asked on

Verifying CISCO Catalyst DSCP Values

i am trying a simple test and banging my head against the wall. basically as a test i am trying to mark all http traffic as dscp ef. i realize the priority is overly high etc but basically i dont think the packets are being marked. please look at my config and let me know what i can do to verify this

!
class-map match-any WEB
match access-group 101
!
!
policy-map WEB
class WEB
set ip dscp ef
!
!
interface GigabitEthernet0/6
description ESX-Team Member 1
switchport mode access
no cdp enable
channel-group 1 mode on
service-policy input WEB
!
interface GigabitEthernet0/7
description ESX-Team Member 2
switchport mode access
no cdp enable
channel-group 1 mode on
service-policy input WEB
!

access-list 101 permit tcp any any eq www

when i do:

PSC-Switch#sh policy-map interface gi0/6
GigabitEthernet0/6

Service-policy input: WEB

Class-map: WEB (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
0 packets, 0 bytes
5 minute rate 0 bps

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps

i have read that the command is unsupported, so i am not overly concerned with the fact that the packets are zero. but when i do a:

sh mls qos int gi0/6 stat
sh mls qos int gi0/7 stat

the dscp values for ef are not incremented, even when i send web traffic to and from the port. am i checking it the wrong way or is this not working?

Ken Boone

I noticed you have an etherchannel setup. Did you add the service policy to the port channel interface that was created as a result of the etherchannel setup?

Baran711

ASKER

QoS: policymap is supported on physical, VLAN, and ES interfaces only

while that may be relevant here, this latest attempt was out of desperation. i have tried this on non port channel interfaces with the same result. i am either marking this wrong or trying to verifiy it wrong i think. it hasnt been an isolated incident.

Ken Boone

I have run into this more than once on routers. Where I wasn't seeing the traffic that I was supposed to see in qos policies like you have. It turned out to be IOS related. If you haven't yet upgrade your IOS to the latest version for the switch. Just a thought.

Baran711

ASKER

i am currently running the latest ios. i have similar class maps on the router and they are fine if i do the marking there. not sure why it doesnt mark on the switch though.

Ken Boone

Hey I think I know what might be your problem.

You did a permit tcp any any eq www

so this is tcp any source any dest with a destination port of 80

But you specified this as an input policy map. It looks like you have ESX servers there so I am assuming that the web servers are on those ports.

So the traffic you will see coming input will be source of ESX with a SOURCE port of 80 and destination of the client with a destination port of random. You see what I mean.

You may need to make the acl tcp any eq www any if my assumptions are correct.

Baran711

ASKER

i tried the new acl, i even currently have access-list 101 permit ip any any

the counters still dont increment! what is so weird si that the dscp ef count is 102 still. i have no clue what the 102 packets were in the first place since i cant make that increase past 102 no matter what i do!

Baran711

ASKER

check this out, according to this none of the interfacs have recieved packets except for the vlan they belong to:

PSC-Switch#sh int stat
Vlan1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 8417 661826 3773 639502
Route cache 0 0 0 0
Total 8417 661826 3773 639502
GigabitEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 788 50432
Route cache 0 0 0 0
Total 0 0 788 50432
GigabitEthernet0/2
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Total 0 0 0 0
GigabitEthernet0/3
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Total 0 0 0 0
GigabitEthernet0/4
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 18531 1185984
Route cache 0 0 0 0
Total 0 0 18531 1185984
GigabitEthernet0/5
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 1508 96512
Route cache 0 0 0 0
Total 0 0 1508 96512
GigabitEthernet0/6
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 3106 198784
Route cache 0 0 0 0
Total 0 0 3106 198784
GigabitEthernet0/7
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 3106 198784
Route cache 0 0 0 0
Total 0 0 3106 198784
GigabitEthernet0/8
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 526 207344
Route cache 0 0 0 0
Total 0 0 526 207344
Port-channel1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 15452 988928
Route cache 0 0 0 0
Total 0 0 15452 988928
PSC-Switch#
PSC-Switch#
PSC-Switch#
PSC-Switch#
PSC-Switch#sh int stat
Vlan1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 8465 664826 3812 645779
Route cache 0 0 0 0
Total 8465 664826 3812 645779
GigabitEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 807 51648
Route cache 0 0 0 0
Total 0 0 807 51648
GigabitEthernet0/2
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Total 0 0 0 0
GigabitEthernet0/3
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Total 0 0 0 0
GigabitEthernet0/4
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 18550 1187200
Route cache 0 0 0 0
Total 0 0 18550 1187200
GigabitEthernet0/5
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 1508 96512
Route cache 0 0 0 0
Total 0 0 1508 96512
GigabitEthernet0/6
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 3111 199104
Route cache 0 0 0 0
Total 0 0 3111 199104
GigabitEthernet0/7
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 3111 199104
Route cache 0 0 0 0
Total 0 0 3111 199104
GigabitEthernet0/8
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 527 207742
Route cache 0 0 0 0
Total 0 0 527 207742
Port-channel1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 15472 990208
Route cache 0 0 0 0
Total 0 0 15472 990208
PSC-Switch#

this is my first qos deployment, it just seems fundamentally broken =)

Ken Boone

What model of switch is this?

