Deploying QoS for Catalyst 2550 Switch

walu · ‎07-17-2003

Hello together,

i like to implement QoS for a Catalyst 3550 Switch.

We already deployed a policy but this seems to be not working we see no matches in the access lists. Here what we have configured.

class-map match-all gold

match access-group 125

policy-map mark-in-pkts

class gold

set ip precedence 5

police 2000000 8000 exceed-action policed-dscp-transmit

access-list 125 permit tcp any any range ftp-data ftp

access-list 125 permit tcp any range ftp-data ftp any

access-list 125 permit udp any any eq 12004

access-list 125 permit udp any eq 12004 any

access-list 125 permit tcp any any eq smtp

access-list 125 permit tcp any eq smtp any

access-list 125 permit tcp any any eq pop3

access-list 125 permit tcp any eq pop3 any

access-list 125 permit udp any any eq 110

access-list 125 permit udp any eq 110 any

access-list 125 permit tcp any any range 11000 11001

access-list 125 permit tcp any range 11000 11001 any

access-list 125 permit udp any any range 11000 11001

access-list 125 permit udp any range 11000 11001 any

interface GigabitEthernet0/12

switchport access vlan 159

switchport mode access

no ip address

mls qos monitor dscp 8 16 24 32

service-policy input mark-in-pkts

But this is not working. We don´t see any matches for the access-list 125.

Did we something wrong ?

Or ist it possible that the switch by default not look at the ip header and forward the packets througgh the mac-forward-table ??

And if so can we avoid this ??

So we like, that the switch will set the ip precedence bit for particular packets. For Routers the above described configuration is working.

Can you help ??

deilert · ‎07-17-2003

I beleive your problem is the 'match-all' parameter , see below

Creating a Traffic Class

The class-map global configuration command is used to create a traffic class. The syntax of the class-map command is as follows:

class-map [match-any | match-all] class-name

no class-map [match-any | match-all] class-name

The match all and match any options need to be specified only if more than one match criterion is configured in the traffic class. The class-map match-all command is used when all of the match criteria in the traffic class must be met in order for a packet to match the specified traffic class. The class-map match-any command is used when only one of the match criterion in the traffic class must be met in order for a packet to match the specified traffic class. If neither the match-all nor match-any keyword is specified, the traffic class will behave in a manner consistent with class-map match-all command.

walu · ‎07-17-2003

Hello,

i have tried to change the policy configurtaion, but by default the router insert "match-all" to the running configuration. So this couldn´t be the problem. So i think maybe that the switch is not checking the incoming packet through the IP Header.

He checks the MAC Address and forwards the packet.

Do you have a another idea ?

milan.kulik · ‎07-17-2003

Hi,

I've found almost identical example config on CCO in the end of http://www.cisco.com/warp/public/473/153.pdf

The only differences are:

1)missing

mls qos

in your config (might be crucial if really omited)

2)missing

mls qos map policed-dscp 48 to 16

(modifies QoS map, should not be crucial but should be in config for correct functionality, I think).

Is your switch 3550 or 2950?

If 2950, this can't work at all.

If 3550, which IOS are you running?

Have you tried to use some simple ACL 125 (permit ip any any, e.g.) to be sure some data should pass it?

Regards,

Milan

walu · ‎07-17-2003

Hi Milan,

the 2 "missing" commands are in the configuration. I´ve missed it to insert it into the chat.

It´s a 3550 Switch and we use IOS 12.1(11)

We also tried to to use a simple ACL 125 (with permit icmp any any). But we we still see no matches for this ACL.

Do you have another idea ?

keplerlam · ‎12-05-2003

Hi,

In fact, I encounter the exact problem as yours. I tried the same configuration in a Cat 6509 (with PFC card), it works fine.

I've checked the IOS documentaion, and compare the difference between 3550 and 6500 configuration guide, it seems that in the 3550, it mentions about the requiremennt to turn off flowcontrol. Yet, I don't have chance to retest it. Maybe you can try and I would like to know your finding.

Rgds,

Kepler

mbond · ‎12-05-2003

Hi!

I have successfully configured QOS on a 3550. The documentation states that the hits won't show up on the ACLs. You can verify the classifications using the "sh mls qos int stats" commands. If you need to see which flows have been classified and you are using diffserv then you can use the "mls qos monitor dscp" command on each interface to view to packets matching and marking.

Hope that helps,

M.B.

keplerlam · ‎12-05-2003

Hi,

But what about using "show policy-map interface ...." command, as I find that in router or Cat 6509, this command shows the # of packets matches, but in Cat 3550, the counter doesn't increase (remain 0).

Rgds,

Kepler

keplerlam · ‎01-18-2004

Hi All,

Eventually, I've got some time to retest the QoS in the 3550 again. I find that though the "show policy-map interface ...." doesn't show the correct # of packets being processed, the QoS actually work. As I try monitor the outgoing packet by router, the IP precedence field is correctly set by the 3550.

Rgds,

Kepler