I’m going to have to get a grip on this QoS stuff. About three years ago I went on the official Cisco QoS course, but I never got a chance to use it in anger. I have also been to quite a few Networkers presentations about it, and they all made sense at the time. but the information did not stick. In any case, a lot of it has changed, and the 4500, 3560, 3550, 2960, 2950 all use subtly different paradigms.
I’m doing NMC Lab 8.13, and I’m thrashing between the config line and the documentation, but I hope I’m learning something in the process. I’m feeling the lack of any 3560s. I have the proper 3550s for CAT1 and CAT2 (albeit with 12.1=), but my CAT3 and CAT4 are 2950s with a 2610 router on a stick behind each one in case there are any layer-3 tasks. So far, there have not been any, but there has been plenty of QoS and special features.
So far, I tripped over a couple of configuration gotchas. The first is “let’s put the service policy on the interface first and I’ll define it later”.
CAT2#conf t Enter configuration commands, one per line. End with CNTL/Z. CAT2(config)#int f0/1 CAT2(config-if)#service-policy input set-af11 policy map set-af11 not configured CAT2(config-if)#end CAT2# Feb 24 09:57:47.247: %SYS-5-CONFIG_I: Configured from console by console
No, that isn’t just a warning. It hasn’t remembered it:
CAT2#show run int f0/1 Building configuration... Current configuration : 150 bytes ! interface FastEthernet0/1 description R1-F0/0 switchport trunk encapsulation isl switchport trunk allowed vlan 12,16 switchport mode trunk end CAT2#
You must define the policy-map first.
The second gotcha was to do with monitoring the DSCP on the QoS:
CAT2#show run int f0/1 Building configuration... Current configuration : 211 bytes ! interface FastEthernet0/1 description R1-F0/0 switchport trunk encapsulation isl switchport trunk allowed vlan 12,16 switchport mode trunk mls qos monitor dscp 0 10 11 service-policy input Set-AF11 end
Woops, no I didn’t mean 0, 10, and 11. I meant 12. OK, I have 8 slots in the stats, so I’ll just add it in:
CAT2#conf t Enter configuration commands, one per line. End with CNTL/Z. CAT2(config)#interface FastEthernet0/1 CAT2(config-if)#mls qos monitor dscp 0 10 11 12 QoS: Following DSCPs are monitored already: 0 10 11 CAT2(config-if)#end CAT2# Feb 24 10:05:05.824: %SYS-5-CONFIG_I: Configured from console by console
That was just a warning, wasn’t it?
CAT2#show run int f0/1 Building configuration... Current configuration : 211 bytes ! interface FastEthernet0/1 description R1-F0/0 switchport trunk encapsulation isl switchport trunk allowed vlan 12,16 switchport mode trunk mls qos monitor dscp 0 10 11 service-policy input Set-AF11 end
No, clearly it wasn’t just a warning. However, you can add the DSCP into the existing monitor list provided you don’t mention any of the existing entries:
CAT2#conf t Enter configuration commands, one per line. End with CNTL/Z. CAT2(config)#int f0/1 CAT2(config-if)#mls qos monitor dscp 12 CAT2(config-if)#end CAT2# Feb 24 10:03:53.589: %SYS-5-CONFIG_I: Configured from console by console
Let’s have a look:
CAT2#show run int f0/1 Building configuration... Current configuration : 214 bytes ! interface FastEthernet0/1 description R1-F0/0 switchport trunk encapsulation isl switchport trunk allowed vlan 12,16 switchport mode trunk mls qos monitor dscp 0 10 11 12 service-policy input Set-AF11 end
That’s better!
Here is another gotcha. It seems you cannot set DSCP (on the input service-policy of a 3550) on the class-default. You can only do that in the classes you have actually defined. For example, I started with this policy map, applied input from the R6 connection on CAT1:
CAT1#show policy-map Set-AF11 Policy Map Set-AF11 class class-default set ip dscp 10
But that didn’t work. It’s lucky I tested it by monitoring the DSCP on the the R1 connection on CAT2, with show mls qos int Fa0/1 statistics, and doing lots of pings from R6 to R1. Otherwise I might not have noticed that the service policy was not marking the packets. What I needed was:
CAT1#show class-map Class Map match-any class-default (id 0) Match any Class Map match-all All-IP (id 1) Match access-group name All-IP CAT1#show policy-map Set-AF11 Policy Map Set-AF11 class All-IP set ip dscp 10 class class-default
Now I can see the markings on R6’s packets at the R1 port.
One thing I did think of was to put mls qos trust dscp on each side of each trunk link. In my case, that meant only CAT1-F0/13, CAT1-F0/23, CAT2-F0/13, CAT2-F0/23 since it was irrelevant for the CAT3 and CAT4 2950s. Just to make sure it was necessary, I remove the command from those interfaces and tried pinging from R6 to R1 again. Sure enough, the AF11 marking had been stripped. Strangely, the SHOWiT does not do that, so I have asked the question on the DISCUSSiT forum.
