RE: URGENT: QoS problem on 3560G

From: Andrew Larkins (Andrew.Larkins@btgroup.co.za)
Date: Wed Mar 19 2008 - 08:38:48 ART

• Next message: Tony Schaffran \(GS\): "RE: IOS image name and boot sequence"
• Previous message: YourPal: "IOS image name and boot sequence"
• Maybe in reply to: Andrew Larkins: "URGENT: QoS problem on 3560G"
• Next in thread: Tony Schaffran \(GS\): "RE: URGENT: QoS problem on 3560G"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for the link....

This is enabled but still not working...any other ideas before I log the
case to TAC?

mls qos

interface GigabitEthernet0/1

 description 802.1q Trunk Uplink to Firewall

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 100,200,300,796

 switchport mode trunk

 load-interval 30

 mls qos vlan-based

interface Vlan100

 description Internal

 ip address 172.20.230.1 255.255.255.0

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 load-interval 30

 service-policy input Ingress-Tag

class-map match-any VPN_Remote

 match access-group 100

class-map match-any ERP

 match access-group 101

!

!

policy-map Ingress-Tag

 class VPN_Remote

  set dscp af11

 class ERP

  set dscp af21

 class class-default

  set dscp default

access-list 100 permit ip 172.20.253.0 0.0.0.255 any

access-list 101 permit ip host ERP any

Hosting-Sw1#sho policy-map interface vlan 100

 Vlan100

  Service-policy input: Ingress-Tag

    Class-map: VPN_Remote (match-any)

      0 packets, 0 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: access-group 100

        0 packets, 0 bytes

        30 second rate 0 bps

    Class-map: ERP (match-any)

      0 packets, 0 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: access-group 101

        0 packets, 0 bytes

        30 second rate 0 bps

    Class-map: class-default (match-any)

      0 packets, 0 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: any

        0 packets, 0 bytes

        30 second rate 0 bps

#

Andrew

From: Joseph Saad [mailto:joseph.samir.saad@gmail.com]
Sent: 19 March 2008 11:25 AM
To: Andrew Larkins
Cc: cisco@groupstudy.com; ccielab@groupstudy.com
Subject: Re: URGENT: QoS problem on 3560G

Andrew,

You'll need mls qos vlan-based under the switchports that are members of
this VLAN.

You'll also need to enable mls qos globally, if you haven't done this
already.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/relea
se/12.2_44_se/configuration/guide/swqos.html#wp1703760

Joseph.

On Wed, Mar 19, 2008 at 12:03 PM, Andrew Larkins
<Andrew.Larkins@btgroup.co.za> wrote:

Hi,

I have a 3650G with QoS on the VLAN interface - using a "service policy"
command. Software version is now c3560-advipservicesk9-mz.122-44.SE1.bin
since there were issues in the c3560-advipservicesk9-mz.122-40.SE.bin
code not reporting interface usage correctly wrt input and output rates
- showed zero for all.

This switch is running BGP to our MPLS peer and is the default gateway
for our hosted VLAN. I need to classify packets coming back from the
Internet from a ERP site with specific DSCP tags - configs below. I have
applied the policy to the vlan interface, but nothing get matched at
all. Even If I try the physical interface I get no matches.

Since all traffic must go through vlan 100 - default gateway

interface Vlan100

 description Internal

 ip address 172.20.230.1 255.255.255.0

 no ip redirects

 no ip unreachables

 no ip proxy-arp

load-interval 30

 service-policy input Ingress-Tag

!

interface Vlan759

 description MPLS - BGP Peering

 ip address 172.20.255.46 255.255.255.252

 no ip redirects

 no ip unreachables

 no ip proxy-arp

load-interval 30

interface GigabitEthernet0/1

 description 802.1q Trunk Uplink to Firewall

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 100,200,300,796

 switchport mode trunk

 load-interval 30

interface GigabitEthernet0/2

 description Trunk Uplink to MPLS

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 759

 switchport trunk allowed vlan 759,796

 switchport mode trunk

 switchport nonegotiate

policy-map Ingress-Tag

 class VPN_Remote

 set ip dscp af11

 class ERP

 set ip dscp af21

 class class-default

 set ip dscp default

Access-list

Extended IP access list 100

   10 permit ip 172.20.253.0 0.0.0.255 any

Extended IP access list 101

   10 permit ip host <ERP IP> any

Service-policy input: Ingress-Tag

   Class-map: VPN_Remote (match-all)

     0 packets, 0 bytes

     30 second offered rate 0 bps, drop rate 0 bps

     Match: access-group 100

   Class-map: ERP (match-any)

     0 packets, 0 bytes

     30 second offered rate 0 bps, drop rate 0 bps

     Match: access-group 101

       0 packets, 0 bytes

       30 second rate 0 bps

   Class-map: class-default (match-any)

     0 packets, 0 bytes

     30 second offered rate 0 bps, drop rate 0 bps

     Match: any

       0 packets, 0 bytes

       30 second rate 0 bps

Any guidance here appreciated please.

Andrew

The information contained in this message and or attachments is intended
only for the person or entity to which it is addressed and may contain
confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended
recipient
is prohibited. If you received this in error, please contact the sender
and
delete the material from any system and destroy any copies.

• Next message: Tony Schaffran \(GS\): "RE: IOS image name and boot sequence"
• Previous message: YourPal: "IOS image name and boot sequence"
• Maybe in reply to: Andrew Larkins: "URGENT: QoS problem on 3560G"
• Next in thread: Tony Schaffran \(GS\): "RE: URGENT: QoS problem on 3560G"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART