Link to home
Start Free TrialLog in
Avatar of frukeus
frukeusFlag for Singapore

asked on

Cisco 3560 Switch DSCP Marking for RDP

I would like to mark my RDP traffic to 2 particular host as DSCP AF31. However, my config does not seem to work. Anyone can help troubleshoot?

ip access-list extended CLASSIFY-RDPServers
 permit tcp host 192.168.20.80 any eq 3389
 permit tcp host 192.168.20.8 any eq 3389
 permit tcp any host 192.168.20.8 eq 3389
 permit tcp any host 192.168.20.80 eq 3389

class-map match-any CLASSIFY-RDPServers
 match access-group name CLASSIFY-RDPServers
class-map match-all AutoQoS-VoIP-RTP-Trust
 match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
 match ip dscp cs3  af31
class-map match-all CLASSIFY-Video
 match ip dscp af41

policy-map AutoQoS-Police-CiscoPhone
 class AutoQoS-VoIP-RTP-Trust
  set dscp ef
  police 320000 8000 exceed-action policed-dscp-transmit
 class AutoQoS-VoIP-Control-Trust
  set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
 class CLASSIFY-Video
  set dscp af41
  police 2000000 8000 exceed-action policed-dscp-transmit
 class CLASSIFY-RDPServers
  set dscp af31

Open in new window


From packet captures, I can see that the policy-map works for ef, af41 traffic. But RDP traffic is not marked as af31.
SOLUTION
Avatar of Don Johnston
Don Johnston
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of frukeus

ASKER

Yes, the problem was with the ACL.
It should be
10 permit tcp host 192.168.48.80 eq 3389 any
20 permit tcp host 192.168.48.8 eq 3389 any

to capture the RDP traffic instead of
10 permit tcp host 192.168.48.80 any eq 3389
20 permit tcp host 192.168.48.8 any eq 3389