3560 QOS
I have a problem with a constant rate of output drops on a 1 Gbps uplink. What worries me is that the rate isn’t less than 200 Mbps (approx. 40 kpps) and we are still getting lots of drops. The traffic rate in the other direction seem to be quite similar, but on that port we’re not getting any drops at all.
The access-switch is a 3560X, while the distribution switch is a 4948-10GE. Could it be that the traffic is so bursty that we get queues, even though we can’t see them? I have been issuing “show interface” hundreds of times and can see the drops increase, but never one packet on the output queue (include example below). Could there be any other reason for the drops other than “queue full”? Is there any other way that we can configure the interface to get a deeper queue?
I include the config of the switch as well for you to check whether it looks reasonable, especially when it comes to QoS.
sh int gi 0/23 | i queue|NTP|rate|packets
Time source is NTP, 12:54:06.090 MET Mon Nov 10 2014
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1770839
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 334686000 bits/sec, 45751 packets/sec
30 second output rate 156244000 bits/sec, 26740 packets/sec
8727225929 packets input, 5519655578599 bytes, 0 no buffer
0 input packets with dribble condition detected
6030617483 packets output, 4431191815632 bytes, 0 underruns
sh int gi 0/23 | i queue|NTP|rate|packets
Time source is NTP, 12:54:06.794 MET Mon Nov 10 2014
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1770871
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 334686000 bits/sec, 45751 packets/sec
30 second output rate 156244000 bits/sec, 26740 packets/sec
8727259591 packets input, 5519678994235 bytes, 0 no buffer
0 input packets with dribble condition detected
6030642824 packets output, 4431211270444 bytes, 0 underruns
Regards
Bjarne
I have a problem with a constant rate of output drops on a 1 Gbps uplink. What worries me is that the rate isn’t less than 200 Mbps (approx. 40 kpps) and we are still getting lots of drops. The traffic rate in the other direction seem to be quite similar, but on that port we’re not getting any drops at all.
The access-switch is a 3560X, while the distribution switch is a 4948-10GE. Could it be that the traffic is so bursty that we get queues, even though we can’t see them? I have been issuing “show interface” hundreds of times and can see the drops increase, but never one packet on the output queue (include example below). Could there be any other reason for the drops other than “queue full”? Is there any other way that we can configure the interface to get a deeper queue?
I include the config of the switch as well for you to check whether it looks reasonable, especially when it comes to QoS.
sh int gi 0/23 | i queue|NTP|rate|packets
Time source is NTP, 12:54:06.090 MET Mon Nov 10 2014
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1770839
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 334686000 bits/sec, 45751 packets/sec
30 second output rate 156244000 bits/sec, 26740 packets/sec
8727225929 packets input, 5519655578599 bytes, 0 no buffer
0 input packets with dribble condition detected
6030617483 packets output, 4431191815632 bytes, 0 underruns
sh int gi 0/23 | i queue|NTP|rate|packets
Time source is NTP, 12:54:06.794 MET Mon Nov 10 2014
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1770871
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 334686000 bits/sec, 45751 packets/sec
30 second output rate 156244000 bits/sec, 26740 packets/sec
8727259591 packets input, 5519678994235 bytes, 0 no buffer
0 input packets with dribble condition detected
6030642824 packets output, 4431211270444 bytes, 0 underruns
Regards
Bjarne
Similar Messages
-
3560 QoS ACL not working as expected...
I am putting together some QoS access-lists for some testing I am doing...
When I try to classify/mark traffic based on TCP port, the packets don't seem to get tagged.
When I remove the port qualification, "eq telnet" from the end of an ACL entry, the packets do get tagged.
For instance: I get no tagged packets when I use the following ACL:
ip access-list extended ftp-acl
permit tcp host <ip-address> any eq ftp-data
permit tcp host <ip-address> any eq ftp
When I reduce it to the following, the packets that match are tagged with the set value:
ip access-list extended ftp-acl
permit tcp host <ip-address> any
Any ideas???Yes, QoS is enabled globally...
Here's the config. it's very basic. Internet access is on fas0/1. My Client is on Fas0/2. Both in VLAN 1.
I am capturing traffic coming into my laptop from fas0/2.
hostname Switch
no aaa new-model
ip subnet-zero
ip routing
mls qos
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
class-map match-any ftp-class
match access-group name ftp-acl
class-map match-any www-class
match access-group name www-acl
policy-map ingress
class ftp-class
set dscp ef
interface FastEthernet0/1
switchport mode access
service-policy input egress
interface FastEthernet0/2
interface Vlan1
ip address dhcp
ip access-list extended ftp-acl
permit tcp host 154.6.66.38 any eq ftp-data
permit tcp host 154.6.66.38 any eq ftp
ip access-list extended www-acl
permit tcp any any eq www
control-plane
line con 0
line vty 0 4
no login
line vty 5 15
no login
end -
QoS applied to SUP32-GE-3B, but queueing doesn't change.
The 6509 with SUP-32-GE-3B (8 GE ports) is running IOS 12.2(33)SXH7. I've applied this QoS config to a couple of the supervicor GE ports that we use for uplinks:
interface GigabitEthernet5/1
description to Po1 ANB-RS6509-DU-C
no ip address
wrr-queue bandwidth 5 50 45
priority-queue queue-limit 30
wrr-queue queue-limit 5 40 25
wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100
wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100
wrr-queue random-detect min-threshold 3 60 70 80 90 100 100 100 100
wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100
wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100
wrr-queue random-detect max-threshold 3 70 80 90 100 100 100 100 100
wrr-queue cos-map 1 1 1
wrr-queue cos-map 2 1 0
wrr-queue cos-map 3 1 2
wrr-queue cos-map 3 2 3
wrr-queue cos-map 3 3 6
wrr-queue cos-map 3 4 7
priority-queue cos-map 1 4 5
mls qos trust dscp
channel-group 1 mode desirable
end
But when I do a 'show queueing int' there isn't any change from the default, as can be seen by the queue tail-drop-thresholds and queue thresh cos-map:
ANB-RS6509-AU-E200#sh queueing int g5/1
Interface GigabitEthernet5/1 queueing strategy: Weighted Round-Robin
QoS is disabled globally
Port is untrusted
Extend trust state: not trusted [COS = 0]
Default COS is 0
Queueing Mode In Tx direction: mode-cos
Transmit queues [type = 1p3q8t]:
Queue Id Scheduling Num of thresholds
01 WRR 08
02 WRR 08
03 WRR 08
04 Priority 01
WRR bandwidth ratios: 100[queue 1] 0[queue 2] 0[queue 3]
queue-limit ratios: 100[queue 1] 0[queue 2] 0[queue 3] 0[Pri Queue]
queue tail-drop-thresholds
1 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
2 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
3 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
queue random-detect-min-thresholds
1 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
2 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
3 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
queue random-detect-max-thresholds
1 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
2 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
3 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
WRED disabled queues: 1 2 3
queue thresh cos-map
1 1 0 1 2 3 4 5 6 7
1 2
1 3
1 4
1 5
1 6
1 7
1 8
2 1
2 2
2 3
2 4
2 5
2 6
2 7
2 8
3 1
3 2
3 3
3 4
3 5
3 6
3 7
3 8
4 1
Queueing Mode In Rx direction: mode-cos
Receive queues [type = 2q8t]:
Queue Id Scheduling Num of thresholds
01 WRR 08
02 WRR 08
WRR bandwidth ratios: 100[queue 1] 0[queue 2]
queue-limit ratios: 100[queue 1] 0[queue 2]
queue tail-drop-thresholds
1 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
2 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
queue random-detect-min-thresholds
1 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
2 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
queue random-detect-max-thresholds
1 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
2 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]
WRED disabled queues: 1 2
queue thresh cos-map
1 1 0 1 2 3 4 5 6 7
1 2
1 3
1 4
1 5
1 6
1 7
1 8
2 1
2 2
2 3
2 4
2 5
2 6
2 7
2 8
Packets dropped on Transmit:
BPDU packets: 0
queue dropped [cos-map]
1 0 [0 1 2 3 4 5 6 7 ]
2 0 []
3 0 []
4 0 []
Packets dropped on Receive:
BPDU packets: 0
queue dropped [cos-map]
1 0 [0 1 2 3 4 5 6 7 ]
2 0 []
Any idea why?http://blog.ipexpert.com/2010/05/26/introduction-to-catalyst-3560-qos/
This is a great article from the Ipexpert guys..
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/swqos.html
Link to the 3560 guide
The policy looks good to me you may try a TAC case to have them lab\really dig into this -
QoS on 3560, 2960 and 3750 does not work (Policy-map).
Hi
I am tryng to configure QoS on 3 switches (2960, 3560 and 3750) with this configuration:
mls qos
class-map match-all QOS_DATA_CLASS
match access-group name QOS-DATA
class-map match-all QOS_DEFAULT_CLASS
match access-group name QOS-DEFAULT
class-map match-all QOS_VOICE_CLASS
match access-group name QOS-VOICE
class-map match-all QOS_SIGNALING_CLASS
match access-group name QOS-SIGNALING
policy-map QOS-SOFTPHONE-POLICY
class QOS_DEFAULT_CLASS
set dscp default
class QOS_SIGNALING_CLASS
set dscp cs2
class QOS_DATA_CLASS
set dscp cs1
class QOS_VOICE_CLASS
set dscp cs3
interface GigabitEthernet0/34
no switchport
ip address 10.10.11.1 255.255.255.252
ip ospf network point-to-point
priority-queue out
service-policy input QOS-SOFTPHONE-POLICY
interface GigabitEthernet0/47
switchport access vlan 150
spanning-tree portfast
service-policy input QOS-SOFTPHONE-POLICY
ip access-list extended QOS-DATA
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended QOS-DEFAULT
permit ip any any
ip access-list extended QOS-SIGNALING
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended QOS-VOICE
permit udp any any range 16384 32767
but when I check the show commands I see that QoS is not working.
CoreA#sh policy-map interface g0/34
GigabitEthernet0/34
Service-policy input: QOS-SOFTPHONE-POLICY
Class-map: QOS_DEFAULT_CLASS (match-all)
3 packets, 198 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DEFAULT
Class-map: QOS_SIGNALING_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-SIGNALING
Class-map: QOS_DATA_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DATA
Class-map: QOS_VOICE_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-VOICE
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
CoreA#sh policy-map interface g0/47
GigabitEthernet0/47
Service-policy input: QOS-SOFTPHONE-POLICY
Class-map: QOS_DEFAULT_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DEFAULT
Class-map: QOS_SIGNALING_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-SIGNALING
Class-map: QOS_DATA_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-DATA
Class-map: QOS_VOICE_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name QOS-VOICE
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
What do I do bad?
The flow is the next:
Computer with CIPC --------> Switch 2960 or 3560 or 3750 ------------------> switch core ---------------> CIPC
I have wireshark in a port mirror on switch 2960, 3560 and 3750. In wireshark I always see the packets marked with default label.
I hope you can help me.
Regards.Try this config:
policy-map QOS-SOFTPHONE-POLICY
class QOS_VOICE_CLASS
set dscp cs3
class QOS_SIGNALING_CLASS
set dscp cs2
class QOS_DATA_CLASS
set dscp cs1
class class-default
set dscp default
BR -
Cisco 3560 switch| mls qos trust dscp question
Hi everybody
Hi everybody .
Please consider the following example:
3560 sw f1/1--------trunk---SW2
3560 sw
f1/1
mls qos trust dscp
3560 is using default cos-dscp map, assume a 3560 receives a frame carrying IP packet on f1/1 with COS 4, what will 3560 switch do?
1) will it use its default cos --dscp map ( cos 4--.dscp 32) and rewrite 32 in dscp field of the packet in the frame and provide PHB for dscp 32 ?
Much appreciated!!
Have a great weekend.Hi
No it will not trust the cos value, because You have configured to trust dcsp. So, the switch will trust the dcsp value in the incoming frame.
/Mikael -
Catalyst 3550 & 3560/3750 command 'show mls qos interface statistics'
On the Catalyst 3550 the command 'show mls qos interface statistics' will show ingress packet (or byte) counts with DSCP values. If you have policers configured then it also shows a count of packets that have been marked down to another DSCP value due to policing or any that have been dropped (obviously 'mls qos monitor dscp x' needs configuring). The same command on the 3560/3750 only shows the ingress & egress DSCP values, there is no column that shows packets (or bytes) that have been policed or dropped. Is there any command to display the same information with the 3560/3750?
Neither platform show counters when the command 'show policy-map interface x/x' is used so this won't work.
Thanks
AndyHi, I believe there is a command on the 3560 'sh mls qos interface policers' may be what you are looking for.
Here is what the command says it outputs:
To display QoS information at the interface level. This information includes:
The configuration of the egress queues and the CoS3-to-egress-queue map
Which interfaces have configured policers
Ingress and egress statistics, which includes the number of bytes that have been dropped -
QOS for inbound traffic on 3560
Just to clarify what I'm asking.... I would like to make the congestion happen on our end and not on the ISP's equipment that I have no control over traffic shaping etc... I can't limit the bandwidth on the aggregate port that the metro e connects to (3750) because it would limit it for all locations and not just one. I think my only option is to limit the bandwidth on the switch at the location in question but I guess it would have to be on the ingress side, but then will it still drop packets according to dscp priority during congestion?
I have a little problem I hope you guys can help me with. We have a location that has a metro e hand off from our ISP. The same metro e also serves other locations and the aggregate point is at our main office which goes to a Cisco 3750 stack. The location in question has a single Cisco 3560 switch. We need to apply QOS for both inbound and outbound traffic to this location. I can tag the traffic to and from there but how do I make it so that the 3560 (or 3750) gets saturated and not the ISP connection for incoming traffic (so we decide what packets get dropped)? srr-queue bandwidth limit can't be used on the metro e port on the 3750 because this would limit all locations and not just the one.Should I put another small switch and put it in from of the 3560? This way I could use srr-queue and apply QOS to the egress queue.I hope this...
This topic first appeared in the Spiceworks Community -
Hi folks
I remember not that very long ago I saw a document that was depicting the QoS order of operation for both ingress and egress data flows on the Cisco 3560/3750 series.
However, I'm at a loss right now as I cannot find it, apparently I didnt bookmark it. :-/
I was hoping that one of you guys might happen to know which one I'm talking about and point me in the right direction. I know it's not much to go on...
Thanks in advance!Hey Rajeevsh
Thank you for the reply, but it was not the one I was looking for. I've finally manged to find it. It was this one I was looking for:
http://rizzitech.blogspot.com/2010/08/qos-on-cisco-3560-diagram.html
Have a nice day :) -
3560 mls qos interface statistics output
Hi
I've seen questions like this before, but never seen a satisfactory answer... I can't find any good documentation anywhere about this command.
If you run it, you get tabular output of some statistics - with no headers to the columns.
The closest thing I've found to it is in this document:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550cr/cli2.htm#wp2418191
It shows the fields as: Incoming, No_Change, Classified, Policed and dropped.
I have a switch with a modified cos-dscp map so that cos 5 is marked to dscp 46. This shows normal traffic as in the row titled 0-4 in the 'incoming' column, and cos 5 traffic appears in the 40-44 row and the 'dropped' column... which can't be right.
Anyone know what the columns mean?
AaronI figured this out after looking at it sideways and upside down. Here is part of the output from the command I ran on one of our 3750 switches (copy it and paste it into notepad so the rows stretch back out): 'sh mls qos int f0/35 statistics'
dscp: outgoing
0 - 4 : 63683 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 81
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 13366
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 10749 0 13653 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
On the left side X - X are the DSCP values for the five columns of that row. For example, 20 - 24 row has the number 81 in the fith column. That shows that 81 packets with the DSCP value of 24 went out of that port. In row 45 - 49, 10749 packets with DSCP of 46 and 13653 packets with DSCP value of 48 went out that port.
I finally was able to use this table to show that a video conferencing unit was truely generating voice packets with DSCP 46 (EF), video packets with DSCP 34, and call control packets with DSCP 24 (this is COS 3 that is mapped to DSCP 24 in the cos-dscp map entry.)
So to clarify, the five columns have nothing to do with Incoming, No_Change, Classified, Policed and dropped, they represent the number of packets that have the DSCP values as referred to by the far left table.
Hope this helps. -
3560 mls qos - output queues counters?
Hi!
I have WS-C3560G-24TS 15.0(2)SE4.
In gi0/10 we received IPTV multicast traffic only.
interface GigabitEthernet0/10
description IPTV
switchport access vlan 929
switchport mode access
switchport nonegotiate
mls qos trust dscp
channel-protocol lacp
channel-group 3 mode active
service-policy input iptv-cos
end
on port input - 350mbit - output 2000 Bit/s!
Queueing strategy: fifo
5 minute input rate 348797000 bits/sec, 32008 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
Then i send command:
clear counters
clear mlq qos int stat
and
sh mls qos int gi0/10 st
after 5-10 seconds i see:
GigabitEthernet0/10 (All statistics are in packets)
dscp: incoming
0 - 4 : 156657 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
0 - 4 : 4 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
0 - 4 : 156661 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
0 - 4 : 4 0 0 0 0
5 - 7 : 0 0 0
output queues enqueued:
queue: threshold1 threshold2 threshold3
queue 0: 0 0 0
queue 1: 4 0 0
queue 2: 0 0 0
queue 3: 0 0 112066
output queues dropped:
queue: threshold1 threshold2 threshold3
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
Question!
Why i have 112066 packets in output queue 3, then bitrate output - 5 minute output rate 0 bits/sec, 0 packets/sec and 7 packets output, 576 bytes after clear.I have any time this bitrate.
a few hours later I see:
bm18.lan#sh mls q int gi0/10 st
GigabitEthernet0/10 (All statistics are in packets)
dscp: incoming
0 - 4 : 849303034 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 3517 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
0 - 4 : 45265 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
0 - 4 : 849324148 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
0 - 4 : 45265 0 0 0 0
5 - 7 : 0 0 0
output queues enqueued:
queue: threshold1 threshold2 threshold3
queue 0: 0 0 0
queue 1: 45265 0 4071
queue 2: 0 0 0
queue 3: 0 0 605666519
output queues dropped:
queue: threshold1 threshold2 threshold3
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
send:
bm18.lan#sh mls q int gi0/10 st
GigabitEthernet0/10 (All statistics are in packets)
dscp: incoming
0 - 4 : 849303034 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 3517 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
0 - 4 : 45265 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
0 - 4 : 849324148 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
0 - 4 : 45265 0 0 0 0
5 - 7 : 0 0 0
output queues enqueued:
queue: threshold1 threshold2 threshold3
queue 0: 0 0 0
queue 1: 45265 0 4071
queue 2: 0 0 0
queue 3: 0 0 605666519
output queues dropped:
queue: threshold1 threshold2 threshold3
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#clear mls qos int st
bm18.lan#
bm18.lan#
bm18.lan#clear counters
Clear "show interface" counters on all interfaces [confirm]
bm18.lan#
bm18.lan#
bm18.lan#
bm18.lan#sh mls qos int gi0/10 st
GigabitEthernet0/10 (All statistics are in packets)
dscp: incoming
0 - 4 : 1141981 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 3 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
0 - 4 : 92 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
0 - 4 : 1142010 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
0 - 4 : 92 0 0 0 0
5 - 7 : 0 0 0
output queues enqueued:
queue: threshold1 threshold2 threshold3
queue 0: 0 0 0
queue 1: 92 0 5
queue 2: 0 0 0
queue 3: 0 0 810894
output queues dropped:
queue: threshold1 threshold2 threshold3
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
bm18.lan#
bm18.lan#
bm18.lan#sh int gi0/10
GigabitEthernet0/10 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0019.e7b1.c68a (bia 0019.e7b1.c68a)
Description: IPTV
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 89/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:07, output 00:00:06, output hang never
Last clearing of "show interface" counters 00:00:37
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 351051000 bits/sec, 32219 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1202212 packets input, 1637377057 bytes, 0 no buffer
Received 1202205 broadcasts (1202205 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1202205 multicast, 0 pause input
0 input packets with dribble condition detected
83 packets output, 6682 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
bm18.lan#
bm18.lan#
Queue counter is reset to 0, and after 10-15 seconds I see 810,894 packets, although a sh Int gi0/10 I see only 83 outgoing packet! -
MAC Addressess not showing on my new 3560 switch
I have a Cisco 3560 (Switch B) switch I just introduced into my network. The gigabit ports are trunked from another switch (Switch A) to a Cisco 6509 WS (Main Switch).
crpf4bsw3#show cdp neighbors
Device ID Local Intrfce Holdtme Capability Platform Port ID
crpf4bsw2.mdch.com
Gig 0/1 124 S I WS-C3560-4Gig 0/4
crpcorsw1.mdch.com
Gig 0/4 127 R S I WS-C6509-EGig 2/8
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,19,124,150,160,164,168,224
switchport mode trunk
mls qos trust dscp
spanning-tree link-type point-to-point
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,19,124,150,160,164,168,224
switchport mode trunk
mls qos trust dscp
spanning-tree link-type point-to-point
The trunk ports are working just fine. I have configured all necessary remote management with no issues. However, my access ports are not working. I have set them up exactly the same as the adjacent switch A and it works just fine, but the same configuration on the new switch has not been able to pull IP information. I have provided information as to how the switch access ports are configured on both Switch A (working) and Switch B (not working). I should note that I tried this with a Cisco 7940 phone and it got stuck on "configuring IP" then I tried it with my laptop and it pulled a 169 IP address. Both were direct connections into switch B. When I run a show mac-address-table, neither device shows up in the table. Only the gig port MACs. Any thoughts? Please let me know if you need any more information.
interface FastEthernet0/3
switchport access vlan 124
switchport mode access
switchport voice vlan 224
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enableHi Mike,
It looks like you're guiding me in the right direction. I did a "show port security interface fa0/2" on the new switch and nothing was out of the ordinary with the exception of the 0 MAC addresses learned. But then I did a "show spanning tree vlan 224" Here's what I found:
Switch A (existing switch):
crpf4bsw2#show spanning-tree vlan 224
VLAN0224
Spanning tree enabled protocol rstp
Root ID Priority 4096
Address 0012.44cc.68e0
Cost 8
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32992 (priority 32768 sys-id-ext 224)
Address 0013.60aa.7400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
Gi0/1 Root FWD 4 128.1 P2p
Fa0/1 Desg FWD 19 128.3 Edge P2p
Fa0/2 Desg FWD 19 128.4 Edge P2p
Fa0/3 Desg FWD 19 128.5 Edge P2p
Fa0/4 Desg FWD 19 128.6 Edge P2p
Fa0/5 Desg FWD 19 128.7 Edge P2p
Fa0/6 Desg FWD 19 128.8 P2p Peer(STP)
Interface Role Sts Cost Prio.Nbr Type
Fa0/7 Desg FWD 19 128.9 Edge P2p
Fa0/8 Desg FWD 19 128.10 Edge P2p
Fa0/9 Desg FWD 19 128.11 Edge P2p
Fa0/10 Desg FWD 19 128.12 Edge P2p
Fa0/11 Desg FWD 19 128.13 Edge P2p
Fa0/12 Desg FWD 19 128.14 Edge P2p
Fa0/13 Desg FWD 19 128.15 Edge P2p
Fa0/15 Desg FWD 19 128.17 Edge P2p
Fa0/19 Desg FWD 19 128.21 Edge P2p
Fa0/20 Desg FWD 19 128.22 Edge P2p
Gi0/4 Desg FWD 4 128.28 P2p
Fa0/29 Desg FWD 19 128.33 Edge P2p
Fa0/30 Desg FWD 19 128.34 Edge P2p
Fa0/31 Desg FWD 19 128.35 Edge P2p
Fa0/32 Desg FWD 19 128.36 Edge P2p
Fa0/33 Desg FWD 19 128.37 Edge P2p
Fa0/34 Desg FWD 19 128.38 Edge P2p
Fa0/35 Desg FWD 19 128.39 Edge P2p
Fa0/37 Desg FWD 19 128.41 Edge P2p
Fa0/38 Desg FWD 19 128.42 Edge P2p
Fa0/39 Desg FWD 19 128.43 Edge P2p
Fa0/40 Desg FWD 19 128.44 Edge P2p
Fa0/41 Desg FWD 19 128.45 Edge P2p
Interface Role Sts Cost Prio.Nbr Type
Fa0/42 Desg FWD 19 128.46 Edge P2p
Fa0/43 Desg FWD 19 128.47 Edge P2p
Fa0/44 Desg FWD 19 128.48 Edge P2p
Fa0/45 Desg FWD 19 128.49 Edge P2p
Fa0/46 Desg FWD 19 128.50 Edge P2p
Switch B (new switch):
Spanning tree instance(s) for vlan 224 does not exist.
So with this new information, and with my trunk configurations above, what did you mean by a disconnect on the trunk? -
Air Bridge 1310 - Configuring QOS on Point to Point
I have 2 BR1310 Air Bridge's configured for a point to point connection, one is root,one is non-root. In configuring QOS for VOIP for the first time, I'm looking for a best practice configuration.
Behind each bridge is a 3560 switch that has QOS configured on each switchport. Our environment consists of 7960 desk phones.Hi Michael,
Have a look at these docs. Hopefully they will help get you started;
Cisco Aironet 1300 Series Outdoor Access Point/Bridge Software Configuration Guide, 12.3(4) JA
Chapter 14 - Configuring QoS
This chapter describes how to configure quality of service (QoS) on your access point/bridge. With this feature, you can provide preferential treatment to certain traffic at the expense of others. Without QoS, the access point/bridge offers best-effort service to each packet, regardless of the packet contents or size. It sends the packets without any assurance of reliability, delay bounds, or throughput.
From this doc;
http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_4_JA/configuration/guide/o13qos.html
Giving Priority to Voice Traffic
This section demonstrates how you can apply a QoS policy to your wireless network's voice VLAN to give priority to wireless phone traffic.
In this example, the network administrator creates a policy named voice_policy that applies voice class of service to traffic from Spectralink phones (protocol 119 packets). The user applies the voice_policy to the incoming and outgoing radio ports and to the outgoing Ethernet port for VLAN 77.
Use the Apply Policies to Interface/VLANs drop-down menus to apply policies to the access point Ethernet and radio ports. If VLANs are configured on the access point, drop-down menus for each VLANs' virtual ports appear in this section. If VLANs are not configured on the access point, drop-down menus for each interface appear.
From this doc;
http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_4_JA/configuration/guide/o13qos.html#wp1047736
Hope this helps!
Rob -
Rate-limit command 3560 does it exist?
I have just come across a command in my router IOS which might be useful too me. I was wondering if the following command is available on a 3560 Switch. I don't see it on my 3550 but the IOS is quite old. I don't have a 3560 avaiable currently to check.
Config t > int vlan x > rate-limit input/output
does this exist on the 3560? I am also interest if it does in the Bits per second range and if available input/output.
Thanks for any helpHello,
what kind of feature are you looking for?
CAR?
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a0080087f26.html#wp1037428
For command list check the following link:
Catalyst 3560 Switch Command Reference, Rel. 12.2(25)SEE
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/cr/index.htm
For QOS configs:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swqos.htm
If you need to rate limit traffic on an interface check:
Limiting the Bandwidth on an Egress Interface
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swqos.htm#wp1253412
Hope this help a bit,
if it does, please rate this post.
Vlad -
QoS per udp port on an interface
Is it possible to configure a CISCO 3560 switch for QoS where we can apply per udp port policies with different Token Bucket rates and burst sizes? If so, how?
Write access lists that match the particular UDP port(s) you want, assign each ACL to a different class, and then assign each class on the policy map with a different policer. Note that you may not be able to do this if the switch has a layer-two only license (i.e. LAN base/lite).
-
URGENT! Setting QoS DSCP value on switches
Hi,
I desperately need replies to my problem below.
I tried to set DSCP values to 2 applications, video and video conference, on cisco 3560 and cisco 2950 swtiches based on the source ip address of the servers.
So on the switches, I created an access-list to identify the servers' ip addresses.
Then I use "class-map match-any video" followed by "match access-group" for the access-list.
Then I use "policy-map policy1", then "class video" then "set dscp ef".
Finally I apply the policy to the INPUTS of all ports "service-policy input policy1"
But when I use a sniffer to sniff the ports, I see that the DSCP value is not "EF", instead it is "0x20, class 4".
Why is this so?
Where have I done wrongly?
Finally, on routers, where do I apply QOS policy? On input ports or output ports of routers?
I urgently need help.
Thank you.
Regards,
RachelRachel,
Without seeing what you have in place so far, I'll see if I can answer some of those questions. If the switch connects to a router, then the outbound (egress) interface would in fact be that interface on the switch that connects to a router. Best practices dictate that the classification and marking should be done on the inbound (ingress) interface which connects the switch to the network where the host resides.
If you wanted to implement an end-to-end QoS solution, then you should configure QoS on every interface between the source and destination. This is because even FastE/GigE ports can become congested due to worm outbreak or DOS attack. But if all you want to do right now is guarantee bandwidth to the video traffic across the WAN, that can be accomplished by a) classifying and marking the video traffic as close to the source as possible, and b) configuring queuing/scheduling on the outbound WAN interface based on those markings.
Once the switch has marked the traffic with a DSCP value per (a), that DSCP value should remain intact until it reaches the WAN router per (b), and all the way until it reaches its destination. That is, unless there is a device somewhere in between that is remarking traffic. If the switch you reference is not directly connected to the router you reference, there could be another switch or router in between marking everything back to DSCP 0, meaning that all traffic is untrusted.
I don't have a 2950 here with me, but without checking syntax this is basically what you should have, if you just want to mark video traffic EF and then guarantee bandwidth on the wan:
2950:
access-list permit
class-map match-any VIDEO
match access-group
policy-map POLICY1
class VIDEO
set ip dscp 46 !
interface
service-policy input POLICY1
Router:
class-map match-any EF_VIDEO
match ip dscp 46
policy-map VIDEO_OUT
class EF_VIDEO
priority 1600
interface
service-policy output VIDEO_OUT
If you are sniffing traffic on that switch to ensure that video traffic is being marked, make sure that you are sniffing the outbound interface toward the router, not the inbound interface from the host. That will ensure that your sniffer trace picks up the traffic after it has been marked DSCP 46.
Just in case this post is related to your post where you want to lock the router WAN interface so that the 1.6 megs of video gets through but other traffic is dropped when the video takes the full 1.6 megs of bandwidth...
QoS queuing/scheduling only kicks in when the interface experiences congestion. If there is no congestion on the interface, traffic will still be marked and policed per the service policy, but not queued/scheduled - it will just fly right through the interface with the new markings. The only way to force such congestion at 1.6 megs is to use traffic shaping. You would need to shape the entire interface down to 1.6 megs, and THEN apply the priority bandwidth. This can be accomplished with a hierarchical policy-map as follows:
Router:
class-map match-any EF_VIDEO
match ip dscp 46
policy-map VIDEO_OUT
class EF_VIDEO
priority 1600
policy-map SHAPE_OUT
class class-default
shape average 1600000
service-policy VIDEO_OUT
interface
service-policy output SHAPE_OUT
I really hope I am helping you out here, please let me know how this works out. Good luck!
Best Regards
Robert
Maybe you are looking for
-
Two problems : areaChart along with Line and double y-axis in LineChart
Hi Friends, This forum is very useful as we are getting lots of help from people who are trying out this new technology and giving/using help to/from others.I am developing a real time application in JavaFx in which I need to implement Charts using d
-
Geting an error in alv reporting
HELLO EVERYONE I AM A BEGINNER . THIS IS THE PROBLEM AM GETTING IN MY PROGRAM.PLZ HELP ME WITH IT. ERROR MSG, "THE DATA OBJECT 'WA_FCAT' DOES NOT HAVE A COMPONENT CALLED 'FIELDNAME ". FOLLOWING STATEMENT HAVING THE PROBLEM FIELD CATLOG WA_FCAT-FIE
-
WAS Inst on the NetWeaver 7.2 platform for the Business Objects XI 4.0 SP1
Hello to all, I have tried to install the WAS on the NetWeaver 7.2 platform for the Business Objects XI 4.0 SP1. Ok, more preciselly. I have tried to install SP1 for the Business Objects Enterprise XI 4.0. We have had a distributed installation. An a
-
Change the authorization email address?
How do I change the authorization email address once it's already been activated?
-
Forum for discussions around "My Oracle Support"
Since there isn't a forum specifically for "My Oracle Support" what do people think about having one created. There are forums both here and in the MOS communities for just about every other product that Oracle has what about one for MOS on http://fo