cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3213
Views
0
Helpful
9
Replies

QoS - Setting DSCP for Traffic Sourced from the Router

rmeans
Level 3
Level 3

I run QoS in my WAN environment.  Traffic passing through the router either is tagged or gets tagged as it passes the router.  QoS works fine for traffic passing through the router.  My trouble is with traffic sourced at the router.  TACACS, for example, is sourced with the loopback.  The TACACS traffic does not get marked and uses the default-class for QoS.  Is there a way to tag this type of traffic?

9 Replies 9

do yo have any config to share?,and also if traffic is not get marked it should use the default class so cant see the problem here

thanks

class-map match-any qos_ether_ef_apps_cm
 description voice video
 match access-group name qos_ether_ef_apps_acl
class-map match-any qos_wan_af21_cm
 description Burst Low Applications
 match ip dscp af21
class-map match-any qos_wan_af31_cm
 description Burst High Applications
 match ip dscp af31
class-map match-any qos_wan_ef_cm
 description Expedited Flow applications
 match ip dscp ef
class-map match-any qos_ether_af31_user_apps_cm
 description burst high user apps applied to ethernet
 match access-group name qos_ether_af31_user_apps_acl
class-map match-any qos_ether_af21_user_apps_cm
 description burst low user apps
 match access-group name qos_ether_af21_user_apps_acl
class-map match-any qos_ether_af31_mgmt_apps_cm
 description burst high mgmt apps
 match access-group name qos_ether_af31_mgmt_apps_acl
 match input-interface Loopback0
!
!
policy-map qos_ether_pm
 description ethernet interface qos policy
 class qos_ether_ef_apps_cm
  set ip dscp ef
 class qos_ether_af31_mgmt_apps_cm
  set ip dscp af31
 class qos_ether_af31_user_apps_cm
  set ip dscp af31
 class qos_ether_af21_user_apps_cm
  set ip dscp af21
policy-map qos_wan_pm_test
 description wan interface qos policy
 class qos_wan_ef_cm
  priority percent 40
 class qos_wan_af31_cm
  bandwidth remaining percent 60
 class qos_wan_af21_cm
  bandwidth remaining percent 30
 class class-default
  fair-queue
  random-detect dscp-based
  set ip dscp default
!
!
!
!
!
interface Loopback0
service-policy input qos_ether_pm
!
interface Loopback1
service-policy input qos_ether_pm
!
interface FastEthernet0/0
service-policy input qos_ether_pm
!
interface Serial0/0/0
service-policy output qos_wan_pm_test

 

cadet alain
VIP Alumni
VIP Alumni

Hi,

You can use local PBR to set the IP Precedence.

 

Regards

 

Alain

Don't forget to rate helpful posts.

PBR...I am not as familiar. I will need to read up and put a config together.

 

Thanks

Hello

Try this:

class-map match-all tacacs_cm
 match input-interface Loopback0
 match access-group name tacacs_acl

ip access-list extended tacacs_acl
 permit tcp host x.x.x.x any eq tacacs

exisitng policy-map xxxx
class tacacs_cm
set dscp xxx

 

res

Paul

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I already had most of your suggestion. I added the input interface with no luck.

 

class-map match-any qos_ether_af31_mgmt_apps_cm
 description burst high mgmt apps
 match access-group name qos_ether_af31_mgmt_apps_acl

 match input-interface Loopback0

 

The class-map/policy-map has been applied to the loopback and Ethernet interfaces.

 

My verification is to capture traffic at my HQ WAN router.  So far, the packets are not tagged.

Hello

Okay I see you using match-any, if there is a match on the first acl it wont check the second in the the CM-  Can you test it using different CM with config i posted previously using the match-all instead?

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Config below.  I had the TACACS ACL entries in place for some time.  The ACL take hits for traffic passing through the router (the local switch).  Interestingly, my ICMP traffic from my monitoring server (192.168.107.28) is tagged as EF.  The monitoring server polls the loopback0 (192.168.105.13).

 

class-map match-any qos_ether_ef_apps_cm
 description voice video
 match access-group name qos_ether_ef_apps_acl
class-map match-all qos_loopback_af31_cm
 match input-interface Loopback0
class-map match-any qos_wan_af21_cm
 description Burst Low Applications
 match ip dscp af21
class-map match-any qos_wan_af31_cm
 description Burst High Applications
 match ip dscp af31
class-map match-any qos_wan_ef_cm
 description Expedited Flow applications
 match ip dscp ef
class-map match-any qos_ether_af31_user_apps_cm
 description burst high user apps applied to ethernet
 match access-group name qos_ether_af31_user_apps_acl
class-map match-any qos_ether_af21_user_apps_cm
 description burst low user apps
 match access-group name qos_ether_af21_user_apps_acl
class-map match-any qos_ether_af31_mgmt_apps_cm
 description burst high mgmt apps
 match access-group name qos_ether_af31_mgmt_apps_acl
!
end


policy-map qos_ether_pm
 description ethernet interface qos policy
 class qos_ether_ef_apps_cm
  set ip dscp ef
 class qos_ether_af31_mgmt_apps_cm
  set ip dscp af31
 class qos_ether_af31_user_apps_cm
  set ip dscp af31
 class qos_ether_af21_user_apps_cm
  set ip dscp af21
 class qos_loopback_af31_cm
  set ip dscp af31
policy-map qos_wan_pm_test
 description wan interface qos policy
 class qos_wan_ef_cm
  priority percent 40
 class qos_wan_af31_cm
  bandwidth remaining percent 60
 class qos_wan_af21_cm
  bandwidth remaining percent 30
 class class-default
  fair-queue
  random-detect dscp-based
  set ip dscp default


Extended IP access list qos_ether_af31_mgmt_apps_acl
    40 permit tcp any host 192.168.86.5 eq tacacs
    50 permit tcp any host 192.168.251.13 eq tacacs (3945 matches)

Extended IP access list qos_ether_ef_apps_acl
    40 permit ip any 192.168.107.0 0.0.0.255 (2498861 matches)

 

Hello

I can see traffic hitting in your ACL to the loopback from any source, however I was on the understanding you want to mark traffic originating from the loopback also?

 

IP access list qos_ether_af31_mgmt_apps_acl Extended
    45 permit tcp host 192.168.251.13 any eq tacacs

 

res

Paul


  


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: