QoS service-policy ingress problem

mats.brynolf · ‎05-29-2007

Packets don't get marked when we configure service-policy input qos-map on the interface which traffics comes from (g3/1). If we however configure service-policy output qos-map on our layer 3 vlan interface (vlan 698) we can see the right DSCP marking. (This is verified with Ethereal on a laptop connected to on the downstream 10.105.1.33 C6509 switch)

We want to mark all 192.168.1.0/24 traffic coming from g3/1 to be distributed downstream on vlan 698. How come it doesn't work on ingress interface? Or is it enough to just have the service-policy output on the egress interface?

This is the working configuration:

mls qos

!

class-map match-all qos-class

match access-group name qos-acl

!

policy-map qos-map

class qos-class

set dscp af42

!

interface GigabitEthernet3/1

ip address 10.10.10.1 255.255.255.252

no cdp enable

!

interface Vlan698

ip address 10.105.1.34 255.255.255.252

service-policy output qos-map

!

interface TenGigabitEthernet4/1

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 600-699

switchport mode trunk

no ip address

mls qos trust dscp

!

ip access-list extended qos-acl

permit ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255

!

ip route 192.168.1.0 255.255.255.0 10.10.10.2

We are running on WS-C6504-E/WS-SUP720-3B Version 12.2(18)SXF8

amritpatek · ‎06-04-2007

Generally with switching platforms you classify your traffic on ingress ports and then schedule it on egress ports.

For a VLAN-group policy, if a class of a parent policy map specifies the service-policy command, do not configure any other QoS actions for that class.

For more information Please click following URLs:

http://www.cisco.com/en/US/products/ps6566/products_feature_guide09186a0080785293.html#wp1049404

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800b3d15.shtml#t5