802.1p, 2940, 2950 and 3550.

[dodeesos]

Hi!

I have a question regarding Qos and 802.1p tagging.

I have the following setup:
Node A
| (Access port)
Cisco 2950 (SI)
| (Trunk)
Cisco 3550 (EI)
| (Trunk)
ISP Network
| (Trunk)
Cisco 29x0
| (Access port)
Node B

Our ISP provides Qos in their network. In order to take benefit of this we have to tag traffic going into their network with either 802.1p cos value 1 (for low priority) and 5 (for high priority).
I'm not sure on how to do this. For now I have just added the following setting to the access port closest to Node A and B in the example above:

switchport priority extend cos 1
or
switchport priority extend cos 5

Anyone who knows if this is sufficient? Will the cos-value be retainied all the way from A and B to the ISP, the ISP dont change any cos values according to their documentation.
I'm a little unsure if I need to add any configuration to the trunk ports.

Regards

// dodeesos

 

[ADB100]

No what you have configured is only effective with Cisco IP Phones. Read about Overriding the CoS Priority of Incoming Data Frames here:

http://www.cisco.com/en/US/products...figuration_guide_chapter09186a00805a6f74.html

With regards to your setup and where to set the 802.1p value it depends..... You can set it on the end host (if it supports 802.1q), the 1st switch (2950 SI) or the 3550. However there are issues with each.

If you decide to set the value on the end system then you need to change the access port to be a trunk and tag the packets with the appropriate VLAN tag, you also need to write some sort of policy on the host to set 802.1p values depending on the traffic type. I think there is something built into Windows 2000 & XP that allows this but I have no idea how to configure it.
If you want to use the 1st 2950 then you have very limited options since the SI version doesn't support Qos Policies which is what you ideally need. It only supports layer-2 QoS and can either set or reset the CoS value but has no ACL capability to identify different traffic types. If the 802.1p CoS value is set on the host or this 1st 2950 then the Trunk link to the 3550 must also be configured correctly; i.e. have a unique Native VLAN (doesn't overlap with data VLAN) and set to trust CoS.
The 3rd option is to use the 3550's QoS features to set the 802.1p values based on a QoS Policy-Map attached to the ingress of the trunk link to the 2950. This is probably the most flexible but requires you to write some ACL's to identify what traffic you want as CoS 1 and what as CoS 5 (I assume as well you will also have best effort traffic - CoS 0?).

ip access-list extended CoS-1-Traffic
permit tcp 10.1.1.0 0.0.0.255 gt 1023 any eq http
permit tcp 10.1.1.0 0.0.0.255 gt 1023 any eq ftp
!
ip access-list extended CoS-5-Traffic
permit tcp 10.1.1.0 0.0.0.255 gt 1023 any eq telnet
permit tcp 10.1.1.0 0.0.0.255 gt 1023 any eq ssh
!
class-map match-all CoS-1-Traffic-Class
match access-group CoS-1-Traffic
!
class-map match-all CoS-5-Traffic-Class
match access-group CoS-5-Traffic
!
policy-map Uplink-Set-QoS
class CoS-1-Traffic-Class
set cos 1
class CoS-5-Traffic-Class
set cos 5
class class-default
set cos 0
!
interface FastEthernet0/24
description Link to 2950
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
service-policy input Uplink-Set-QoS
!
interface FastEthernet0/23
description Link to ISP
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 900
switchport trunk allowed vlan 10,20
mls qos trust cos
!

Be careful with your Native VLAN's since you can loose the 802.1p values if the traffic is sent without an 802.1q header, so make sure you have unique Native VLAN's per trunk and that you don't have any user data transmitted on them.

Catalyst 3550 QoS configuration:

http://www.cisco.com/en/US/products...figuration_guide_chapter09186a00805a709d.html

HTH

Andy

 

[dodeesos]

Hi Andy!

Thanks for the fast reply.
I'm kind of to this QoS-stuff so bare with me..

I guess I'm most interested in the second alternative in your reply. Mainly because I figured it would be the easiest, and that I only have a 3550 on one side of the ISP network (we also need to tag the traffic from B to A), and that I dont have any bandwidth problem in our part of the net, all dedicated 100 Mbps. The ISP connections are from 2 Mbps upp to 10 Mbps.
Regarding traffic type, idealy all traffic on for examle fa0/1 will be set to CoS 1 and all on fa0/5 to CoS 5 regardless of type (they are however on different vlan's), this goes for both the A and B end of the setup.

Do you have any hints or example on how to configure that alternative.
- Tag incomming traffic based on which port on it comes from with a specific CoS value.
- Retain the CoS values thru the trunk connections.

I can also add that we have multiple B ends, only one A when it comes to high priority traffic.... low priority traffic will be routed to another 3550.
Redarding best effort, traffic tagged with CoS value 0-3 will be retagged to 1 by the ISP and 4-7 retagged to 5. They wont change it as long as we use 1 and 5.....
Traffic with CoS value 5 will have have access to 50% of the available bandwidth if it needs it.

Regards

// dodeesos

 

[ADB100]

For the 2950 SI, you can set a CoS value for all untagged frames entering an access port as follows:

interface FastEtherent0/1
mls qos cos 5
mls qos trust cos
!

That tells the 2950 switch to set the CoS of all untagged frames to be CoS 5.

HTH

Andy

 

[dodeesos]

Ok

Thanks!

// dodeesos

 

[dodeesos]

I have a followup question.
When reading the documentation from our ISP it seems like we can choose 802.1p as discussed above or to use "IP Pres./DSCP", or both.

Anyone who knows how to tag traffic with IP Pres/DSCP value in IOS.

// dodeesos

 

[ADB100]

You can't with the 2950 SI. With the 2950 EI or the 3550 you can either trust incoming DSCP (mls qos trust dscp) or you apply in ingress QoS policy to set DSCP (or IP Precedence) for traffic matching certain classes. For example:

ip access-list standard Permit-Any
permit any
!
class-map match-all Permit-Any
match access-group name Permit-Any
!
policy-map Remark-Over-10Mbps
class Permit-Any
set ip dscp 0
police 10000000 8192 exceed-action dscp 8
!
interface FastEthernet0/1
service-policy input Remark-Over-10Mbps
!

On a 2950 this will remark all traffic inbound on the interface to DSCP 0, traffic over 10Mbps will be remarked to DSCP 8. This is obviously a very simple policy but you should be able to easily expand it to allow other classes, plus mark them as you see fit. The 2950 has some limitations with ACL's attached to policies - you can't have different mask lengths and you can't have layer-4 port ranges.

HTH

Andy

 

[dodeesos]

Ok!

Thanks for all your help.

Regards!

// dodeesos