Avatar of andrewprouse
 asked on

QoS, TOS value, ping tool, cisco site-to-site ...help!

I'm struggling with a QoS problem at the moment and need a tool to help me test it.

I need to be able to ping a device and classify the data with a TOS value (184).

We have a Cisco site-to-site link working perfectly, but I'm trying to prioritise voice traffic between two voice servers (non cisco - one at each site).  The voice servers are apparently tagging all inter-site traffic with a TOS value of 184 (tos=0xB8).  I've created a policy-map to match outgoing DSCP EF traffic on the WAN interfaces, but I don't seem to be getting any matches when I make an inter-site voice call.

If I use a Cisco Wireless Access Point to run an extended ping and input the TOS value of 184 then I get matches so I know that the router policy-map is working correctly. The thing I don't know is if the Cisco routers can only detect Cisco traffic.  I need a ping tool where I can set a TOS value to the ICMP traffic to see if I get matches.

I've tried a ping from an XP machine where the ping -v command is supported, and this traffic doesn't 'match' in the policy-map.

I'm also trying to find a way to capture the packets to and from each voice server to see if the packets are actually tagged with the correct TOS value.  Any ideas how to do this? (I have wireshark but can't seem to work out how to monitor a remote device).

Any ideas?

Cheers, Andy
RoutersTCP/IPVoice Over IP

Avatar of undefined
Last Comment
Robert Sutton Jr

8/22/2022 - Mon
John Meggers

Since the voice servers are not Cisco, Cisco routers and switches most likely will not automatically recognize the traffic as voice.  I assume this is what you mean by "Cisco routers can only detect Cisco traffic".  So you need another mechanism to classify the traffic.  Why not use an ACL matching on source and/or destination of the voice servers, reference that in a class map, reference the class map in a policy map applying the TOS or DSCP value you want, and then apply that policy on the outbound interface.  You'll also want to specify "qos preclassify" in your crypto map. See http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800b3d15.shtml
Robert Sutton Jr

FWIW: When using wireshark:
The capture filter equivalent of "ip.dsfield==184" would be "ip[1]=184".
Furthermore, when the dsfield value is 184, the dscp value is actually 46, as the dscp field consists of the higher 6 bits of the dsfield, the other two bits are for ECN (Explicit Congestion Notification).
Im assuming your filter "ip.dsfield==184" will only show packets with DSCP value 46 and both ECN bits zero. So you might miss packets that have an ECN bit set. It's better to use the display filter "ip.dsfield.dscp==46", for which the capture filter equivalent is "ip[1]>>2=46"

Hope this helps.


Thank you for the suggestion.  I may have to revert to this option if I can't get the TOS / DSCP values to match.  Now that I've started along the TOS / DSCP route I'd quite like to get it working this way.


Thank you for that.  I've managed to capture packets from the voice server while a call was being made to the other site. From what I can tell, the inter-site traffic is being tagged with a DSCP value of 0 (DSCP 0x00) which is probably why the Cisco router isn't matching the traffic.  

The voice server uses TOS, and I'm inputting a TOS value of 184 (tos=0xB8), and the Cisco router is trying to match DSCP EF (46).  Is the TOS value correct for this?

Cheers, Andy
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Robert Sutton Jr

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question