone who wrote this part of the deployment. I asked the same question, but he seemed to think it would work.

Is he wrong?

Re: QoS Sanity Check! need help Now.


3560 does not support service-policy on the egress. It supports only inbound on the port and hence it took the command when you mentioned service-policy input.