07-17-2003 04:50 AM - edited 03-02-2019 08:55 AM
Hello together,
i like to implement QoS for a Catalyst 3550 Switch.
We already deployed a policy but this seems to be not working we see no matches in the access lists. Here what we have configured.
class-map match-all gold
match access-group 125
policy-map mark-in-pkts
class gold
set ip precedence 5
police 2000000 8000 exceed-action policed-dscp-transmit
access-list 125 permit tcp any any range ftp-data ftp
access-list 125 permit tcp any range ftp-data ftp any
access-list 125 permit udp any any eq 12004
access-list 125 permit udp any eq 12004 any
access-list 125 permit tcp any any eq smtp
access-list 125 permit tcp any eq smtp any
access-list 125 permit tcp any any eq pop3
access-list 125 permit tcp any eq pop3 any
access-list 125 permit udp any any eq 110
access-list 125 permit udp any eq 110 any
access-list 125 permit tcp any any range 11000 11001
access-list 125 permit tcp any range 11000 11001 any
access-list 125 permit udp any any range 11000 11001
access-list 125 permit udp any range 11000 11001 any
interface GigabitEthernet0/12
switchport access vlan 159
switchport mode access
no ip address
mls qos monitor dscp 8 16 24 32
service-policy input mark-in-pkts
But this is not working. We don´t see any matches for the access-list 125.
Did we something wrong ?
Or ist it possible that the switch by default not look at the ip header and forward the packets througgh the mac-forward-table ??
And if so can we avoid this ??
So we like, that the switch will set the ip precedence bit for particular packets. For Routers the above described configuration is working.
Can you help ??
07-17-2003 05:05 AM
I beleive your problem is the 'match-all' parameter , see below
Creating a Traffic Class
The class-map global configuration command is used to create a traffic class. The syntax of the class-map command is as follows:
class-map [match-any | match-all] class-name
no class-map [match-any | match-all] class-name
The match all and match any options need to be specified only if more than one match criterion is configured in the traffic class. The class-map match-all command is used when all of the match criteria in the traffic class must be met in order for a packet to match the specified traffic class. The class-map match-any command is used when only one of the match criterion in the traffic class must be met in order for a packet to match the specified traffic class. If neither the match-all nor match-any keyword is specified, the traffic class will behave in a manner consistent with class-map match-all command.
07-17-2003 05:46 AM
Hello,
i have tried to change the policy configurtaion, but by default the router insert "match-all" to the running configuration. So this couldn´t be the problem. So i think maybe that the switch is not checking the incoming packet through the IP Header.
He checks the MAC Address and forwards the packet.
Do you have a another idea ?
07-17-2003 05:39 AM
Hi,
I've found almost identical example config on CCO in the end of http://www.cisco.com/warp/public/473/153.pdf
The only differences are:
1)missing
mls qos
in your config (might be crucial if really omited)
2)missing
mls qos map policed-dscp 48 to 16
(modifies QoS map, should not be crucial but should be in config for correct functionality, I think).
Is your switch 3550 or 2950?
If 2950, this can't work at all.
If 3550, which IOS are you running?
Have you tried to use some simple ACL 125 (permit ip any any, e.g.) to be sure some data should pass it?
Regards,
Milan
07-17-2003 05:55 AM
Hi Milan,
the 2 "missing" commands are in the configuration. I´ve missed it to insert it into the chat.
It´s a 3550 Switch and we use IOS 12.1(11)
We also tried to to use a simple ACL 125 (with permit icmp any any). But we we still see no matches for this ACL.
Do you have another idea ?
12-05-2003 06:56 AM
Hi,
In fact, I encounter the exact problem as yours. I tried the same configuration in a Cat 6509 (with PFC card), it works fine.
I've checked the IOS documentaion, and compare the difference between 3550 and 6500 configuration guide, it seems that in the 3550, it mentions about the requiremennt to turn off flowcontrol. Yet, I don't have chance to retest it. Maybe you can try and I would like to know your finding.
Rgds,
Kepler
12-05-2003 11:24 AM
Hi!
I have successfully configured QOS on a 3550. The documentation states that the hits won't show up on the ACLs. You can verify the classifications using the "sh mls qos int stats" commands. If you need to see which flows have been classified and you are using diffserv then you can use the "mls qos monitor dscp" command on each interface to view to packets matching and marking.
Hope that helps,
M.B.
12-05-2003 09:35 PM
Hi,
But what about using "show policy-map interface ...." command, as I find that in router or Cat 6509, this command shows the # of packets matches, but in Cat 3550, the counter doesn't increase (remain 0).
Rgds,
Kepler
01-18-2004 06:07 AM
Hi All,
Eventually, I've got some time to retest the QoS in the 3550 again. I find that though the "show policy-map interface ...." doesn't show the correct # of packets being processed, the QoS actually work. As I try monitor the outgoing packet by router, the IP precedence field is correctly set by the 3550.
Rgds,
Kepler
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: