shoshon at shoshon
Nov 12, 2009, 10:18 AM
Post #6 of 6
(436 views)
Permalink
|
> Following on, the best way is to 'trust' on all uplinks between devices
> and filter at the edge. So you have a customer who shouldn't be sending
> tagged traffic, set the port to not trusted (should be the default
> state) and any customer using QoS should have "mls qos trust dscp" on
> the demark port.
>
> If you don't have a trusted core, then all it takes is a simple switch
> in the path traffic takes and you'll find yourself scratching your head
> as to why the DSCP tags are disappearing all of a sudden!
indeed, i do see another dscp value in the counters. (besides mine).
i tried with dscp mutation and re-mapping, but it did't work.
so..start NOT trusting the edge/customers ports.
>
>
> Paul
>
>
>
> -----Original Message-----
> From: Scott Morris [mailto:swm [at] emanon]
> Sent: 12 November 2009 14:41
> To: Bogdan
> Cc: nanog [at] nanog
> Subject: Re: qos 3560
>
> Look at "show mls qos map" to see the defaults that may be rewriting
> your information depending on trust (or non-trust) mechanisms you have
> configured.
>
> If you trust CoS, a frame received with cos5 and dscp46 will get
> rewritten to dscp 40 with default maps...
>
> "show mls qos interface (intf)" is also good to see status.
>
> Scott
>
>
>
> Bogdan wrote:
>> hello
>>
>> indeed, a fellow nanoger gave me this hint.
>>
>> 1. i had to enable mls qos globally in "network" switches
>> 2. set the mls qos trust dscp on the uplinks (ingress port)
>>
>>
>> thanks
>>
>> ps thanks to andrey.gordon too :)
>>
>>
>>
>>
>>
>> On 11/12/2009 03:21 PM, Brian Feeny wrote:
>>
>>> You should make sure that any links that go between devices have
> trust
>>> set. In your case if your doing DSCP,
>>> then make sure each link that goes between devices which must carry
>>> tagged packets have trust dscp set.
>>>
>>> Brian
>>>
>>> On Nov 12, 2009, at 5:11 AM, Bogdan wrote:
>>>
>>>
>>>> hello
>>>>
>>>> i am playing with qos on some devices
>>>> - cisco 3560
>>>> - cisco 7609
>>>> and i have some things that i don't seem to understand.
>>>>
>>>> 1. in 3560, i enable mls qos, on the ingress port applyed policy
> map,
>>>> classify the packets with acl, mark, all good. on the egress ports i
> use
>>>> srr-queue with shape/share, everything is fine, it is working.
>>>>
>>>>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/relea
> se/12.2_20_se/configuration/guide/swqos.html#wp1028614
>>>>
>>>>
>>>>
>>>> 2. reset to defaults the 3560
>>>> in 7606 i pick up a vlan, and apply a policy-map and set dscp 40 on
>>>> egress of that vlan
>>>> 3560 in uplinked in 7609
>>>> in 3560 i can see the "marked" packets, and i have matches on the
> dscp
>>>> set earlier (sh mls qos int xx stat).
>>>> the problem is: when i apply the srr-queue in 3560 on egress
> (towards
>>>> the test port), it does not work.
>>>> if i enable mls qos on 3560, i cannot match anymore the dscp 40 from
> the
>>>> 7609
>>>>
>>>> is it normal? do i have to apply the qos stuff (point1) on all
> switches
>>>> i want qos on? i mean, i cannot set dscp in one "core" device and
> use
>>>> that in the whole network ?
>>>>
>>>>
>>>> thanks
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>>
>>
>
>
>
> For more information about the Viatel Group, please visit www.viatel.com
>
> VTL (UK) Limited Registered in England and Wales
> Registered Address: Inbucon House, Wick Road, Egham, Surrey TW20 0HR
> Company Registration No: 04287100 VAT Registration Number: 781 4991 88
>
> THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INTENDED RECIPIENT TO
> WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED,
> CONFIDENTIAL AND EXEMPT FROM DISCLOSURE. If the reader of this message is
> not the intended recipient, or an employee or agent responsible for
> delivering the message to the intended recipient, you are notified that
> any dissemination, distribution or copying of this e-mail is prohibited,
> and you should delete this e-mail from your system.
>
> This message has been scanned for viruses and spam by Viatel MailControl -
> www.viatel.com
>
>
|
