Packets don't get marked when we configure service-policy input qos-map on the interface which traffics comes from (g3/1). If we however configure service-policy output qos-map on our layer 3 vlan interface (vlan 698) we can see the right DSCP marking. (This is verified with Ethereal on a laptop connected to on the downstream 10.105.1.33 C6509 switch)
We want to mark all 192.168.1.0/24 traffic coming from g3/1 to be distributed downstream on vlan 698. How come it doesn't work on ingress interface? Or is it enough to just have the service-policy output on the egress interface?
This is the working configuration:
mls qos
!
class-map match-all qos-class
match access-group name qos-acl
!
policy-map qos-map
class qos-class
set dscp af42
!
interface GigabitEthernet3/1
ip address 10.10.10.1 255.255.255.252
no cdp enable
!
interface Vlan698
ip address 10.105.1.34 255.255.255.252
service-policy output qos-map
!
interface TenGigabitEthernet4/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 600-699
switchport mode trunk
no ip address
mls qos trust dscp
!
ip access-list extended qos-acl
permit ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
!
ip route 192.168.1.0 255.255.255.0 10.10.10.2
We are running on WS-C6504-E/WS-SUP720-3B Version 12.2(18)SXF8