Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

QOS config on 3750

Trying to configure QOS on a wiring closet 3750 switch based on QOS srnd guide. I am not seeing any packets getting matched by the policy-map applied to each phone port. I have configured the policy-map to police and mark traffic to appropriate dscp values.

phone--3750---gig uplink to core switch.

Config on a sample phone port:

interface FastEthernet1/0/1

switchport access vlan 40

switchport mode dynamic desirable

switchport voice vlan 50

service-policy input IPPhone+PC

srr-queue bandwidth share 1 70 25 5

srr-queue bandwidth shape 3 0 0 0

priority-queue out

macro description PhonePCPort | PhonePCPort

spanning-tree portfast

end

mls qos map policed-dscp 0 24 to 8

mls qos map cos-dscp 0 8 16 24 34 46 48 56

mls qos srr-queue output cos-map queue 1 threshold 3 5

mls qos srr-queue output cos-map queue 2 threshold 1 2 4

mls qos srr-queue output cos-map queue 2 threshold 2 3

mls qos srr-queue output cos-map queue 2 threshold 3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3 0

mls qos srr-queue output cos-map queue 4 threshold 3 1

mls qos srr-queue output dscp-map queue 1 threshold 3 46

mls qos srr-queue output dscp-map queue 2 threshold 1 34 36 38

mls qos srr-queue output dscp-map queue 2 threshold 2 24 26

mls qos srr-queue output dscp-map queue 2 threshold 3 48 56

mls qos srr-queue output dscp-map queue 3 threshold 3 0

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos queue-set output 1 threshold 2 70 80 100 100

mls qos queue-set output 1 threshold 4 40 100 100 100

mls qos

!

class-map match-all VVlan-Any

match access-group name VVlan-Any

class-map match-all Signalling

match access-group name Signalling

class-map match-all RTP

match access-group name RTP

policy-map IPPhone+PC

class RTP

set dscp ef

police 1000000 8000 exceed-action policed-dscp-transmit

! #### 1 meg for phone traffic.

class Signalling

police 32000 8000 exceed-action policed-dscp-transmit

set dscp cs3

! #### 32 kbps for sccp control.

class VVlan-Any

police 32000 8000 exceed-action policed-dscp-transmit

set dscp default

! #### 32 kbps for any other traffic in voice vlan.

class class-default

police 100000000 8000 exceed-action policed-dscp-transmit

! ###### 10 meg for data traffic.

3750#sh access-lists

Extended IP access list RTP

10 permit udp 10.50.1.0 0.0.0.255 any range 16384 32767

Extended IP access list Signalling

10 permit tcp 10.50.1.0 0.0.0.255 any range 2000 2002

Extended IP access list VVlan-Any

10 permit ip 10.50.1.0 0.0.0.255 any

Again, I am not using Auto-qos. The settings above were configured based on QOS-SRND recommendations. 10.50.1.0 is the phone subnet.

What am i missing here ? Why is the policy-map not showing any traffic at all ?

3750#sh policy-map int fa 1/0/1

FastEthernet1/0/1

Service-policy input: IPPhone+PC

Class-map: RTP (match-all)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: access-group name RTP

Class-map: Signalling (match-all)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: access-group name Signalling

Class-map: VVlan-Any (match-all)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: access-group name VVlan-Any

Class-map: class-default (match-any)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

rate 0 bps

3750#

  • Other Collaboration Voice and Video Subjects
5 REPLIES
Hall of Fame Super Silver

Re: QOS config on 3750

Sankar,

This is policer policy-map that re-marks the matched traffic when it's over 1mbps for RTP and 32kbps for signalling, so unless you are running that much voice traffic (impossible) on one switch port you will not see it increment, which is good. The idead here is to protect your network against attacks that try to mimic voice traffic. Normally I use 128kbps for the RTP policer which is more than the g711 call, you can make it higher if you are going to use Barge feature. If you want to test it make the policer somthing lower than bandwidth required for a call.

Chris

Re: QOS config on 3750

Chris,

I agree on the Policing side the traffic counters wont increment until the traffic exceeds the limit configured . But I am also setting the dscp for rtp to 46, control to 26 and rest to 0. Shouldnt the policy-map show the number of packets that got marked ?

With the 3750 ios, if i apply this acl to the input side of a phone port, the trust commands (mls qos trust cos/dscp) is removed automatically. Both these commands seem to be mutually exclusive..

New Member

Re: QOS config on 3750

Hey Sankar,

Seems to me that if you want to use this approach, you need to match on some criteria other than dscp or cos. Or enable trust and leave the re-marking (set dscp) to egress policies. Setting an input policy that marks traffic allows more you granularity that trust alone does. But I think it kind've undermines your level of trust for traffic on that interface. I'm not certain, but I believe that is why the parser drops the trust commands when you have a policy that sets dscp or cos values. I could be wrong, however.

You see no matches because, as you said, trust is not enabled. So all traffic is re-marked to 0 upon ingress before the policy is applied.

Would you lab it up and keep me honest? I don't yet have equipment to test with.

Michael

Re: QOS config on 3750

I think you are right, that the counters dont show up because trust state is untrusted. It doesnt make sense why QOS SRND still says to configure trust state by using mls qos trust cos/dscp, when it doesnt really work with a service policy applied in inbound direction. Their example shows that you can apply both the trust state and service policy.

So if I go with this approach, I should still be OK, because I am marking the traffic on ingress based on the IP subnet / TCP /UDP port.

I will lower the policer rate to < 80kbps to see if phone calls are marked down to DSCP 8.

I will also hook up a sniffer to see if packets are getting marked properly.

The biggest challenge here in this network is that i have 3750s, 4500s and 6500s and all of them have different types of QOS configs..

Btw, you the same Michael Davis who worked for Eloyalty? You shifted to Cisco ? Good thought to use a different CCO id then..

New Member

Re: QOS config on 3750

I'm not sure that the restriction is that no input policy can be applied, rather you cannot apply an inbound policy that includes set cos or set dscp to a trusted interface without removing the trust.

I am the same Michael. Still getting settled into the new digs. So my postings have been and may continue to be a bit sparse through transition.

Michael

180
Views
3
Helpful
5
Replies