GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: URGENT: QoS problem on 3560G [7:130583] posted 06/17/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi, 

It has something to do with the hardware and software. According to TAC,
policy maps are not supported on the system - hardware or software
limitation apparently. It is apparently documented in some significantly
small fine print some where I have yet to see. 

The "workaround" you have to use a "show mls qos interface xx" and
options to see if the packets are actually marked from when the service
policy is applied using acls. Rather confusing really having all these
software commands to show you details that don't work at all. I really
don't like the idea of applying commands that never show matches at
all..

Here is hoping Cisco eventually gets to some form of standard across the
board where everything works...they have a lot to learn from Juniper
here - single OS for all products and not 200+  different variants with
their own intricacies.

I am sure there may be comments from anyone working at Cisco here as to
the direction they are taking?

Andrew



-----Original Message-----
From: Garrett Skjelstad [mailto:garretts@xxxxxxxxxxxxxxx] 
Sent: 30 May 2008 04:21 AM
To: Andrew Larkins
Subject: RE: URGENT: QoS problem on 3560G [7:130583]

I'd love to find out your solution if you discover the answer?

-Garrett

________________________________________
From: nobody@xxxxxxxxxxxxxx [nobody@xxxxxxxxxxxxxx] On Behalf Of Andrew
Larkins [Andrew.Larkins@xxxxxxxxxxxxx]
Sent: Thursday, May 29, 2008 8:37 AM
To: cisco@xxxxxxxxxxxxxx
Subject: RE: URGENT: QoS problem on 3560G [7:130583]

ACL's are to match traffic coming from specific hosts on the internet /
DMZ ranges to prioritise before the packets traverse the corporate MPLS

-----Original Message-----
From: Tony Schaffran (GS) [mailto:groupstudy@xxxxxxxxxxxxxxxx]
Sent: 19 March 2008 14:52 PM
To: Andrew Larkins; 'Joseph Saad'
Cc: cisco@xxxxxxxxxxxxxx; ccielab@xxxxxxxxxxxxxx
Subject: RE: URGENT: QoS problem on 3560G

What exactly are your access-lists designed to match?

If you are not actually matching any traffic, then your policy-map will
not
process anything.


Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE

www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.


-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Andrew Larkins
Sent: Wednesday, March 19, 2008 4:39 AM
To: Joseph Saad
Cc: cisco@xxxxxxxxxxxxxx; ccielab@xxxxxxxxxxxxxx
Subject: RE: URGENT: QoS problem on 3560G

Thanks for the link....



This is enabled but still not working...any other ideas before I log the
case to TAC?



mls qos

interface GigabitEthernet0/1

 description 802.1q Trunk Uplink to Firewall

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 100,200,300,796

 switchport mode trunk

 load-interval 30

 mls qos vlan-based



interface Vlan100

 description Internal

 ip address 172.20.230.1 255.255.255.0

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 load-interval 30

 service-policy input Ingress-Tag





class-map match-any VPN_Remote

 match access-group 100

class-map match-any ERP

 match access-group 101

!

!

policy-map Ingress-Tag

 class VPN_Remote

  set dscp af11

 class ERP

  set dscp af21

 class class-default

  set dscp default



access-list 100 permit ip 172.20.253.0 0.0.0.255 any

access-list 101 permit ip host ERP any



Hosting-Sw1#sho policy-map interface vlan 100

 Vlan100



  Service-policy input: Ingress-Tag



    Class-map: VPN_Remote (match-any)

      0 packets, 0 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: access-group 100

        0 packets, 0 bytes

        30 second rate 0 bps



    Class-map: ERP (match-any)

      0 packets, 0 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: access-group 101

        0 packets, 0 bytes

        30 second rate 0 bps



    Class-map: class-default (match-any)

      0 packets, 0 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: any

        0 packets, 0 bytes

        30 second rate 0 bps

#





Andrew

From: Joseph Saad [mailto:joseph.samir.saad@xxxxxxxxx]
Sent: 19 March 2008 11:25 AM
To: Andrew Larkins
Cc: cisco@xxxxxxxxxxxxxx; ccielab@xxxxxxxxxxxxxx
Subject: Re: URGENT: QoS problem on 3560G



Andrew,

You'll need mls qos vlan-based under the switchports that are members of
this VLAN.

