VTP, Portfast, Spanning Tree and all the other switch related stuff.
5 posts • Page 1 of 1
Ive been tasked with configuring QoS across the network of where I work. Currently the configs have some legacy QoS statements on the switches for the voice VLAN but Im not sure if they are working or not. These statements are meant to only mark the voice traffic DSCP values. The company I work for use Avaya VoIP phones and the switch access ports are configured as trunked ports. When I performed show policy-map interface xxx and show access-lists it appears that nothing is hitting the access lists or the policy map. Is this because the access-lists and policy-maps will only apply to the native VLAN or am I missing something? Should the marking of the traffic happen on the router sub-interfaces? Configs and show statements below. Thanks in advance for your help. Regards, Bryce. interface GigabitEthernet2/0/1 !My interface description Connection to Avaya IP phone switchport trunk encapsulation dot1q switchport trunk native vlan 410 switchport trunk allowed vlan 210,410 switchport mode trunk switchport port-security maximum 4 switchport port-security switchport port-security aging time 1 switchport port-security aging type inactivity srr-queue bandwidth share 1 70 25 5 srr-queue bandwidth shape 3 0 0 0 priority-queue out no cdp enable spanning-tree portfast trunk spanning-tree bpduguard enable service-policy input mark_IPCOMM !Applied policy-mapend policy-map mark_IPCOMM !Policy-map class VOICE_RTP set dscp ef police 176000 8000 exceed-action drop class VOICE_CONTROL set dscp af31 police 176000 8000 exceed-action drop class class-default set dscp default! ip access-list extended VOICE !Relevant access-lists permit udp any any range 2048 3327ip access-list extended VOICE-CONTROL remark Match VoIP Control Traffic permit udp any any eq 1719 permit tcp any any eq 1720! sh policy-map interface gi2/0/1 !Show commands - no packets and no bytes GigabitEthernet2/0/1 Service-policy input: mark_IPCOMM Class-map: VOICE_RTP match-all 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group name VOICE Class-map: VOICE_CONTROL (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group name VOICE-CONTROL 0 packets, 0 bytes 5 minute rate 0 bps Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any 0 packets, 0 bytes 5 minute rate 0 bps sh access-lists !No matches for access-listsExtended IP access list VOICE 10 permit udp any any range 2048 3327Extended IP access list VOICE-CONTROL 10 permit udp any any eq 1719 20 permit tcp any any eq 1720
You won see counters from show policy-map interface on switches as this task is performed in hardware while those are software counters. If you have a 3560/3750 switch, the command show mls qos interface statistics will display hardware counters for dscp values.In your case, these counters will be seen on egress as the ingress is performing the marking of the packets.
Edison, Thanks for your quick response. Im able to see the required information now. I have several other questions/clarifications regarding the upcoming QoS project and hopefully you can help. 1. Should I continue marking the packets at the switch access ports? This is best practice isn it? Or should I mark them at the router LAN port? 2. Once the packet has been marked the dscp values will stay the same through to the router (as long as the command mls qos trust dscp is done etc). Is this correct? 3. Where should I apply the class-maps and policy-maps for shaping? Is this then done at the router/layer 3 switch? Thanks in advance. Bryce.
1) Closest to the source as possible - the answer is marking at ingress in the switchport 2) Correct 3) Only routers are able to shape traffic on egress. There are some switches that are able to shape on egress but require special WAN modules. Please rate helpful posts!