cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
524
Views
0
Helpful
1
Replies

QOS Service policy on Cat2950

Martin Parry
Level 3
Level 3

I am having issues applying a Quality of Service policy to a number of 2950 series switches. I am aware of the limitations of the 2950, but I am hoping to work around these.

The problem synopsis is as follows:

The customer has a number of 2950 series switches which are uplinking to Core boxes. I am trying to police at the edge mark and police at the edge to avoid unneccesary utilisation of the uplinks. The config I am trying to apply to the 2950's is as follows:

ip access-list extended NetMAN-ANY.

permit tcp any 10.181.4.0 0.0.0.127 eq telnet

permit tcp any 10.181.4.128 0.0.0.127 eq telnet

permit tcp any 10.181.4.0 0.0.0.127 eq 22

permit tcp any 10.181.4.128 0.0.0.127 eq 22

permit ip any host 10.181.4.30

permit ip any host 10.181.4.60

permit ip any host 10.64.60.5

ip access-list extended PACS-ANY

permit tcp any 10.181.0.128 0.0.0.127 eq www

permit tcp any 10.181.0.128 0.0.0.127 eq 443

ip access-list extended TelnetAPPS-ANY

permit tcp any 10.181.29.0 0.0.0.127 eq telnet

permit tcp any 10.181.29.128 0.0.0.127 eq telnet

!

!

class-map match-all TelnetAPPS-ANY

match access-group name TelnetAPPS-ANY

class-map match-all NetMAN-ANY

match access-group name NetMAN-ANY

class-map match-all VVLAN-ANY

match ip dscp ef

class-map match-all PACS-ANY

match access-group name PACS-ANY

!

policy-map QOS-POLICY

class VVLAN-ANY

set ip dscp ef

police 1000000 8192 exceed-action dscp 0

class PACS-ANY

set ip dscp 32

police 5000000 8192 exceed-action dscp 0

class TelnetAPPS-ANY

set ip dscp 24

police 1000000 8192 exceed-action dscp 0

class NetMAN-ANY

set ip dscp 16

police 1000000 8192 exceed-action dscp 0

class class-default

set ip dscp 0

police 1000000 8192 exceed-action dscp 0

!

I have had to use /25 addresses for the access-lists because the limitation on the 2950 regarding mixing subnet masks. I have tried to match the VVLAN traffic by IP address using the following ACL but this has not worked, and the switch compains about the different mask used (Even though all masks were /25)

ip access-list extended VVLAN-ANY

permit ip 10.181.110.0 0.0.0.127 any

permit ip 10.181.110.128 0.0.0.127 any

The problem I am now experiencing is with applying the service policy to the interfaces of the switch. upon entering the command

(config-if)service-policy input QOS-POLICY

I get the following error:

NAH_CASUALTY_ESW1(config-if)#service-policy input QOS-POLICY

%Error: Another qos mask on this interface

Service Policy attachment failed

There are no other policies present on the switch.

If I remove the policy and just input one of the classes then apply the policy to an interface all works fine. I can then add each class one at a time, and there are no problems until I add the VVLAN-ANY class. Upon adding the VVLAN class it errors and the policy is removed from the interface. If I remove the VVLAN-ANY class and attempt to reapply the policy all works fine.

Does anyone have any ideas on how to reconfigure to make things work? Is the problem that the VVLAN-ANY class is matching matching against dscp value, and the others are matching against ACLs

Thanks in advance

Martin

1 Reply 1

smalkeric
Level 6
Level 6

saying basically is that:

1. If you have two different ACLs using two different masks, then it will not work.

2. If you have two different ACLs using the same mask, then it will work.

For the QOS, its required to use the same mask as there is a hardware limitation on this and that is the reason for it having the errors.

Additionally, the 3550 does not have this limitation as its only related to the 2950.

Please see this release note on this link:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swqos.htm#wp1025345

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: