6500-qos-drops

Similar Messages

• Nexus 5500 qos drop priority

  Hi
  If I have two COS values within the same queue on a 5500 port can I set drop priority for them ? I am looking at setting in contract and out of contract data rates for some VMs, setting the COS value dependant on this and then getting the 5K to be more likely to drop out of contact data.
  Its whjat I would do on a 6k or 7k with assigning different tail drop thresholds to different COS values in the same queue.

  Thats what I kind of figured after reading all the docs. Makes it a bit of a pain as there really arent quite enough queues for what I want to do.
  Viideo & Voice
  Call SIgnnaling
  Critical Data
  Network Ctrl (ssh, VMware vmotion and ctrl etc)
  Bulk Data
  Best Efforts
  Thats six and since we are using FCoE tehre are only 5 qos groups we can use ......
  I am going to have to combine two of the above.

• QoS-drops

  Hi.. I have configured service policy on tunnel interface but i am seeing packets are being drop in default class even if bandwidth is not full utilized.
  I have been running 20MB mpls circuit and configured GRE tunnel b/w two locations over mpls circuits. I have assigned 15mb to FTP traffic.
  pls tell me why there is drops even if link bandwidth is almost available.
  class-map match-any ftp
   match ip dscp af21
  policy-map police
   class ftp
      bandwidth 15000
  policy-map shape
   class class-default
      shape average 20000000
    service-policy police
  interface Tunnel1
  service-policy output shape
  Router#sh policy-map interface t1
   Tunnel1
    Service-policy output: shape
      Class-map: class-default (match-any)
        2056697 packets, 1360260464 bytes
        5 minute offered rate 566000 bps, drop rate 0 bps
        Match: any
        Queueing
        queue limit 64 packets
        (queue depth/total drops/no-buffer drops) 0/424/0
        (pkts output/bytes output) 2075327/1394463992
        shape (average) cir 20000000, bc 80000, be 80000
        target shape rate 20000000
        Service-policy : police
          Class-map: ftp (match-any)
            0 packets, 0 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: ip dscp af21 (18)
              0 packets, 0 bytes
              5 minute rate 0 bps
            Queueing
            queue limit 64 packets
            (queue depth/total drops/no-buffer drops) 0/0/0
            (pkts output/bytes output) 0/0
            bandwidth 15000 kbps
          Class-map: class-default (match-any)
            2056697 packets, 1360260464 bytes
            5 minute offered rate 566000 bps, drop rate 0 bps
            Match: any
            queue limit 64 packets
            (queue depth/total drops/no-buffer drops) 0/424/0
            (pkts output/bytes output) 1952029/1304014921

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  As Vasilii has described, you can compute the additional delay you might impose by increasing queue's limit (NB: keep in mind, though, queue depth is in packets, so if the same number of packets were smaller in size, maximum latency would be reduced).
  If you want to allow a single TCP flow to be able to use all the bandwidth, you'll need to insure your queue can handle about half the BDP.
  Doing so, again, risks increasing the possible maximum latency.  However, using QoS, you can sometimes get the best of both.  Low latency for light weight flows and maximum transfer rate for bandwidth hogs.

• 6500 QoS

  Hi All,
  I'm trying to figure out how I can do QoS on a 6500 and police traffic based on an IP access-list.
  I want to define an access-list which specifies the traffic based on soure and destination IP addresses. I then plan to use a class map to match this access list and police the traffic in a qos policy. I was planning on applying the qos policy on a gig interface.
  As the 6500 has a different architecture, compared to a normal router, can some suggest how I can do this. I'd like to do this on a:
  WS-C6509-E (R7000) with a Supervisor Engine 720
  Regards
  D

  Dear all,
  I'm facing with a problem about monitor traffic for each class of service when i apply poilce on my Tengiga interface. The output command result as below:
  7600#sh policy-map inter ten4/4
  class-map: Hosting-Colocation-to-Network (match-any)
  Match: access-group name Hosting-Colocation-to-Network
  police :
  10000000000 bps 31250000 limit 31250000 extended limit
  Earl in slot 4 :
  13801619258245 bytes
  30 second offered rate 144487304 bps
  aggregate-forwarded 13801619258245 bytes action: transmit
  exceeded 0 bytes action: transmit
  aggregate-forward 145773304 bps exceed 0 bps
  Earl in slot 5 :
  72837 bytes
  30 second offered rate 0 bps
  aggregate-forwarded 72837 bytes action: transmit
  exceeded 0 bytes action: transmit
  aggregate-forward 0 bps exceed 0 bps
  class-map: class-default (match-any)
  Match: any
  police :
  10000000000 bps 31250000 limit 31250000 extended limit
  Earl in slot 4 :
  74520070218188 bytes
  30 second offered rate 879718984 bps
  aggregate-forwarded 74520070218188 bytes action: transmit
  exceeded 0 bytes action: transmit
  aggregate-forward 888842536 bps exceed 0 bps
  Earl in slot 5 :
  5622549680569 bytes
  30 second offered rate 93300336 bps
  aggregate-forwarded 5622549680569 bytes action: transmit
  exceeded 0 bytes action: transmit
  aggregate-forward 99314912 bps exceed 0 bps
  My traffic have 2 type which classify to 2 class as above. I would like monitor traffic at fields bold (30 second offered ...). Pls advice me how to monitor this field on graph.
  Thanks and best reagards,
  Vo Minh Thuan

• Troubleshoot QOS - EEM & TCL

  Joe,
  We have another urgent requirement and need to troubleshoot QOS.
  What we need to able to do is
  1, Report Qos drops based on DSCP value. (show policy-map interface command does not work for us!)
  2, Report packet with value of DSCP value 0 ending up in the default-class (Only for troubleshooting )
  Can you assistant us?
  Francisco

  If there are no CLI commands which can provide you with what you need, I'm not sure how EEM is going to help you here.  EEM really only has visibility to the control plane.  EEM 3.0 does offer some Netflow integration, but I do not think you have that version.

• BT Broadband, BT Vision and Qos.

  We have had a good reliable service with BT Broadband, consistently achieving 7.2 Meg. When the contract came up for renewal we did so and with BT Vision. However, the activation day came and went for the Vision with no service on the BTVision, repeated error codes and many attempts to update the software which always failed. After many phone calls we were advised that the Broadband had not be set for BT Vision and two weeks later the box sprang into life! However, only the BBC IPlayer worked, the others didn't. Another call to India and was advised there would be a recall. No recall so sent an email instead and then recieved a response to say that QoS was missing from the line and the line would be updated in a couple of days. This happened and the box started to work correctly.
  Soon after we noticed that the response times on the PC's had slowed, so we started doing speed tests and other checks and instead of the 7.2 that we were previously seeing, we were lucky to see 2 Meg! At the time, not knowing any different we started to check and test the PCs in the house, but whatever we did, any time of the day, it was 2 Meg. My son on his PS3 had to give up on-line gaming as the responses were so bad! Using the BT Speed test showed us that the profile was 3500 with a download speed of 1829kbps. However the DSL connection rate was 6752kbps?
  Called India again and went through all there scripted tests -twice as something failed the first time. With he result that an engineer was promised a visit. On the morning of the visit, speedtest.com started showing that we were back up to speed. When the engineer arrived, we did the BT Speed test which showed a profile of 3500 but a connection speed of 4.2M. He said that this was not possible as the profile should always be higher than the reported connection speed. The engineer then did all his tests and every time it showed up 7.2M with very few, if any errors. He said that when he left he would request that the line profile be reset and when he was on the point of leaving we redid the speedtest from the PC to see that the speed had dropped down again. BT man tested the line again and yes the connection rate was 7.2M but speedtest said only 1.9M. He then changed the hub with no difference saying that we should use port 1 for BTVision. He left saying that give it 72 hours for the profile to be reset and see what happens.
  The profile has now been reset and it shows 5500kbps. BT engineer said that with a download speed that we have he would expect a profile of 8000kbps. However we still have the slow sub 2m connection speed.
  Reading other posts, I understand QoS is designed to ensure BTVision always has a 2Meg service and the rest is for everything else. Also I am given to understand that when the box is off the QoS drops much lower, so allowing more bandwidth for other applications. That is definitely not happening on my line. All QoS appears to be doing is limiting the line speed for everything to 2Meg irrespective of the line capability with an occasional (once) upspeed.
  Is there anyone out there that can explain what the problem is and what should actually happen as I can't believe that to make the Vision box work correctly, everything alse has to suffer!
  (To cap it all the BT Vision box power supply has started to emit a loud annoying high pitched noise when in its red mode).
  Solved!
  Go to Solution.

  Line Check.
  Line problems: Line check result
  Thanks for waiting, we've tested your line and here are the results.
  Telephone number checked
  Results of line test
  We cannot detect a problem with this line.It may be caused by a faulty phone or equipment.
  What to do next
  Check your telephone or equipment
  1. Watch this video to troubleshoot now.
  2. Is the equipment set up and connected properly?
  3. Do you get the same problem if you use another phone in the same socket?
  View more troubleshooting tips
  Schedule a visit from an engineer
  You can arrange for us to visit. Please note that there may be a charge for this service if it's an equipment fault you can fix yourself. If you are a Critical Care or Total Care customer and you are available at the premises where the fault exists throughout the next 24 hours, please click on the 'Need help?' link above to contact BT. Alternatively, you could progress below to book an engineer appointment, which may fall outside your service level agreement.
  See terms of repair visit

• Convert Qos commands from CATOS to IOS

  Hello,
  i've some problems converting some Qos commands from CATos to IOS can anybody help me?
  set qos drop-threshold 1q4t rx queue 1 50 60 80 100
  set qos map 2q2t tx 1 1 cos 0
  set qos map 1p1q4t rx 1 3 cos 4
  set qos wrr 1p2q2t 50 255
  set qos txq-ratio 1p2q2t 70 15 15
  set qos wred 1p2q2t tx queue 1 70:100 70:100
  set qos bridged-microflow-policing disable 1,50-54,100-121,500,700-702,1006-1011,1016
  set qos policed-dscp-map 1:1
  set qos policed-dscp-map excess-rate 0:0
  set qos acl default-action ip dscp 0
  set qos acl default-action ipx
  set qos acl default-action mac
  set qos policy-source local
  set qos rsvp disable
  set qos rsvp policy-timeout 30
  set qos rsvp local-policy forward
  !Module with GE interfaces
  set port qos 3/1-16 cos 0
  set port qos 3/1-16 trust trust-cos
  set port qos 3/1-16 port-based
  set port qos 3/1-16 policy-source local
  set qos statistics export port 3/1 disable
  set qos statistics export port 3/2 disable
  set qos statistics export port 3/3 disable
  set qos statistics export port 3/4 disable
  set qos statistics export port 3/5 disable
  set qos statistics export port 3/6 disable
  set qos statistics export port 3/7 disable
  set qos statistics export port 3/8 disable
  set qos statistics export port 3/9 disable
  set qos statistics export port 3/10 disable
  set qos statistics export port 3/11 disable
  set qos statistics export port 3/12 disable
  set qos statistics export port 3/13 disable
  set qos statistics export port 3/14 disable
  set qos statistics export port 3/15 disable
  set qos statistics export port 3/16 disable

  This URL should help you:
  http://www.cisco.com/warp/public/473/73.html

• Maximum 29XX switches on a 6500 series

  Hello,
  is there a recommended maximum of user ports i can connect directly to a 6500 series core switch?
  So I have a situation with about 80 24-ports switches (in stacks of 2 or 3) connected with fiber to the core switch. Now one of the network managers states we need a distribution layer cause performance in the 6500 will drop. Reason for this is that the 29XX series switches do not support layer 3.
  Is this correct? And does the added layer 3 functionality in a (extra) distribution layer increase performance in the core? Even though almost all traffic is user - server traffic and servers are connected to core?
  Anyone know? THanks!

  Hi Friend,
  Which sup engine do you have and is there any switch fabric module you are running. Cat6500' are cross-fabric chassis which gives 32GBPS backplane switch capacity bedefualt. If you have SFM (switch fabric module) installed then it will give 256 GBPS of backplane capacity.
  If you are running Sup720, you have 720 GBPS backplane capacity and you will see a greater performance by cat65K.
  If you dont have SFM or sup 720, then yes with direct access switches uplink to Core might slow down the performance of the core switch.
  If that's the case I would suggest to got for hierarchical design and add another layer of the architecture i.e distribution layer.Now what you can do with this additional layer, is that you can uplink your access layer to it, have your inter-vlan routing done on thius layer, have to access control policy deployed at this layer.
  This addtion layer and the above functionalities will off load the processing of traffic at core and core will be efficient enough to process the traffic as fast as it can. This is a abosultely correct approach.
  Please, write back for any qurstions.
  HTH, Please rate if it does.
  -amit singh

• QoS on ACE Module

  Hello,
  Does anyone know if it is possible to apply a 6500 QoS service-policy to a ACE module interface? I would like to leverage CBQOS to apply policing to traffic entering/leaving the ACE module.
  Thanks!
  Lee

  HI Collin,
  You can use this by Configuring Control Plane Policing (CoPP).
  CoPP uses a dedicated control plane configuration through the modular QoS CLI (MQC) to provide filtering and rate-limiting capabilities for the control plane packets.
  CoPP is disabled by default.
  CoPP is only supported on ingress (service-policy output CoPP cannot be applied to the control plane interface). Neither egress CoPP nor silent mode is supported.
  Just follow the CoPP Configuration Guidelines and Restrictions .
  CoPP uses MQC to define traffic classification criteria and to specify the configurable policy actions for the classified traffic. You must first identify the traffic to be classified by defining a class map. The class map defines packets for a particular traffic class. After you have classified the traffic, you can create policy maps to enforce policy actions for the identified traffic. The control-plane global configuration command allows the CoPP service policies to be directly attached to the control plane.
  Use the below mentioned URL for Defining Traffic Classification
  http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html#wp1141968
  the commonly required traffic is identified with these ACLs:
  •ACL 120-Critical traffic
  •ACL 121-Important traffic
  •ACL 122-Normal traffic
  •ACL 123-Explicitly denies unwanted traffic
  •ACL 124-All other traffic
  http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html
  Use the control plane commands as follows:
  control-plane
  To enter control-plane configuration mode, which allows users to associate or modify attributes or parameters (such as a service policy) that are associated with the control plane of the device, use the control-plane command in global configuration mode. To remove an existing control-plane configuration from the router, use the no form of this command.
  Syntax for T Releases
  control-plane [host | transit | cef-exception]
  no control-plane [host | transit | cef-exception]
  Syntax for 12.0S Releases
  control-plane [slot slot-number] [host | transit | cef-exception]
  no control-plane [slot slot-number] [host | transit | cef-exception]
  Syntax for 12.2S Releases for Cisco 7600 Series Routers
  control-plane
  no control-plane
  Syntax for ASR 1000 Series Routers
  control-plane [host]
  no control-plane [host]
  The below link can be of huge information and config examples for control plane configuration:
  http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_a1.html#wp1047593
  Get back to me if you find this information relevant and useful to you.
  Sachin garg

• Qos- I want to apply limit on FTP traffic

  I want to apply Qos on ftp traffic on cisco 6500. Ftp traffic should use only 512 kbps bandwidth. Please any one suggest how should i establish this and any study document will be welcome.
  Thanks in advance

  Disclaimer
  The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
  Liability Disclaimer
  In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
  Posting
  How would depend very much on the QoS features of the device.  Even 6500 QoS features depend on line cards.
  Most, but not all, Cisco switches support 4 egress queue which you can provide different bandwidth allocations.  Such allocations usually provide a minimum, but more bandwidth might be used if its otherwise not being used.
  For example, you might define four queues that one is a priority queue for real-time traffic; one is a foreground queue with a large bandwidth allocation (not that such traffic should be bandwidth intensive, but to insure high priority for dequeuing; one is a background queue with minimum bandwidth allocation (often where you might want to direct FTP); and the last is a middle allocation for everything else, i.e. your default.
  Also on switches, traffic is often placed into a particular egress queue based on L2 CoS or L3 ToS.  So, what this means, you'll want to mark your FTP traffic differently than your other traffic, perhaps with CoS 1 or DSCP CS1 or AF1x.
  Cisco has some great guides on how to configure QoS for their different platforms although their 11 class model is often overly complex.

• QoS Packets not matching on 6500 with SUP720-10GE and SU2T

  Hi,
  I do not see packets matching in policy. 
  output below:
  Switch#sh policy-map interface vlan 2232
   Vlan2232 
    Service-policy input: HARDPHONE-VVLAN
      Class-map: VOICETRAFFIC (match-all)
        0 packets, 0 bytes
        5 minute offered rate 0000 bps, drop rate 0000 bps
        Match: access-group name VOICETRAFFIC
      Class-map: VOICESIGNALING (match-all)
        0 packets, 0 bytes
        5 minute offered rate 0000 bps, drop rate 0000 bps
        Match: access-group name VOICESIGNALING
      Class-map: class-default (match-any)
        0 packets, 0 bytes
        5 minute offered rate 0000 bps, drop rate 0000 bps
        Match: any 
          0 packets, 0 bytes
          5 minute rate 0 bps
  I also not find packets matching ACL:
  switch#sh access-lists
  Extended IP access list VIDEOTRAFFIC
      10 permit udp any any range 16384 32767
  Extended IP access list VOICESIGNALING
      10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
      20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
      30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
      40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
      50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
      60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
  Extended IP access list VOICETRAFFIC
      10 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 range 16384 32767
  I checked policies, they looks applied correctly.
  On SUP-720-10GE, I modified ACL to 'permit udp any any' but not found any matching packets. There are plenty of IP phones connected directly to this switch belongs to voice VLAN. I applied VLAN based QoS under voice VLAN and other VLANs too. 
  I observed different thing on SUP 2T. I saw packets matching ACL statement 'permit udp any any' but when I took off this line, ACL was not showing packets matching. 
  OUTPUT of IP phones connected to switch:
  switch#sh cdp neighbors | in SEP
  SEP0008308A5D7B  Gig 13/38         143             H P M  IP Phone  Port 1
  SEP0008308A5DE0  Gig 10/1          121             H P M  IP Phone  Port 1
  SEP0023049C6348  Gig 3/42          152             H P M  IP Phone  Port 1
  SEP0021A02D64D4  Gig 9/28          120             H P M  IP Phone  Port 1
  SEP1C6A7AE0588E  Gig 3/9           127             H P M  IP Phone  Port 1
  SEP00229059969E  Gig 12/48         166             H P M  IP Phone  Port 1
  SEP0008308AF26F  Gig 2/7           161             H P M  IP Phone  Port 1
  SEP00235EB7BE0E  Gig 4/2           154             H P M  IP Phone  Port 1
  SEP00229059BE5A  Gig 6/37          158             H P M  IP Phone  Port 1
  SEP1CAA07115CF3  Gig 12/29         148             H P M  IP Phone  Port 1
  SEP00235EB7884F  Gig 9/3           156             H P M  IP Phone  Port 1
  SEP0008308B03FB  Gig 2/30          178             H P M  IP Phone  Port 1
  SEP006440B42CD3  Gig 3/45          132             H P M  IP Phone  Port 1
  SEP0022905991C9  Gig 11/4          145             H P M  IP Phone  Port 1
  SEP0008308A5E6C  Gig 6/36          124             H P M  IP Phone  Port 1
  SEP006440B427CA  Gig 13/31         170             H P M  IP Phone  Port 1
  SEP006440B425FF  Gig 3/19          168             H P M  IP Phone  Port 1
  SEP0008308A7AD7  Gig 2/3           159             H P M  IP Phone  Port 1
  SEP0008308A3EB2  Gig 10/4          132             H P M  IP Phone  Port 1
  SEP002414B45A0E  Gig 10/28         170             H P M  IP Phone  Port 1
  SEP04C5A4B19C8B  Gig 2/15          162             H P M  IP Phone  Port 1
  SEP006440B43DE6  Gig 9/48          162             H P M  IP Phone  Port 1
  SEP006440B42B0D  Gig 9/23          179             H P M  IP Phone  Port 1
  Could anyone please help, how to make sure that packets are hitting correct ACL and policy on 6500 with SUP720-10GE and SUP2T.
  Thanks,
  Pruthvi

  Please note that 6500 is used as L2 switch only and SVI are used for applying policies only. 
  Configuration below:
  class-map match-all VOICESIGNALING
    match access-group name VOICESIGNALING
  class-map match-all VOICETRAFFIC
    match access-group name VOICETRAFFIC
  class-map match-all VIDEOTRAFFIC
    match access-group name VIDEOTRAFFIC
  policy-map HARDPHONE-VVLAN
    class VOICETRAFFIC
       police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
    class VOICESIGNALING
       police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
    class class-default
       police flow mask src-only 32000 8000 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
  policy-map STUDENT-DVLAN
    class class-default
       police flow mask src-only 25000000 1562500 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
  policy-map STAFF-DVLAN
    class VOICESIGNALING
       police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
    class VOICETRAFFIC
       police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
    class VIDEOTRAFFIC
       police flow mask src-only 2000000 150000 conform-action set-dscp-transmit ef exceed-action drop
    class class-default
       police flow mask src-only 50000000 1000000 conform-action set-dscp-transmit ef exceed-action drop
  ip access-list extended VOICESIGNALING
   remark Skinny and SIP protocols From Phones to Voice Core Infrastructure
   permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
   permit tcp any 10.128.0.0 0.3.255.255 eq 5060
   permit udp any 10.128.0.0 0.3.255.255 eq 5060
   permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
   permit tcp any 172.20.10.0 0.0.1.255 eq 5060
   permit udp any 172.20.10.0 0.0.1.255 eq 5060
  ip access-list extended VOICETRAFFIC
   permit udp any any dscp ef
   permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
   permit udp any any range 16384 32767 dscp ef
  ip access-list extended VOICESIGNALING
   remark Skinny and SIP protocols From Phones to Voice Core Infrastructure 
   permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
   permit tcp any 10.128.0.0 0.3.255.255 eq 5060
   permit udp any 10.128.0.0 0.3.255.255 eq 5060
   permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
   permit tcp any 172.20.10.0 0.0.1.255 eq 5060
   permit udp any 172.20.10.0 0.0.1.255 eq 5060
  ip access-list extended VIDEOTRAFFIC
   permit udp any any range 16384 32767 dscp ef
  interface Vlan104
   description PolicyOnlyInt
   no ip address
   service-policy input STAFF-DVLAN
  interface Vlan105
   description PolicyOnlyInt
   no ip address
   service-policy input STAFF-DVLAN
  interface Vlan573
   description PolicyOnlyInt
   no ip address
   service-policy input PUBLIC-DVLAN
  interface Vlan604
   description PolicyOnlyInt
   no ip address
   service-policy input PUBLIC-DVLAN
  interface Vlan654
   description PolicyOnlyInt
   no ip address
   service-policy input STUDENT-DVLAN
  interface Vlan674
   description PolicyOnlyInt
   no ip address
   service-policy input PUBLIC-DVLAN
  interface Vlan807
   ip address 172.18.128.5 255.255.255.0
  interface Vlan860
   description PolicyOnlyInt
   no ip address
   service-policy input PUBLIC-DVLAN
  interface Vlan2016
   description PolicyOnlyInt
   no ip address
   service-policy input HARDPHONE-VVLAN
  interface Vlan3124
   description PolicyOnlyInt
   no ip address
   shutdown
   service-policy input HARDPHONE-VVLAN
  switch#sh access-lists
  Extended IP access list VOICESIGNALING
      10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
      20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
      30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
      40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
      50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
      60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
  Extended IP access list VOICETRAFFIC
      10 permit udp any any dscp ef <----- not showing any match
      11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 <----not shwoing any match
      12 permit udp any any range 16384 32767 dscp ef<----not shwoing any match
  If I user "permit udp any any ", acl is showing match.
  switch#sh access-lists
  Extended IP access list VOICETRAFFIC
      10 permit udp any any dscp ef
      11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
      12 permit udp any any range 16384 32767 dscp ef
      13 permit udp any any (527055 matches)

• QoS on Catalyst 6500

  We have the following QoS config running on Edge, Distributions and Cores and got the following error.
  “priority command is not supported in output direction for this interface
  Configuration failed on: Port-channel”
  We had opened a TAC case and they said ” PFC QoS does not support these policy map class commands:
  bandwidth
  priority
  queue-limit
  random-detect
  set qos-group
  service-policy
  How can we prioritize voip traffic. On our monitoring application, it says queues empty. Even if the priority command is not working there should be traffic in the queue.Different version of supervisors in Distribution (sup720) and COREs (Sup2).
  Any suggestions? Attached document gives Config details.

  Are your Access Layer switches also 6500s? What Supervisor(s) are running in your 6500s & what CatOS or CatIOS are you running?
  It sounds like you are redefining your trust boundary at every layer (Access, Distribution, Core). Did you get a chance to look over this SRND document?
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a008049b062.pdf
  Here's an example of our L2 6513 with a WS-X6724 which has 1p3q8t for QoS Scheduling:
  interface GigabitEthernet1/2
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  no ip address
  logging event link-status
  logging event bundle-status
  logging event trunk-status
  wrr-queue bandwidth 5 25 70
  wrr-queue queue-limit 5 25 40
  wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100
  wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100
  wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100
  wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100
  wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100
  wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100
  wrr-queue cos-map 1 1 1
  wrr-queue cos-map 2 1 0
  wrr-queue cos-map 3 1 4
  wrr-queue cos-map 3 2 2
  wrr-queue cos-map 3 3 3
  wrr-queue cos-map 3 4 6
  wrr-queue cos-map 3 5 7
  priority-queue cos-map 1 5
  udld port
  mls qos trust dscp
  rmon collection stats 6001 owner monitor
  channel-group 2 mode desirable non-silent
  interface Port-channel2
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  no ip address
  mls qos trust dscp
  We also use NetMRI and you're correct, because the Cat 6500 PFC performs classification, marking, mapping, and policing functions, but the queuing and dropping policies are administered by the line cards, there are no MIBs for NetMRI to poll.
  HTH
  Steve

• Without 'MLS QOS' in 6500 does any interface queueing and trusting take place?

  I have a 6500 that does not have 'mls qos' global configured, although the interfaces do have 'mls qos trust dscp' on them as in:
  interface GigabitEthernet3/3
  switchport
  switchport access vlan 536
  switchport mode access
  switchport voice vlan 910
  logging event link-status
  mls qos trust dscp
  spanning-tree portfast
  When I 'show queueing int gx/x', it does show the default queueing structure of the interface as in:
  LLT-6509AS-A#sh queueing int g3/3
  Interface GigabitEthernet3/3 queueing strategy:  Weighted Round-Robin
    QoS is disabled globally
    Port is untrusted
    Extend trust state: not trusted [COS = 0]
    Default COS is 0
      Queueing Mode In Tx direction: mode-cos
      Transmit queues [type = 1p3q8t]:
      Queue Id    Scheduling  Num of thresholds
         01         WRR                 08
         02         WRR                 08
         03         WRR                 08
         04         Priority              01
  ---- snip ----
      queue thresh cos-map
      1     1      0 1 2 3 4 5 6 7
      1     2     
      1     3     
      1     4     
      1     5     
      1     6     
      1     7     
      1     8     
    Packets dropped on Transmit:
      BPDU packets:  0
      queue              dropped  [cos-map]
      1                        0  [0 1 2 3 4 5 6 7 ]
      2                        0  []
      3                        0  []
      4                        0  []
    Packets dropped on Receive:
      BPDU packets:  0
      queue              dropped  [cos-map]
      1                        0  [0 1 2 3 4 5 6 7 ]
  So just what does the global 'mls qos' do?  Without it is the command 'mls qos trust dscp' ignored?
  I'm trying to track down where in our network dscp settings are being stripped out of packets and this is when I noticed the 'mls qos' was not configured.

  it enables QOS on the switch, without it no QOS is being used.
  Sent from Cisco Technical Support iPhone App

• How do I track down QOS "Aggregate Drops" in a 6807-VSS switch?

  IOS = 15.1(2)SY1
  When I do a "show platform qos" everything looks good except for this:
   ----- Switch [1], Module [3] -----
                   Counter                  IFE Pkts        IFE Bytes                 OFE Pkts           OFE Bytes
            Policing Drops        0                         0                                216304              16888896     
         Policing Forwards     2935238201     5068976519092     2949830653     5069751062945
  Police-hi Actions (Lvl3)    0                         0                                0                          0            
  Police-lo Actions (Lvl2)    0                         0                                0                          0            
           Aggregate Drops    0                         0                                263889               16888896     
        Aggregate Forwards 2935238198     5068976518864     2949830650      5069751062717
  Any idea if these drops are QOS related and/or how to get more information about them in order to troubleshoot?  OFE means 'Output Forwarding Engine'.   There are no input or output queue drops on any of the interfaces doing a "show interface gx/x/x."
  Thanks.

  Aggregate drops is just a total of drops from all the different internal processes.  The OFE Bytes matches the policing drops.  I'd assume policing is what caused these drops.  The packet number difference may be due to fragmentation.

• QOS on 6500 routed interface

  All of the QOS configuration guidance I've seen in the documentation on this website refers to 6500 switched interfaces (switchport mode access/trunk).
  Is the QOS configuration different on a 6500 routed interface. For instance on an interface between two core switches in a routed (Layer 3) core?
  I have already reviewed all of the IOS-related 6500 Cisco documents I could find, and the latest QOS SRND with no luck finding info on this issue.
  Thanks
  Greg

  This URL should help you:
  http://www.cisco.com/application/pdf/en/us/guest/products/ps708/c2001/ccmigration_09186a00801a90cc.pdf