From: Chris Lewis (chrlewiscsco@yahoo.com)
Date: Mon Nov 21 2005 - 17:14:13 GMT-3
I was a little too hasty on my last post. mls qos cos 3 can work on an access port
also.
With the following setup
R1 -- SWA----R2
R1 can ping R2 with the following setup
mls qos
interface FastEthernet0/1
switchport mode access
mls qos cos 3
mls qos trust cos
and R2 has the access list on ingress as follows:
access-list 100 permit icmp any any prec 3
So what ishappening is that f0/1 on the switch is trusting COS and setting the internal DSCP to whatever COS value is asociated with teh interface, whichis manually set to 3 regardless of whether the port is an access or trunk port. The internal DSCP is copied to the packet COS (if present) and DSCP (which includes the precedence bits) at egress.
So form Venkat's original mail, one is correct and two is incorrect.
Chris
Note: forwarded message attached.
---------------------------------
Yahoo! FareChase - Search multiple travel sites in one click.
Received: from [128.107.253.40] by web36705.mail.mud.yahoo.com via HTTP;
Mon, 21 Nov 2005 10:15:47 PST
Date: Mon, 21 Nov 2005 10:15:47 -0800 (PST)
From: Chris Lewis <chrlewiscsco@yahoo.com>
Subject: Re: 3550 QoS Marking
To: "Venkataramanaiah.R" <vramanaiah@gmail.com>, Niche
<jackyliu419@gmail.com>
Cc: Daniel Berlinski <Daniel.Berlinski@telecom.co.nz>,
ccielab@groupstudy.com
In-Reply-To: <cbd54ad50511201507v5f4ec87cpf7418f1ab844e6ea@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Length: 3184
X-Converted-To-Plain-Text: from multipart/alternative by GroupStudy
X-Converted-To-Plain-Text: Alternative section used was text/plain
Venkat,
The methodology used at http://www.groupstudy.com/archives/ccielab/200509/msg00464.html can help in verifying all these things. Here is what I did to verify these questions.
R1--SWA--R2
R1 (10.1.1.1) can ping R2 (10.1.1.2)
I configure the Switch and check its cos to internal DSCP mapping as follows:
SW-A#sho mls qos maps cos
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 40 48 56
mls qos
!
interface FastEthernet0/1
switchport mode access
mls qos cos 3
At this stage R1 can ping R2, now I apply the following ACL inbound on R2
access-list 100 permit icmp any any prec 3
This is now what happens on R1
R1(config-if)#do ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
U.U.U
Now I add the following to the switch on the interface connecting to R1
SW-A(config-if)#switch trunk encap dot1q
SW-A(config-if)#switch trunk nat vlan 1
SW-A(config-if)#switch mode trunk
R1 still cannot ping R2. I now add the last piece to the switch interface connecting to R1
SW-A(config-if)#mls qos trust cos
And the ping is replied, R1 is now able to ping R2 successfully again.
The key here is in understanding what you have to do to set the internal DSCP and how that is used on egress by the switch.
So in summary both 1 and 2 are incorrect..
Chris
"Venkataramanaiah.R" <vramanaiah@gmail.com> wrote:
Sorry for catching up late on this thread, but just wanted to clarifiy
2 things here, because someone might read this archive later..
1) mls qos cos 3 can work in access port
2) mls qos cos does not set the precendence..
Please correct if i am wrong..
-V
On 11/15/05, Niche wrote:
> Hi there,
>
> "mls qos cos 3" will not kick-in cause your port is not a trunk port (and I
> assume that port is not connecting to a 7960). You can use class-default for
> marking remaining traffic to precedence 3.
>
> Cheers~
> Jacky
>
> On 11/15/05, Daniel Berlinski wrote:
> >
> > Hi everyone.
> >
> > Will the following configs mark HTTP traffic coming from vlan 12 with
> > precedence 5 and mark the remaining traffic with precedence 3?
> >
> >
> >
> -----------------------------------------------------------------------------
> ---------------------------------------------
> > mls qos
> > access-list 170 permit tcp any any eq www
> >
> > class-map match-any HTTP
> > match access-group 170
> > class-map match-all VLAN12
> > match vlan 12
> > match class-map HTTP
> >
> > policy-map MARKING
> > class VLAN12
> > set ip precedence 5
> >
> > interface FastEthernet0/2
> > switchport access vlan 12
> > switchport mode access
> > mls qos cos 3
> > service-policy input MARKING
> >
> > Rack1SW1#sh mls qos inter fa0/2
> > FastEthernet0/2
> > Attached policy-map for Ingress: MARKING
> > trust state: not trusted
> > trust mode: not trusted
> > COS override: dis
> > default COS: 3
> > DSCP Mutation Map: Default DSCP Mutation Map
> > trust device: none
> >
> >
> -----------------------------------------------------------------------------
> ------------------------------------------------------------------
> >
> > From the documentation CD: "You cannot configure both port-based
> > classification and VLAN-based classification at the same time. When you
> > configure the match vlan vlan-list command, the class map becomes per-port
> > per-VLAN based. If you configure a policy map that contains both port-based
> > and VLAN-based class maps, the switch rejects the policy map when you
> attach
> > it to an interface"
> >
> > Will "mls qos cos 3" under the interface mark the remaining traffic with
> > precedence 3?
> >
> > Best regards
> >
> > This communication, including any attachments, is confidential. If you are
> > not the intended recipient, you should not read it - please contact me
> > immediately, destroy it, and do not copy or use any part of this
> > communication or disclose anything about it. Thank you. Please note that
> > this communication does not designate an information system for the
> purposes
> > of the Electronic Transactions Act 2002.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:07 GMT-3