6500-qos-drops
I have a problem with an interface Gi that it has qos enable. It drops packets in priority queue ( cos 5 asignated), following the q2 and there is not drops on q1.
This is the status:
Interface GigabitEthernet9/32 queueing strategy: Weighted Round-Robin
Port QoS is enabled
Trust state: trust COS
Extend trust state: not trusted [COS = 0]
Default COS is 0
Transmit queues [type = 1p2q2t]:
Queue Id Scheduling Num of thresholds
1 WRR low 2
2 WRR high 2
3 Priority 1
WRR bandwidth ratios: 100[queue 1] 255[queue 2]
queue-limit ratios: 70[queue 1] 15[queue 2]
queue random-detect-min-thresholds
1 40[1] 70[2]
2 40[1] 70[2]
queue random-detect-max-thresholds
1 70[1] 100[2]
2 70[1] 100[2]
queue thresh cos-map
1 1 0 1
1 2 2 3
2 1 4 6
2 2 7
3 1 5
Receive queues [type = 1q2t]:
Queue Id Scheduling Num of thresholds
1 Standard 2
queue tail-drop-thresholds
1 100[1] 100[2]
queue thresh cos-map
1 1 0 1 2 3 4
1 2 5 6 7
Packets dropped on Transmit:
BPDU packets: 0
queue thresh dropped [cos-map]
1 1 0 [0 1 ]
1 2 0 [2 3 ]
2 1 0 [4 6 ]
2 2 486* [7 ]
3 1 486* [5 ]
* - shared transmit counter
Packets dropped on Receive:
BPDU packets: 0
queue thresh dropped [cos-map]
1 1 0 [0 1 2 3 4 ]
1 2 0 [5 6 7 ]
Thanks,
Marcelo
check out the following link on Troubleshooting Output Drops with Priority Queueing, hope this helps :
http://www.cisco.com/en/US/tech/tk39/tk51/technologies_tech_note09186a0080103e8a.shtml
Similar Messages
-
Hi
If I have two COS values within the same queue on a 5500 port can I set drop priority for them ? I am looking at setting in contract and out of contract data rates for some VMs, setting the COS value dependant on this and then getting the 5K to be more likely to drop out of contact data.
Its whjat I would do on a 6k or 7k with assigning different tail drop thresholds to different COS values in the same queue.Thats what I kind of figured after reading all the docs. Makes it a bit of a pain as there really arent quite enough queues for what I want to do.
Viideo & Voice
Call SIgnnaling
Critical Data
Network Ctrl (ssh, VMware vmotion and ctrl etc)
Bulk Data
Best Efforts
Thats six and since we are using FCoE tehre are only 5 qos groups we can use ......
I am going to have to combine two of the above. -
Hi.. I have configured service policy on tunnel interface but i am seeing packets are being drop in default class even if bandwidth is not full utilized.
I have been running 20MB mpls circuit and configured GRE tunnel b/w two locations over mpls circuits. I have assigned 15mb to FTP traffic.
pls tell me why there is drops even if link bandwidth is almost available.
class-map match-any ftp
match ip dscp af21
policy-map police
class ftp
bandwidth 15000
policy-map shape
class class-default
shape average 20000000
service-policy police
interface Tunnel1
service-policy output shape
Router#sh policy-map interface t1
Tunnel1
Service-policy output: shape
Class-map: class-default (match-any)
2056697 packets, 1360260464 bytes
5 minute offered rate 566000 bps, drop rate 0 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/424/0
(pkts output/bytes output) 2075327/1394463992
shape (average) cir 20000000, bc 80000, be 80000
target shape rate 20000000
Service-policy : police
Class-map: ftp (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp af21 (18)
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 15000 kbps
Class-map: class-default (match-any)
2056697 packets, 1360260464 bytes
5 minute offered rate 566000 bps, drop rate 0 bps
Match: any
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/424/0
(pkts output/bytes output) 1952029/1304014921Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
As Vasilii has described, you can compute the additional delay you might impose by increasing queue's limit (NB: keep in mind, though, queue depth is in packets, so if the same number of packets were smaller in size, maximum latency would be reduced).
If you want to allow a single TCP flow to be able to use all the bandwidth, you'll need to insure your queue can handle about half the BDP.
Doing so, again, risks increasing the possible maximum latency. However, using QoS, you can sometimes get the best of both. Low latency for light weight flows and maximum transfer rate for bandwidth hogs. -
Hi All,
I'm trying to figure out how I can do QoS on a 6500 and police traffic based on an IP access-list.
I want to define an access-list which specifies the traffic based on soure and destination IP addresses. I then plan to use a class map to match this access list and police the traffic in a qos policy. I was planning on applying the qos policy on a gig interface.
As the 6500 has a different architecture, compared to a normal router, can some suggest how I can do this. I'd like to do this on a:
WS-C6509-E (R7000) with a Supervisor Engine 720
Regards
DDear all,
I'm facing with a problem about monitor traffic for each class of service when i apply poilce on my Tengiga interface. The output command result as below:
7600#sh policy-map inter ten4/4
class-map: Hosting-Colocation-to-Network (match-any)
Match: access-group name Hosting-Colocation-to-Network
police :
10000000000 bps 31250000 limit 31250000 extended limit
Earl in slot 4 :
13801619258245 bytes
30 second offered rate 144487304 bps
aggregate-forwarded 13801619258245 bytes action: transmit
exceeded 0 bytes action: transmit
aggregate-forward 145773304 bps exceed 0 bps
Earl in slot 5 :
72837 bytes
30 second offered rate 0 bps
aggregate-forwarded 72837 bytes action: transmit
exceeded 0 bytes action: transmit
aggregate-forward 0 bps exceed 0 bps
class-map: class-default (match-any)
Match: any
police :
10000000000 bps 31250000 limit 31250000 extended limit
Earl in slot 4 :
74520070218188 bytes
30 second offered rate 879718984 bps
aggregate-forwarded 74520070218188 bytes action: transmit
exceeded 0 bytes action: transmit
aggregate-forward 888842536 bps exceed 0 bps
Earl in slot 5 :
5622549680569 bytes
30 second offered rate 93300336 bps
aggregate-forwarded 5622549680569 bytes action: transmit
exceeded 0 bytes action: transmit
aggregate-forward 99314912 bps exceed 0 bps
My traffic have 2 type which classify to 2 class as above. I would like monitor traffic at fields bold (30 second offered ...). Pls advice me how to monitor this field on graph.
Thanks and best reagards,
Vo Minh Thuan -
Joe,
We have another urgent requirement and need to troubleshoot QOS.
What we need to able to do is
1, Report Qos drops based on DSCP value. (show policy-map interface command does not work for us!)
2, Report packet with value of DSCP value 0 ending up in the default-class (Only for troubleshooting )
Can you assistant us?
FranciscoIf there are no CLI commands which can provide you with what you need, I'm not sure how EEM is going to help you here. EEM really only has visibility to the control plane. EEM 3.0 does offer some Netflow integration, but I do not think you have that version.
-
BT Broadband, BT Vision and Qos.
We have had a good reliable service with BT Broadband, consistently achieving 7.2 Meg. When the contract came up for renewal we did so and with BT Vision. However, the activation day came and went for the Vision with no service on the BTVision, repeated error codes and many attempts to update the software which always failed. After many phone calls we were advised that the Broadband had not be set for BT Vision and two weeks later the box sprang into life! However, only the BBC IPlayer worked, the others didn't. Another call to India and was advised there would be a recall. No recall so sent an email instead and then recieved a response to say that QoS was missing from the line and the line would be updated in a couple of days. This happened and the box started to work correctly.
Soon after we noticed that the response times on the PC's had slowed, so we started doing speed tests and other checks and instead of the 7.2 that we were previously seeing, we were lucky to see 2 Meg! At the time, not knowing any different we started to check and test the PCs in the house, but whatever we did, any time of the day, it was 2 Meg. My son on his PS3 had to give up on-line gaming as the responses were so bad! Using the BT Speed test showed us that the profile was 3500 with a download speed of 1829kbps. However the DSL connection rate was 6752kbps?
Called India again and went through all there scripted tests -twice as something failed the first time. With he result that an engineer was promised a visit. On the morning of the visit, speedtest.com started showing that we were back up to speed. When the engineer arrived, we did the BT Speed test which showed a profile of 3500 but a connection speed of 4.2M. He said that this was not possible as the profile should always be higher than the reported connection speed. The engineer then did all his tests and every time it showed up 7.2M with very few, if any errors. He said that when he left he would request that the line profile be reset and when he was on the point of leaving we redid the speedtest from the PC to see that the speed had dropped down again. BT man tested the line again and yes the connection rate was 7.2M but speedtest said only 1.9M. He then changed the hub with no difference saying that we should use port 1 for BTVision. He left saying that give it 72 hours for the profile to be reset and see what happens.
The profile has now been reset and it shows 5500kbps. BT engineer said that with a download speed that we have he would expect a profile of 8000kbps. However we still have the slow sub 2m connection speed.
Reading other posts, I understand QoS is designed to ensure BTVision always has a 2Meg service and the rest is for everything else. Also I am given to understand that when the box is off the QoS drops much lower, so allowing more bandwidth for other applications. That is definitely not happening on my line. All QoS appears to be doing is limiting the line speed for everything to 2Meg irrespective of the line capability with an occasional (once) upspeed.
Is there anyone out there that can explain what the problem is and what should actually happen as I can't believe that to make the Vision box work correctly, everything alse has to suffer!
(To cap it all the BT Vision box power supply has started to emit a loud annoying high pitched noise when in its red mode).
Solved!
Go to Solution.Line Check.
Line problems: Line check result
Thanks for waiting, we've tested your line and here are the results.
Telephone number checked
Results of line test
We cannot detect a problem with this line.It may be caused by a faulty phone or equipment.
What to do next
Check your telephone or equipment
1. Watch this video to troubleshoot now.
2. Is the equipment set up and connected properly?
3. Do you get the same problem if you use another phone in the same socket?
View more troubleshooting tips
Schedule a visit from an engineer
You can arrange for us to visit. Please note that there may be a charge for this service if it's an equipment fault you can fix yourself. If you are a Critical Care or Total Care customer and you are available at the premises where the fault exists throughout the next 24 hours, please click on the 'Need help?' link above to contact BT. Alternatively, you could progress below to book an engineer appointment, which may fall outside your service level agreement.
See terms of repair visit -
Convert Qos commands from CATOS to IOS
Hello,
i've some problems converting some Qos commands from CATos to IOS can anybody help me?
set qos drop-threshold 1q4t rx queue 1 50 60 80 100
set qos map 2q2t tx 1 1 cos 0
set qos map 1p1q4t rx 1 3 cos 4
set qos wrr 1p2q2t 50 255
set qos txq-ratio 1p2q2t 70 15 15
set qos wred 1p2q2t tx queue 1 70:100 70:100
set qos bridged-microflow-policing disable 1,50-54,100-121,500,700-702,1006-1011,1016
set qos policed-dscp-map 1:1
set qos policed-dscp-map excess-rate 0:0
set qos acl default-action ip dscp 0
set qos acl default-action ipx
set qos acl default-action mac
set qos policy-source local
set qos rsvp disable
set qos rsvp policy-timeout 30
set qos rsvp local-policy forward
!Module with GE interfaces
set port qos 3/1-16 cos 0
set port qos 3/1-16 trust trust-cos
set port qos 3/1-16 port-based
set port qos 3/1-16 policy-source local
set qos statistics export port 3/1 disable
set qos statistics export port 3/2 disable
set qos statistics export port 3/3 disable
set qos statistics export port 3/4 disable
set qos statistics export port 3/5 disable
set qos statistics export port 3/6 disable
set qos statistics export port 3/7 disable
set qos statistics export port 3/8 disable
set qos statistics export port 3/9 disable
set qos statistics export port 3/10 disable
set qos statistics export port 3/11 disable
set qos statistics export port 3/12 disable
set qos statistics export port 3/13 disable
set qos statistics export port 3/14 disable
set qos statistics export port 3/15 disable
set qos statistics export port 3/16 disableThis URL should help you:
http://www.cisco.com/warp/public/473/73.html -
Maximum 29XX switches on a 6500 series
Hello,
is there a recommended maximum of user ports i can connect directly to a 6500 series core switch?
So I have a situation with about 80 24-ports switches (in stacks of 2 or 3) connected with fiber to the core switch. Now one of the network managers states we need a distribution layer cause performance in the 6500 will drop. Reason for this is that the 29XX series switches do not support layer 3.
Is this correct? And does the added layer 3 functionality in a (extra) distribution layer increase performance in the core? Even though almost all traffic is user - server traffic and servers are connected to core?
Anyone know? THanks!Hi Friend,
Which sup engine do you have and is there any switch fabric module you are running. Cat6500' are cross-fabric chassis which gives 32GBPS backplane switch capacity bedefualt. If you have SFM (switch fabric module) installed then it will give 256 GBPS of backplane capacity.
If you are running Sup720, you have 720 GBPS backplane capacity and you will see a greater performance by cat65K.
If you dont have SFM or sup 720, then yes with direct access switches uplink to Core might slow down the performance of the core switch.
If that's the case I would suggest to got for hierarchical design and add another layer of the architecture i.e distribution layer.Now what you can do with this additional layer, is that you can uplink your access layer to it, have your inter-vlan routing done on thius layer, have to access control policy deployed at this layer.
This addtion layer and the above functionalities will off load the processing of traffic at core and core will be efficient enough to process the traffic as fast as it can. This is a abosultely correct approach.
Please, write back for any qurstions.
HTH, Please rate if it does.
-amit singh -
Hello,
Does anyone know if it is possible to apply a 6500 QoS service-policy to a ACE module interface? I would like to leverage CBQOS to apply policing to traffic entering/leaving the ACE module.
Thanks!
LeeHI Collin,
You can use this by Configuring Control Plane Policing (CoPP).
CoPP uses a dedicated control plane configuration through the modular QoS CLI (MQC) to provide filtering and rate-limiting capabilities for the control plane packets.
CoPP is disabled by default.
CoPP is only supported on ingress (service-policy output CoPP cannot be applied to the control plane interface). Neither egress CoPP nor silent mode is supported.
Just follow the CoPP Configuration Guidelines and Restrictions .
CoPP uses MQC to define traffic classification criteria and to specify the configurable policy actions for the classified traffic. You must first identify the traffic to be classified by defining a class map. The class map defines packets for a particular traffic class. After you have classified the traffic, you can create policy maps to enforce policy actions for the identified traffic. The control-plane global configuration command allows the CoPP service policies to be directly attached to the control plane.
Use the below mentioned URL for Defining Traffic Classification
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html#wp1141968
the commonly required traffic is identified with these ACLs:
â¢ACL 120-Critical traffic
â¢ACL 121-Important traffic
â¢ACL 122-Normal traffic
â¢ACL 123-Explicitly denies unwanted traffic
â¢ACL 124-All other traffic
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html
Use the control plane commands as follows:
control-plane
To enter control-plane configuration mode, which allows users to associate or modify attributes or parameters (such as a service policy) that are associated with the control plane of the device, use the control-plane command in global configuration mode. To remove an existing control-plane configuration from the router, use the no form of this command.
Syntax for T Releases
control-plane [host | transit | cef-exception]
no control-plane [host | transit | cef-exception]
Syntax for 12.0S Releases
control-plane [slot slot-number] [host | transit | cef-exception]
no control-plane [slot slot-number] [host | transit | cef-exception]
Syntax for 12.2S Releases for Cisco 7600 Series Routers
control-plane
no control-plane
Syntax for ASR 1000 Series Routers
control-plane [host]
no control-plane [host]
The below link can be of huge information and config examples for control plane configuration:
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_a1.html#wp1047593
Get back to me if you find this information relevant and useful to you.
Sachin garg -
Qos- I want to apply limit on FTP traffic
I want to apply Qos on ftp traffic on cisco 6500. Ftp traffic should use only 512 kbps bandwidth. Please any one suggest how should i establish this and any study document will be welcome.
Thanks in advanceDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
How would depend very much on the QoS features of the device. Even 6500 QoS features depend on line cards.
Most, but not all, Cisco switches support 4 egress queue which you can provide different bandwidth allocations. Such allocations usually provide a minimum, but more bandwidth might be used if its otherwise not being used.
For example, you might define four queues that one is a priority queue for real-time traffic; one is a foreground queue with a large bandwidth allocation (not that such traffic should be bandwidth intensive, but to insure high priority for dequeuing; one is a background queue with minimum bandwidth allocation (often where you might want to direct FTP); and the last is a middle allocation for everything else, i.e. your default.
Also on switches, traffic is often placed into a particular egress queue based on L2 CoS or L3 ToS. So, what this means, you'll want to mark your FTP traffic differently than your other traffic, perhaps with CoS 1 or DSCP CS1 or AF1x.
Cisco has some great guides on how to configure QoS for their different platforms although their 11 class model is often overly complex. -
QoS Packets not matching on 6500 with SUP720-10GE and SU2T
Hi,
I do not see packets matching in policy.
output below:
Switch#sh policy-map interface vlan 2232
Vlan2232
Service-policy input: HARDPHONE-VVLAN
Class-map: VOICETRAFFIC (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICETRAFFIC
Class-map: VOICESIGNALING (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICESIGNALING
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
I also not find packets matching ACL:
switch#sh access-lists
Extended IP access list VIDEOTRAFFIC
10 permit udp any any range 16384 32767
Extended IP access list VOICESIGNALING
10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
Extended IP access list VOICETRAFFIC
10 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 range 16384 32767
I checked policies, they looks applied correctly.
On SUP-720-10GE, I modified ACL to 'permit udp any any' but not found any matching packets. There are plenty of IP phones connected directly to this switch belongs to voice VLAN. I applied VLAN based QoS under voice VLAN and other VLANs too.
I observed different thing on SUP 2T. I saw packets matching ACL statement 'permit udp any any' but when I took off this line, ACL was not showing packets matching.
OUTPUT of IP phones connected to switch:
switch#sh cdp neighbors | in SEP
SEP0008308A5D7B Gig 13/38 143 H P M IP Phone Port 1
SEP0008308A5DE0 Gig 10/1 121 H P M IP Phone Port 1
SEP0023049C6348 Gig 3/42 152 H P M IP Phone Port 1
SEP0021A02D64D4 Gig 9/28 120 H P M IP Phone Port 1
SEP1C6A7AE0588E Gig 3/9 127 H P M IP Phone Port 1
SEP00229059969E Gig 12/48 166 H P M IP Phone Port 1
SEP0008308AF26F Gig 2/7 161 H P M IP Phone Port 1
SEP00235EB7BE0E Gig 4/2 154 H P M IP Phone Port 1
SEP00229059BE5A Gig 6/37 158 H P M IP Phone Port 1
SEP1CAA07115CF3 Gig 12/29 148 H P M IP Phone Port 1
SEP00235EB7884F Gig 9/3 156 H P M IP Phone Port 1
SEP0008308B03FB Gig 2/30 178 H P M IP Phone Port 1
SEP006440B42CD3 Gig 3/45 132 H P M IP Phone Port 1
SEP0022905991C9 Gig 11/4 145 H P M IP Phone Port 1
SEP0008308A5E6C Gig 6/36 124 H P M IP Phone Port 1
SEP006440B427CA Gig 13/31 170 H P M IP Phone Port 1
SEP006440B425FF Gig 3/19 168 H P M IP Phone Port 1
SEP0008308A7AD7 Gig 2/3 159 H P M IP Phone Port 1
SEP0008308A3EB2 Gig 10/4 132 H P M IP Phone Port 1
SEP002414B45A0E Gig 10/28 170 H P M IP Phone Port 1
SEP04C5A4B19C8B Gig 2/15 162 H P M IP Phone Port 1
SEP006440B43DE6 Gig 9/48 162 H P M IP Phone Port 1
SEP006440B42B0D Gig 9/23 179 H P M IP Phone Port 1
Could anyone please help, how to make sure that packets are hitting correct ACL and policy on 6500 with SUP720-10GE and SUP2T.
Thanks,
PruthviPlease note that 6500 is used as L2 switch only and SVI are used for applying policies only.
Configuration below:
class-map match-all VOICESIGNALING
match access-group name VOICESIGNALING
class-map match-all VOICETRAFFIC
match access-group name VOICETRAFFIC
class-map match-all VIDEOTRAFFIC
match access-group name VIDEOTRAFFIC
policy-map HARDPHONE-VVLAN
class VOICETRAFFIC
police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
class VOICESIGNALING
police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
class class-default
police flow mask src-only 32000 8000 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
policy-map STUDENT-DVLAN
class class-default
police flow mask src-only 25000000 1562500 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
policy-map STAFF-DVLAN
class VOICESIGNALING
police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
class VOICETRAFFIC
police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
class VIDEOTRAFFIC
police flow mask src-only 2000000 150000 conform-action set-dscp-transmit ef exceed-action drop
class class-default
police flow mask src-only 50000000 1000000 conform-action set-dscp-transmit ef exceed-action drop
ip access-list extended VOICESIGNALING
remark Skinny and SIP protocols From Phones to Voice Core Infrastructure
permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
permit tcp any 10.128.0.0 0.3.255.255 eq 5060
permit udp any 10.128.0.0 0.3.255.255 eq 5060
permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
permit tcp any 172.20.10.0 0.0.1.255 eq 5060
permit udp any 172.20.10.0 0.0.1.255 eq 5060
ip access-list extended VOICETRAFFIC
permit udp any any dscp ef
permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
permit udp any any range 16384 32767 dscp ef
ip access-list extended VOICESIGNALING
remark Skinny and SIP protocols From Phones to Voice Core Infrastructure
permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
permit tcp any 10.128.0.0 0.3.255.255 eq 5060
permit udp any 10.128.0.0 0.3.255.255 eq 5060
permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
permit tcp any 172.20.10.0 0.0.1.255 eq 5060
permit udp any 172.20.10.0 0.0.1.255 eq 5060
ip access-list extended VIDEOTRAFFIC
permit udp any any range 16384 32767 dscp ef
interface Vlan104
description PolicyOnlyInt
no ip address
service-policy input STAFF-DVLAN
interface Vlan105
description PolicyOnlyInt
no ip address
service-policy input STAFF-DVLAN
interface Vlan573
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan604
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan654
description PolicyOnlyInt
no ip address
service-policy input STUDENT-DVLAN
interface Vlan674
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan807
ip address 172.18.128.5 255.255.255.0
interface Vlan860
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan2016
description PolicyOnlyInt
no ip address
service-policy input HARDPHONE-VVLAN
interface Vlan3124
description PolicyOnlyInt
no ip address
shutdown
service-policy input HARDPHONE-VVLAN
switch#sh access-lists
Extended IP access list VOICESIGNALING
10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
Extended IP access list VOICETRAFFIC
10 permit udp any any dscp ef <----- not showing any match
11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 <----not shwoing any match
12 permit udp any any range 16384 32767 dscp ef<----not shwoing any match
If I user "permit udp any any ", acl is showing match.
switch#sh access-lists
Extended IP access list VOICETRAFFIC
10 permit udp any any dscp ef
11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
12 permit udp any any range 16384 32767 dscp ef
13 permit udp any any (527055 matches) -
We have the following QoS config running on Edge, Distributions and Cores and got the following error.
âpriority command is not supported in output direction for this interface
Configuration failed on: Port-channelâ
We had opened a TAC case and they said â PFC QoS does not support these policy map class commands:
bandwidth
priority
queue-limit
random-detect
set qos-group
service-policy
How can we prioritize voip traffic. On our monitoring application, it says queues empty. Even if the priority command is not working there should be traffic in the queue.Different version of supervisors in Distribution (sup720) and COREs (Sup2).
Any suggestions? Attached document gives Config details.Are your Access Layer switches also 6500s? What Supervisor(s) are running in your 6500s & what CatOS or CatIOS are you running?
It sounds like you are redefining your trust boundary at every layer (Access, Distribution, Core). Did you get a chance to look over this SRND document?
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a008049b062.pdf
Here's an example of our L2 6513 with a WS-X6724 which has 1p3q8t for QoS Scheduling:
interface GigabitEthernet1/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
logging event link-status
logging event bundle-status
logging event trunk-status
wrr-queue bandwidth 5 25 70
wrr-queue queue-limit 5 25 40
wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100
wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100
wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100
wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100
wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100
wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100
wrr-queue cos-map 1 1 1
wrr-queue cos-map 2 1 0
wrr-queue cos-map 3 1 4
wrr-queue cos-map 3 2 2
wrr-queue cos-map 3 3 3
wrr-queue cos-map 3 4 6
wrr-queue cos-map 3 5 7
priority-queue cos-map 1 5
udld port
mls qos trust dscp
rmon collection stats 6001 owner monitor
channel-group 2 mode desirable non-silent
interface Port-channel2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
mls qos trust dscp
We also use NetMRI and you're correct, because the Cat 6500 PFC performs classification, marking, mapping, and policing functions, but the queuing and dropping policies are administered by the line cards, there are no MIBs for NetMRI to poll.
HTH
Steve -
Without 'MLS QOS' in 6500 does any interface queueing and trusting take place?
