11-20-2009 08:39 AM - edited 03-06-2019 08:39 AM
Hello,
I have been trying to mark SIP with a DSCP value of cs3 without any luck. Hope you can help.
Here's what I've done so far.
access-list 101 permit tcp any any range 5060 5061
access-list 102 permit udp any any range 5060 5061
class-map match-any SIP01
match access-name 101
class-map match-any SIP02
match access-name 102
policy-map MARKSIP
class SIP01
set dscp cs3
class SIP02
set dscp cs3
class class-default
trust dscp
policy is applied to lets say Int Fast 0/24
service-policy input MARKSIP
but the traffic doesn't seem to marked since on the other end of the router, I don't see any incoming cs3 traffic
11-23-2009 07:25 AM
Hi,
Might seem silly but as it is not in your config extract... Did you globally enable QoS with the "mls qos" command?
Hope this help,
Christophe
11-23-2009 07:28 AM
Yes,
it's enabled as well as qos rewrite.
11-23-2009 07:46 AM
Do you have hits on your ACLs?
Could you post the output of "sh mls qos statistics", "sh mls qos interface" and "sh policy-map"?
11-23-2009 08:07 AM
sure, I use ef instead of cs3 in this configuration just to see if it work: It indicates that I get absolutely 0 hits...
my pc is plugged in port fast 0/2, the SIP running application is running on my pc. I also went as far as even try to tag http traffics without luck.
CBCI_Lachine#sh class-map
Class Map match-any class-default (id 0)
Match any
Class Map match-any 101 (id 1)
Match access-group 101
Class Map match-any 103 (id 3)
Match access-group 103
Class Map match-any 102 (id 2)
Match access-group 102
Class Map match-any 104 (id 4)
Match access-group 104
CBCI_Lachine#sh access-list
Extended IP access list 101
10 permit tcp any any range 5060 5061
Extended IP access list 102
10 permit tcp any range 5060 5061 any
Extended IP access list 103
10 permit udp any range 21000 21900 any range 50000 52399
Extended IP access list 104
10 permit udp any range 50000 52399 any range 21000 21900
CBCI_Lachine#sh policy-map
Policy Map marksip
Class 101
set dscp ef
Class 102
set dscp ef
Class 103
set dscp ef
Class 104
set dscp ef
Class class-default
trust dscp
CBCI_Lachine#sh mls qos int fast 0/2
FastEthernet0/2
Attached policy-map for Ingress: marksip
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
CBCI_Lachine#sh policy-map int fast 0/2
FastEthernet0/2
Service-policy input: marksip
Class-map: 101 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: 102 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 102
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: 103 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 103
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: 104 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 104
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
CBCI_Lachine#sh mls qos int fast 0/2 stat
FastEthernet0/2
dscp: incoming
-------------------------------
0 - 4 : 473660 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 360630 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 479327
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 6950 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 475627 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
-------------------------------
0 - 4 : 422990 0 0 479327 0
5 - 7 : 0 6950 116
Policer: Inprofile: 0 OutofProfile: 0
CBCI_Lachine#
11-23-2009 11:48 PM
The config looks good for me. I remember I've had same kind of issue with the counters on a 3750. Could you check the command "sh mls qos int fast 0/x stat" for the outgoing interface? You should see outgoing dscp with ef value. An other thing you could try is to take a capture with wireshark... Christophe
11-24-2009 05:28 AM
sh mls qos int fast 0/x sta doesn't show any ef. That's why I was puzzled.
I'll try with wireshark to see if it works...
11-26-2009 09:32 AM
I tried wireshark and it's not showing anything being marked.
another thing is when I do sh policy-map int fast 0/2 lets say, it's not showing any hit.
11-26-2009 10:11 AM
Make sure to modify the default dscp-cos maps with the following command:
mls qos map cos-dscp 0 8 16 24 32 46 48 56
You won't see any incoming markings with the mls qos commands as mentioned on this thread as you are marking the packets as they enter the switch.
For those mls qos commands to show the counter, the packets must be marked by the device before they enter the switch.
To see if those TOS markings are being preserved as they exit the switch, you need to execute the mls qos interface command on the egress switchport towards the router AND you must make sure to have 'mls qos trust dscp' enabled on that switchport. If you have it disabled, the TOS marking will not be preserved.
Regards
Edison
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide