nanog mailing list archives
RE: qos 3560
From: "Bogdan" <shoshon () shoshon ro>
Date: Thu, 12 Nov 2009 20:18:09 +0200 (EET)
Following on, the best way is to 'trust' on all uplinks between devices and filter at the edge. So you have a customer who shouldn't be sending tagged traffic, set the port to not trusted (should be the default state) and any customer using QoS should have "mls qos trust dscp" on the demark port. If you don't have a trusted core, then all it takes is a simple switch in the path traffic takes and you'll find yourself scratching your head as to why the DSCP tags are disappearing all of a sudden!
indeed, i do see another dscp value in the counters. (besides mine). i tried with dscp mutation and re-mapping, but it did't work. so..start NOT trusting the edge/customers ports.
Paul -----Original Message----- From: Scott Morris [mailto:swm () emanon com] Sent: 12 November 2009 14:41 To: Bogdan Cc: nanog () nanog org Subject: Re: qos 3560 Look at "show mls qos map" to see the defaults that may be rewriting your information depending on trust (or non-trust) mechanisms you have configured. If you trust CoS, a frame received with cos5 and dscp46 will get rewritten to dscp 40 with default maps... "show mls qos interface (intf)" is also good to see status. Scott Bogdan wrote:hello indeed, a fellow nanoger gave me this hint. 1. i had to enable mls qos globally in "network" switches 2. set the mls qos trust dscp on the uplinks (ingress port) thanks ps thanks to andrey.gordon too :) On 11/12/2009 03:21 PM, Brian Feeny wrote:You should make sure that any links that go between devices havetrustset. In your case if your doing DSCP, then make sure each link that goes between devices which must carry tagged packets have trust dscp set. Brian On Nov 12, 2009, at 5:11 AM, Bogdan wrote:hello i am playing with qos on some devices - cisco 3560 - cisco 7609 and i have some things that i don't seem to understand. 1. in 3560, i enable mls qos, on the ingress port applyed policymap,classify the packets with acl, mark, all good. on the egress ports iusesrr-queue with shape/share, everything is fine, it is working.http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/relea se/12.2_20_se/configuration/guide/swqos.html#wp10286142. reset to defaults the 3560 in 7606 i pick up a vlan, and apply a policy-map and set dscp 40 on egress of that vlan 3560 in uplinked in 7609 in 3560 i can see the "marked" packets, and i have matches on thedscpset earlier (sh mls qos int xx stat). the problem is: when i apply the srr-queue in 3560 on egress(towardsthe test port), it does not work. if i enable mls qos on 3560, i cannot match anymore the dscp 40 fromthe7609 is it normal? do i have to apply the qos stuff (point1) on allswitchesi want qos on? i mean, i cannot set dscp in one "core" device andusethat in the whole network ? thanksFor more information about the Viatel Group, please visit www.viatel.com VTL (UK) Limited Registered in England and Wales Registered Address: Inbucon House, Wick Road, Egham, Surrey TW20 0HR Company Registration No: 04287100 VAT Registration Number: 781 4991 88 THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INTENDED RECIPIENT TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, you are notified that any dissemination, distribution or copying of this e-mail is prohibited, and you should delete this e-mail from your system. This message has been scanned for viruses and spam by Viatel MailControl - www.viatel.com
Current thread:
- qos 3560 Bogdan (Nov 12)
- Re: qos 3560 Brian Feeny (Nov 12)
- Re: qos 3560 Bogdan (Nov 12)
- Re: qos 3560 Scott Morris (Nov 12)
- RE: qos 3560 Martin, Paul (Nov 12)
- RE: qos 3560 Bogdan (Nov 12)
- Re: qos 3560 Bogdan (Nov 12)
- Re: qos 3560 Brian Feeny (Nov 12)