I have a 6500 that does not have 'mls qos' global configured, although the interfaces do have 'mls qos trust dscp' on them as in:
interface GigabitEthernet3/3
switchport
switchport access vlan 536
switchport mode access
switchport voice vlan 910
logging event link-status
mls qos trust dscp
spanning-tree portfast
When I 'show queueing int gx/x', it does show the default queueing structure of the interface as in:
LLT-6509AS-A#sh queueing int g3/3
Interface GigabitEthernet3/3 queueing strategy: Weighted Round-Robin
QoS is disabled globally
Port is untrusted
Extend trust state: not trusted [COS = 0]
Default COS is 0
Queueing Mode In Tx direction: mode-cos
Transmit queues [type = 1p3q8t]:
Queue Id Scheduling Num of thresholds
01 WRR 08
02 WRR 08
03 WRR 08
04 Priority 01
---- snip ----
queue thresh cos-map
1 1 0 1 2 3 4 5 6 7
1 2
1 3
1 4
1 5
1 6
1 7
1 8
Packets dropped on Transmit:
BPDU packets: 0
queue dropped [cos-map]
1 0 [0 1 2 3 4 5 6 7 ]
2 0 []
3 0 []
4 0 []
Packets dropped on Receive:
BPDU packets: 0
queue dropped [cos-map]
1 0 [0 1 2 3 4 5 6 7 ]
So just what does the global 'mls qos' do? Without it is the command 'mls qos trust dscp' ignored?
I'm trying to track down where in our network dscp settings are being stripped out of packets and this is when I noticed the 'mls qos' was not configured.it enables QOS on the switch, without it no QOS is being used.
Sent from Cisco Technical Support iPhone App -
How do I track down QOS "Aggregate Drops" in a 6807-VSS switch?
IOS = 15.1(2)SY1
When I do a "show platform qos" everything looks good except for this:
----- Switch [1], Module [3] -----
Counter IFE Pkts IFE Bytes OFE Pkts OFE Bytes
Policing Drops 0 0 216304 16888896
Policing Forwards 2935238201 5068976519092 2949830653 5069751062945
Police-hi Actions (Lvl3) 0 0 0 0
Police-lo Actions (Lvl2) 0 0 0 0
Aggregate Drops 0 0 263889 16888896
Aggregate Forwards 2935238198 5068976518864 2949830650 5069751062717
Any idea if these drops are QOS related and/or how to get more information about them in order to troubleshoot? OFE means 'Output Forwarding Engine'. There are no input or output queue drops on any of the interfaces doing a "show interface gx/x/x."
Thanks.Aggregate drops is just a total of drops from all the different internal processes. The OFE Bytes matches the policing drops. I'd assume policing is what caused these drops. The packet number difference may be due to fragmentation.
-
All of the QOS configuration guidance I've seen in the documentation on this website refers to 6500 switched interfaces (switchport mode access/trunk).
Is the QOS configuration different on a 6500 routed interface. For instance on an interface between two core switches in a routed (Layer 3) core?
I have already reviewed all of the IOS-related 6500 Cisco documents I could find, and the latest QOS SRND with no luck finding info on this issue.
Thanks
GregThis URL should help you:
http://www.cisco.com/application/pdf/en/us/guest/products/ps708/c2001/ccmigration_09186a00801a90cc.pdf
Maybe you are looking for
-
Creative Cloud problems since Mavericks update
Hi Has anyone else had problems using Adobe Creative Cloud since upgrading to Mavericks? I have a Mac Pro at work and everything runs smoothly on that but my 2nd license on my home iMac doesn't work properly. Photoshop won't open and constantly freez
-
Reg: IDOC Status Info Report
Hi Experts I am trying to posting the products/internal orders data via IDOC/ALE. After the Data loaded into the target system,I required to display the below info: Initial Data Load Results Report Layout: Totals Total number of records read: Total n
-
More than one library on one laptop
I have an original itunes library for my nano and have just set up a new library for my son's nano. Now when I log on I automatically go to my son's library and can't locate my original library. Any suggestions gratefully received.
-
can't delete certain bookmarks under unsorted bookmarks
-
I want to archive and install...
I'm currently using OS 10.5.8...I want to install Snow Leopard...I bought the dvd 10.6.3 and when i put it in my computer I'm not getting an 'archive and install' option...it goes right to 'installing OS X' on my computer... will the 'archive and ins