?
Solved

Cisco 3560 Switch DSCP Marking for RDP

Posted on 2013-01-03
4
Medium Priority
?
1,387 Views
Last Modified: 2013-01-07
I would like to mark my RDP traffic to 2 particular host as DSCP AF31. However, my config does not seem to work. Anyone can help troubleshoot?

ip access-list extended CLASSIFY-RDPServers
 permit tcp host 192.168.20.80 any eq 3389
 permit tcp host 192.168.20.8 any eq 3389
 permit tcp any host 192.168.20.8 eq 3389
 permit tcp any host 192.168.20.80 eq 3389

class-map match-any CLASSIFY-RDPServers
 match access-group name CLASSIFY-RDPServers
class-map match-all AutoQoS-VoIP-RTP-Trust
 match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
 match ip dscp cs3  af31
class-map match-all CLASSIFY-Video
 match ip dscp af41

policy-map AutoQoS-Police-CiscoPhone
 class AutoQoS-VoIP-RTP-Trust
  set dscp ef
  police 320000 8000 exceed-action policed-dscp-transmit
 class AutoQoS-VoIP-Control-Trust
  set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
 class CLASSIFY-Video
  set dscp af41
  police 2000000 8000 exceed-action policed-dscp-transmit
 class CLASSIFY-RDPServers
  set dscp af31

Open in new window


From packet captures, I can see that the policy-map works for ef, af41 traffic. But RDP traffic is not marked as af31.
0
Comment
Question by:frukeus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 498 total points
ID: 38743570
Are you seeing any hits against the ACL  "CLASSIFY-RDPServers"?
0
 
LVL 10

Assisted Solution

by:koudry
koudry earned 501 total points
ID: 38745854
I think you need to test the ACL first, by attaching it to the interface, to make sure it is working. If it is not working, try simple IP, e.g.

!
access-list 101 permit ip host 192.168.20.80 any
!
interface x
ip access-group 101 in
!

If this works, use this ACL on a test class map and policy and test again separately away from the other classes.
0
 
LVL 10

Accepted Solution

by:
mat1458 earned 501 total points
ID: 38748275
Is the RDP traffic using the interfaces on which you have set the service policy? Is RDP using the standard ports on the two systems?

You config looks pretty good, the stuff you have posted should do what you intend to. But for completeness reasons: can you please post the other access lists as well? There might be something in them that erroneusly marks the RDP traffic with some other tag.

If you can post it the pcap file would help as well.
0
 
LVL 1

Author Closing Comment

by:frukeus
ID: 38753228
Yes, the problem was with the ACL.
It should be
10 permit tcp host 192.168.48.80 eq 3389 any
20 permit tcp host 192.168.48.8 eq 3389 any

to capture the RDP traffic instead of
10 permit tcp host 192.168.48.80 any eq 3389
20 permit tcp host 192.168.48.8 any eq 3389
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question