Baran711

ASKER

I have tried this on a 3750e and a 2960g.

Baran711

ASKER

is there a debug command that will allow me to see packets with the dscp value? I have seen a lot about setting up qos but very little reg verifying it

Ken Boone

do this:

show mls qos

qos is disabled by default on a 3750.

Baran711

ASKER

I did enable it. I will get the output for you when I am back at my desk

Baran711

ASKER

ok a few things:
PSC-Switch#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled

i blew away my qos config and did an autoqos voip cisco phone on the 2 ports. i have the same results here is the relevent config and output. it seems like even ciscos cookie cutter config shows the same results. can anyone verify that the commands i am running to try to show traffic work for them?

autoqos config:

mls qos map policed-dscp 24 26 46 to 0
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos

!
class-map match-all AutoQoS-VoIP-RTP-Trust
match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
match ip dscp cs3 af31
!
!
policy-map AutoQoS-Police-CiscoPhone
class AutoQoS-VoIP-RTP-Trust
set dscp ef
police 320000 8000 exceed-action policed-dscp-transmit
class AutoQoS-VoIP-Control-Trust
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
!

interface GigabitEthernet1/0/5
switchport access vlan 10
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone
!

interface GigabitEthernet1/0/6
switchport access vlan 10
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone
!

i made a call from phones on port 5 to 6. call goes through fine, here is what i get:

PSC-Switch#sh policy-map int gi1/0/5
GigabitEthernet1/0/5

Service-policy input: AutoQoS-Police-CiscoPhone

Class-map: AutoQoS-VoIP-RTP-Trust (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)

Class-map: AutoQoS-VoIP-Control-Trust (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp cs3 (24) af31 (26)

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
PSC-Switch#

this really bothers me:

PSC-Switch#sh int gi1/0/5 stat
GigabitEthernet1/0/5
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 1277 94132
Route cache 0 0 0 0
Total 0 0 1277 94132
PSC-Switch#

i dont understand how there are no packets or characters incomming to that switch port...

oddly enough this command looks right and does increment:

GigabitEthernet1/0/5 (All statistics are in packets)

dscp: incoming
-------------------------------

0 - 4 : 15 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 100
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 255 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------

0 - 4 : 209 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 83
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 254 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------

PSC-Switch#sh mls qos int gi1/0/5 stat
GigabitEthernet1/0/5 (All statistics are in packets)

dscp: incoming
-------------------------------

0 - 4 : 15 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 117
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 356 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------

0 - 4 : 263 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 83
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 356 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------

0 - 4 : 67 0 0 117 0
5 - 7 : 356 0 0
cos: outgoing
-------------------------------

0 - 4 : 387 0 0 0 0
5 - 7 : 356 0 1482
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------
queue 0: 2 0 356
queue 1: 32 43 1482
queue 2: 0 0 0
queue 3: 0 0 339

output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 0

Policer: Inprofile: 429 OutofProfile: 0

i may not have a real issue here, it may be a simple case of poor consistancy between the ios sh outputs, hoping somone has run into this before.

Ken Boone

I did this same type setup last week on some 3750g switches. I had esi IP phones. I ran the auto qos and then had to remove the trust statements as that relies on cdp. My stats were showing correct. I did the same thing you did to check it because I wasn't sure if the phones were setting the qos the same way Cisco phones do. I was using the latest IOS version in an ipbase feature set. This was just last week.

Baran711

ASKER

I have cisco phones 7975g. are you saying your policy map stats where correct when you did a sh policy-map int? mine def are not. any ideas?

Ken Boone

Yes the show policy-map int command showed the packets in the correct class maps with qos.

Ken Boone

Call TAC

Baran711

ASKER

tac pointed me to this:

http://supportwiki.cisco.com/ViewWiki/index.php/Unable_to_display_QoS_information_at_the_port_level_with_the_show_policy-map_interface_command_in_Catalyst_3750_switch

still doesnt explain why my sh mls qos int are not showing all of the dscp values increasing though.

Ken Boone

Well what does TAC say about the sho mls qos command not showing the stats incrementing?

Baran711

ASKER

still waiting to get a response n that

Baran711

ASKER

please close this, it is a known problem that will be fixed in the next ios release

ASKER CERTIFIED SOLUTION

Ken Boone

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial