Tim Titus
asked on
Cisco class-map not matching anything
In a lab network, I'm trying to learn why a class-map is not matching any traffic. I have two Cisco routers with a serial interface that works well in passing all traffic, but I'm trying to get MQC set up for QoS.
class-map match-any VOICE
match dscp ef
class-map match-any CALL-SIGNALING
match dscp af41
match dscp cs3
!
!
policy-map WAN-EDGE
class VOICE
priority percent 30
class CALL-SIGNALING
bandwidth 128
class class-default
fair-queue
It is applied to the serial interface on output:interface Serial0/2/0
ip address 192.168.203.1 255.255.255.0
service-policy output WAN-EDGE
When I send DSCP 46 tagged traffic through the interface, it all goes to the default queue:Honolulu#show policy-map interface s0/2/0
Serial0/2/0
Service-policy output: WAN-EDGE
Class-map: VOICE (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: dscp ef (46)
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 30 (%)
Bandwidth 463 (kbps) Burst 11575 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map: CALL-SIGNALING (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: dscp af41 (34)
0 packets, 0 bytes
5 minute rate 0 bps
Match: dscp cs3 (24)
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 265
Bandwidth 128 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
19955 packets, 4077842 bytes
5 minute offered rate 82000 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 49/852/0
I have verified with a sniffer that the packets are properly DSCP tagged, but I don't know why they are not being put into that queue.
ASKER
If I send DSCP tagged packets from my PC to a PC on the other side of the network, I can verify that DSCP tagged packets are coming out of my PC via wireshark, and I can verify that the packets that reach the far-end are DSCP tagged as well. That proves that DSCP is making it through to the other side (and back for that matter).
To answer your specific question, I am going through 2 layer-2 switches before I hit this router and neither switches have any configuration that would strip DSCP.
I just don't know why they are not being put into the proper class-map.
To answer your specific question, I am going through 2 layer-2 switches before I hit this router and neither switches have any configuration that would strip DSCP.
I just don't know why they are not being put into the proper class-map.
Ok just want to make sure. Cisco switches if not set up properly to handle those DSCP values will remark them by default that is why I was asking. But if you are seeing the packets on the far side still with the DSCP value set correctly then I would say you are correct.
So that leaves me to believe that you might have an IOS problem. I have seen class maps not match before just do to an IOS problem. I would upgrade your IOS and then see where its at.
So that leaves me to believe that you might have an IOS problem. I have seen class maps not match before just do to an IOS problem. I would upgrade your IOS and then see where its at.
By default switch do not trust DSCP markings and will overwrite DSCP to default value, you need to configure switch to trust end device.
Try to configure under interface
auto qos trust
Try to configure under interface
auto qos trust
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for ttitus's comment #a41270604
for the following reason:
It's still weird that I'm getting DSCP tagging through to the far side, but I added an additional "match" condition to match the IP address of my computer and it started to match based on IP address, thus proving that the class-map is now working properly on the router.
I still have no idea why the match on dscp ef is not working, but you helped lead me to the solution. Thanks!
Accepted answer: 0 points for ttitus's comment #a41270604
for the following reason:
It's still weird that I'm getting DSCP tagging through to the far side, but I added an additional "match" condition to match the IP address of my computer and it started to match based on IP address, thus proving that the class-map is now working properly on the router.
I still have no idea why the match on dscp ef is not working, but you helped lead me to the solution. Thanks!
ASKER
FYI: The switches in my environment are HP switches that do not strip DSCP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tried to award points earlier, but the system did not seem to do this. I want to give you all the points. Let's try this again.
ASKER
It seems that Experts-Exchange is having some problems. If they don't award you the points, let me know and I'll open a case with their support. You certainly earned the points! Thank you!
Thank you!
Your config looks fine.