Link to home
Start Free TrialLog in
Avatar of Tim Titus
Tim TitusFlag for United States of America

asked on

Cisco class-map not matching anything

In a lab network, I'm trying to learn why a class-map is not matching any traffic.  I have two Cisco routers with a serial interface that works well in passing all traffic, but I'm trying to get MQC set up for QoS.
class-map match-any VOICE
 match  dscp ef
class-map match-any CALL-SIGNALING
 match  dscp af41
 match  dscp cs3
!
!
policy-map WAN-EDGE
 class VOICE
  priority percent 30
 class CALL-SIGNALING
  bandwidth 128
 class class-default
  fair-queue

Open in new window

It is applied to the serial interface on output:
interface Serial0/2/0
 ip address 192.168.203.1 255.255.255.0
 service-policy output WAN-EDGE

Open in new window

When I send DSCP 46 tagged traffic through the interface, it all goes to the default queue:
Honolulu#show policy-map interface s0/2/0
 Serial0/2/0

  Service-policy output: WAN-EDGE

    Class-map: VOICE (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match:  dscp ef (46)
        0 packets, 0 bytes
        5 minute rate 0 bps
      Queueing
        Strict Priority
        Output Queue: Conversation 264
        Bandwidth 30 (%)
        Bandwidth 463 (kbps) Burst 11575 (Bytes)
        (pkts matched/bytes matched) 0/0
        (total drops/bytes drops) 0/0

    Class-map: CALL-SIGNALING (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match:  dscp af41 (34)
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match:  dscp cs3 (24)
        0 packets, 0 bytes
        5 minute rate 0 bps
      Queueing
        Output Queue: Conversation 265
        Bandwidth 128 (kbps) Max Threshold 64 (packets)
        (pkts matched/bytes matched) 0/0
        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: class-default (match-any)
      19955 packets, 4077842 bytes
      5 minute offered rate 82000 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 256
        (total queued/total drops/no-buffer drops) 49/852/0

Open in new window

I have verified with a sniffer that the packets are properly DSCP tagged, but I don't know why they are not being put into that queue.
Avatar of Ken Boone
Ken Boone
Flag of United States of America image
So when you say you know they are tagged, tell me where the source device is connected that is generated DSCP EF packets.  Then what is it connected to, where is the router connected, are there multiple switches, etc..  and what port did you run the sniffer against.  I'm trying to determine if you have switches that are re-writing the DSCP value in your path.

Your config looks fine.
Avatar of Tim Titus
Tim Titus
Flag of United States of America image

ASKER

If I send DSCP tagged packets from my PC to a PC on the other side of the network, I can verify that DSCP tagged packets are coming out of my PC via wireshark, and I can verify that the packets that reach the far-end are DSCP tagged as well.  That proves that DSCP is making it through to the other side (and back for that matter).

To answer your specific question, I am going through 2 layer-2 switches before I hit this router and neither switches have any configuration that would strip DSCP.

I just don't know why they are not being put into the proper class-map.
Avatar of Ken Boone
Ken Boone
Flag of United States of America image
Ok just want to make sure.  Cisco switches if not set up properly to handle those DSCP values will remark them by default that is why I was asking.  But if you are seeing the packets on the far side still with the DSCP value set correctly then I would say you are correct.

So that leaves me to believe that you might have an IOS problem.  I have seen class maps not match before just do to an IOS problem.  I would upgrade your IOS and then see where its at.
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image
By default switch do not trust DSCP markings and will overwrite DSCP to default value, you need to configure switch to trust end device.
Try to configure under interface
auto qos trust
Avatar of Tim Titus
Tim Titus
Flag of United States of America image

ASKER

I've requested that this question be closed as follows:

Accepted answer: 0 points for ttitus's comment #a41270604

for the following reason:

It's still  weird that I'm getting DSCP tagging through to the far side, but I added an additional "match" condition to match the IP address of my computer and it started to match based on IP address, thus proving that the class-map is now working properly on the router.

I still have no idea why the match on dscp ef is not working, but you helped lead me to the solution.  Thanks!
Avatar of Tim Titus
Tim Titus
Flag of United States of America image

ASKER

FYI: The switches in my environment are HP switches that do not strip DSCP.
ASKER CERTIFIED SOLUTION
Avatar of Ken Boone
Ken Boone
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tim Titus
Tim Titus
Flag of United States of America image

ASKER

Tried to award points earlier, but the system did not seem to do this.  I want to give you all the points.  Let's try this again.
Avatar of Tim Titus
Tim Titus
Flag of United States of America image

ASKER

It seems that Experts-Exchange is having some problems.  If they don't award you the points, let me know and I'll open a case with their support.  You certainly earned the points!  Thank you!
Avatar of Ken Boone
Ken Boone
Flag of United States of America image
Thank you!