Trying to configure QOS on a wiring closet 3750 switch based on QOS srnd guide. I am not seeing any packets getting matched by the policy-map applied to each phone port. I have configured the policy-map to police and mark traffic to appropriate dscp values.
This is policer policy-map that re-marks the matched traffic when it's over 1mbps for RTP and 32kbps for signalling, so unless you are running that much voice traffic (impossible) on one switch port you will not see it increment, which is good. The idead here is to protect your network against attacks that try to mimic voice traffic. Normally I use 128kbps for the RTP policer which is more than the g711 call, you can make it higher if you are going to use Barge feature. If you want to test it make the policer somthing lower than bandwidth required for a call.
I agree on the Policing side the traffic counters wont increment until the traffic exceeds the limit configured . But I am also setting the dscp for rtp to 46, control to 26 and rest to 0. Shouldnt the policy-map show the number of packets that got marked ?
With the 3750 ios, if i apply this acl to the input side of a phone port, the trust commands (mls qos trust cos/dscp) is removed automatically. Both these commands seem to be mutually exclusive..
Seems to me that if you want to use this approach, you need to match on some criteria other than dscp or cos. Or enable trust and leave the re-marking (set dscp) to egress policies. Setting an input policy that marks traffic allows more you granularity that trust alone does. But I think it kind've undermines your level of trust for traffic on that interface. I'm not certain, but I believe that is why the parser drops the trust commands when you have a policy that sets dscp or cos values. I could be wrong, however.
You see no matches because, as you said, trust is not enabled. So all traffic is re-marked to 0 upon ingress before the policy is applied.
Would you lab it up and keep me honest? I don't yet have equipment to test with.
I think you are right, that the counters dont show up because trust state is untrusted. It doesnt make sense why QOS SRND still says to configure trust state by using mls qos trust cos/dscp, when it doesnt really work with a service policy applied in inbound direction. Their example shows that you can apply both the trust state and service policy.
So if I go with this approach, I should still be OK, because I am marking the traffic on ingress based on the IP subnet / TCP /UDP port.
I will lower the policer rate to < 80kbps to see if phone calls are marked down to DSCP 8.
I will also hook up a sniffer to see if packets are getting marked properly.
The biggest challenge here in this network is that i have 3750s, 4500s and 6500s and all of them have different types of QOS configs..
Btw, you the same Michael Davis who worked for Eloyalty? You shifted to Cisco ? Good thought to use a different CCO id then..
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
[toc:faq]CUCM Database Replication is an area in which Cisco customers
and partners have asked for more in-depth training in being able to
properly assess a replication problem and potentially resolve an issue
without involving TAC. This document discusse...