Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

QoS DSCP marking

Hey,

I have C3560 and encoutered with such issue, that it doesn't mark packets I want. Configuration:

int vlan 100

...

service-policy input REDIRECT

!

class-map match-all HTTP

match access-group name ACL_HTTP

!

policy-map REDIRECT

class HTTP

  set dscp 63

!

ip access-list extended ACL_HTTP

permit tcp host 192.168.1.6 any eq www

!

C3560#show mls qos

QoS is enabled

QoS ip packet dscp rewrite is enabled

I have the same configuration on C3750, everything works. Any ideas?

Donatas.

9 REPLIES

QoS DSCP marking

What do you get if you do a "sho policy-map inter vlan 100"?

HTH, John *** Please rate all useful posts ***
New Member

QoS DSCP marking

C3560#show policy-map interface vlan 100

Vlan100

  Service-policy input: REDIRECT

    Class-map: HTTP (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: access-group name ACL_HTTP

    Class-map: class-default (match-any)

      1893 packets, 398571 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: any

        1893 packets, 398571 bytes

        5 minute rate 0 bps

As I see 0 packets, 0 bytes ;-) Maybe here it's a problem.

QoS DSCP marking

Is your host 192.168.1.6 in vlan 100?

HTH, John *** Please rate all useful posts ***
New Member

QoS DSCP marking

Yes, ofcourse. I have internet from that host, but I don't understand, why C3560 doesn't catch this packet.

QoS DSCP marking

Well, my first thought is to try changing your www traffic to icmp. Ping from the 192 host to something out and see if it marks. If it does, it has to do with the direction that your web traffic is coming from. Is the 192 host a web server? If not, you may never see marking on web traffic inbound.

HTH, John *** Please rate all useful posts ***
New Member

QoS DSCP marking

I tried with access-list 101 permit icmp any any and with no success.

QoS DSCP marking

Can you post the interface configuration? "sh run int "

HTH, John *** Please rate all useful posts ***

QoS DSCP marking

Donatas,

On the ports that you need to have monitored, make sure that you have "mls qos vlan-based" configured on the port. Then you should be able to see packets.

John

Please rate all useful posts...

HTH, John *** Please rate all useful posts ***

QoS DSCP marking

Hi Donatas,

Could you add also the next entry to your AL and check if it has hits? Please,  check also with policy map if marks packets.

ip access-list extended ACL_HTTP

permit tcp host 192.168.1.6 any eq www

permit tcp host 192.168.1.6 eq www any

Then I would recommend to add the general entry

permit ip host 192.168.1.6 any

and check with policy map if marks packets.

Then, if still does not mark packets I would sugget to apply the service policy to the out direction too.

Hope that helps,

Vasilis

380
Views
0
Helpful
9
Replies
CreatePlease to create content