You'll also need to enable mls qos globally, if you haven't done this
already.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/relea
se/12.2_44_se/configuration/guide/swqos.html#wp1703760


Joseph.



On Wed, Mar 19, 2008 at 12:03 PM, Andrew Larkins
 wrote:

Hi,



I have a 3650G with QoS on the VLAN interface - using a "service policy"
command. Software version is now c3560-advipservicesk9-mz.122-44.SE1.bin
since there were issues in the c3560-advipservicesk9-mz.122-40.SE.bin
code not reporting interface usage correctly wrt input and output rates
- showed zero for all.



This switch is running BGP to our MPLS peer and is the default gateway
for our hosted VLAN. I need to classify packets coming back from the
Internet from a ERP site with specific DSCP tags - configs below. I have
applied the policy to the vlan interface, but nothing get matched at
all. Even If I try the physical interface I get no matches.



Since all traffic must go through vlan 100 - default gateway



interface Vlan100

 description Internal

 ip address 172.20.230.1 255.255.255.0

 no ip redirects

 no ip unreachables

 no ip proxy-arp

load-interval 30

 service-policy input Ingress-Tag

!

interface Vlan759

 description MPLS - BGP Peering

 ip address 172.20.255.46 255.255.255.252

 no ip redirects

 no ip unreachables

 no ip proxy-arp

load-interval 30



interface GigabitEthernet0/1

 description 802.1q Trunk Uplink to Firewall

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 100,200,300,796

 switchport mode trunk

 load-interval 30



interface GigabitEthernet0/2

 description Trunk Uplink to MPLS

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 759

 switchport trunk allowed vlan 759,796

 switchport mode trunk

 switchport nonegotiate



policy-map Ingress-Tag

 class VPN_Remote

 set ip dscp af11

 class ERP

 set ip dscp af21

 class class-default

 set ip dscp default



Access-list

Extended IP access list 100

   10 permit ip 172.20.253.0 0.0.0.255 any

Extended IP access list 101

   10 permit ip host  any



Service-policy input: Ingress-Tag



   Class-map: VPN_Remote (match-all)

     0 packets, 0 bytes

     30 second offered rate 0 bps, drop rate 0 bps

     Match: access-group 100



   Class-map: ERP (match-any)

     0 packets, 0 bytes

     30 second offered rate 0 bps, drop rate 0 bps

     Match: access-group 101

       0 packets, 0 bytes

       30 second rate 0 bps



   Class-map: class-default (match-any)

     0 packets, 0 bytes

     30 second offered rate 0 bps, drop rate 0 bps

     Match: any

       0 packets, 0 bytes

       30 second rate 0 bps



Any guidance here appreciated please.



Andrew




The information contained in this message and or attachments is intended
only for the person or entity to which it is addressed and may contain
confidential and/or privileged material.  Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended
recipient
is prohibited. If you received this in error, please contact the sender
and
delete the material from any system and destroy any copies.

_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html




The information contained in this message and or attachments is intended
only for the person or entity to which it is addressed and may contain
confidential and/or privileged material.  Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended
recipient
is prohibited. If you received this in error, please contact the sender
and
delete the material from any system and destroy any copies.

_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html




The information contained in this message and or attachments is intended
only for the person or entity to which it is addressed and may contain
confidential and/or privileged material.  Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended
recipient
is prohibited. If you received this in error, please contact the sender
and
delete the material from any system and destroy any copies.
The information contained in this message and or attachments is intended
only for the person or entity to which it is addressed and may contain
confidential and/or privileged material.  Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended recipient
is prohibited. If you received this in error, please contact the sender and
delete the material from any system and destroy any copies.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=131305&t=130583
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html