Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

per-port per-vlan

Hi All, I am having trouble configuring per-port per-vlan qos. I ahve followed the doc as per the letter, still getting no hits when I display sho policy map int f0/6, details below. Idea is to match vlan 13 incoming to the switch in port f0/6 and set ip prec 2. Spent so long on it now getting really frustrated!! Have posted on usual forums and have had nil response. Thanks for any input, ps mls qos is in config.

config...

class-map match-any port

match access-group 1

class-map match-all vlan

match vlan 13

match class-map port

policy-map vlan-in

class vlan

set precedence 3

access-list 1 permit any

interface FastEthernet0/6

switchport access vlan 13

switchport mode access

service-policy input vlan-in

xxxx35#sho policy-map int f0/6

FastEthernet0/6

Service-policy input: vlan-in

Class-map: vlan (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: vlan 13

Match: class-map match-any port

Match: access-group 1

0 packets, 0 bytes

5 minute rate 0 bps

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps

xxxx35#

6 REPLIES
New Member

Re: per-port per-vlan

Why do you still want to match on vlan 13? Fa0/6 is already configured as access port in vlan 13.

Does the following work?

class-map match-any port

match access-group 1

policy-map vlan-in

class port

set precedence 3

access-list 1 permit any

interface FastEthernet0/6

switchport access vlan 13

switchport mode access

service-policy input vlan-in

New Member

Re: per-port per-vlan

Hi, I do not think it has worked, have posted complete config for you to look at. I have a router connected to f0/6, this is sending pings to remote switch SVI interface via this one and over a trunk to a remote switch. I am getting responseses back. Basically all on bc domain.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname xxxx35

!

enable secret xxxx

!

no aaa new-model

mls qos

ip subnet-zero

!

!

!

!

!

!

no file verify auto

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 13-15 priority 24576

!

vlan internal allocation policy ascending

!

class-map match-any port

match access-group 1

!

!

policy-map vlan-in

class port

set precedence 3

!

!

!

interface FastEthernet0/1

switchport mode access

!

interface FastEthernet0/2

switchport mode access

!

interface FastEthernet0/3

switchport mode access

!

interface FastEthernet0/4

switchport mode access

!

interface FastEthernet0/5

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 13

switchport mode access

service-policy input vlan-in

!

interface FastEthernet0/7

switchport mode access

!

interface FastEthernet0/8

switchport mode access

!

interface FastEthernet0/9

switchport mode access

!

interface FastEthernet0/10

switchport mode access

!

interface FastEthernet0/11

switchport mode access

!

interface FastEthernet0/12

switchport mode access

!

interface FastEthernet0/13

switchport mode access

!

interface FastEthernet0/14

switchport mode access

!

interface FastEthernet0/15

switchport mode access

!

interface FastEthernet0/16

switchport mode access

!

interface FastEthernet0/17

switchport mode access

!

interface FastEthernet0/18

switchport mode access

!

interface FastEthernet0/19

switchport mode access

!

interface FastEthernet0/20

switchport mode access

!

interface FastEthernet0/21

switchport mode access

!

interface FastEthernet0/22

switchport mode access

!

interface FastEthernet0/23

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/24

switchport trunk encapsulation dot1q

switchport mode trunk

spanning-tree vlan 13-15 port-priority 64

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip address 1.1.x.x.255.255.0

!

ip classless

ip http server

ip http secure-server

!

!

access-list 1 permit any

!

control-plane

!

!

line con 0

line vty 0 4

password cisco

no login

line vty 5 15

password cisco

no login

!

!

end

xxxx35#

xxxx35#sho policy-map int f0/6

FastEthernet0/6

Service-policy input: vlan-in

Class-map: port (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group 1

0 packets, 0 bytes

5 minute rate 0 bps

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps

xxxx35#

FastEthernet0/6

Ingress

dscp: incoming no_change classified policed dropped (in bytes)

Others: 47523899 13749199 33774700 0 0

Egress

dscp: incoming no_change classified policed dropped (in bytes)

Others: 47686196 n/a n/a 0 0

Bronze

Re: per-port per-vlan

What kind of switch is this? If it is something like a 3550, then you have to turn off flow control on all the ports and enable qos:

conf t

int range f0/1 - 24

no flowcontrol receive

exit

mls qos

end

Hope this helps.

New Member

Re: per-port per-vlan

Hi, 3550 emi, flow off on all ints. What I am trying to achieve is catching all pkts from interface f0/6 and marking them as prec2. Looking at the documentation the way forward on this per-port per-vlan, thanks in advance-

config...

class-map match-any port

match access-group 1

class-map match-all vlan

match vlan 13

match class-map port

policy-map vlan-in

class vlan

set precedence 3

access-list 1 permit any

interface FastEthernet0/6

switchport access vlan 13

switchport mode access

service-policy input vlan-in

xxxx35#sho policy-map int f0/6

FastEthernet0/6

Service-policy input: vlan-in

Class-map: vlan (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: vlan 13

Match: class-map match-any port

Match: access-group 1

0 packets, 0 bytes

5 minute rate 0 bps

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps

xxxx35#

Re: per-port per-vlan

it is true that flow control must be off but that is not the issue. the issue here is you are looking at show policy output which is IOS output when all the packets are switched via hardware. If you want to look if particular DCSP value is getting marked or the switch is really seeing the DSCP value, you have to go under the interface and monitor a particular DSCP value.

Switch(config-if)#mls qos monitor dscp 6

interface FastEthernet0/1

no ip address

mls qos monitor dscp 0 6

service-policy input test

Switch#show mls qos interface fa 0/1 stati

FastEthernet0/1

Ingress

dscp: incoming no_change classified policed dropped (in bytes)

0 : 0 0 0 0 0

6 : 0 0 0 0 0

Others: 0 0 0 0 0

Egress

dscp: incoming no_change classified policed dropped (in bytes)

0 : 0 n/a n/a 0 0

6 : 0 n/a n/a 0 0

Others: 0 n/a n/a 0 0

without the mls monitor, there is no way to take the statistics:

Switch(config-if)#no mls qos monitor dscp 0 6

Switch(config-if)#end

Switch#show mls qos interface fa 0/1 stati

9w1d: %SYS-5-CONFIG_I: Configured from console by console

FastEthernet0/1

Ingress

dscp: incoming no_change classified policed dropped (in bytes)

Others: 0 0 0 0 0

Egress

dscp: incoming no_change classified policed dropped (in bytes)

Others: 0 n/a n/a 0 0

Please rate helpful posts.

New Member

Re: per-port per-vlan

Hi bos,

added config as descibed, was getting a lot of hits on other interfaces as well and could not decipher values anyway as I wanted to match all traffic from vlan x and port y and then set an ip prec value. In the end I connected a server to 3550 and extended ping to analyser and was suprised to see traffic being altered by per-port per vlan map, which was good. Thanks all for replies.

130
Views
15
Helpful
6
Replies
CreatePlease login to create content