[c-nsp] IRB and 802.1q subinterfaces - How to set COS?
Robert Johnson
fasterfourier at gmail.com
Thu May 5 12:42:39 EDT 2011
Hello,
1. It doesn't look like the 3745 supports local switching. Darn.
2. I just tried moving the policy-map to the main interface and off
the subinterfaces. This seems to correctly classify traffic for
subinterfaces that don't have a bridge-group assigned, but the ones
with IRB enabled on them still aren't having their traffic marked as
they should.
3. No
Thanks for the suggestions so far.
On Wed, May 4, 2011 at 9:33 PM, Herro91 <herro91 at gmail.com> wrote:
> Hi,
> A few ideas - don't know if they will work for you:
> 1) Have you considered or verified if local switching is available on this
> router/IOS? This would allow you to "connect" the two interfaces together -
> essentially bridging them, though I believe there is no mac learning with
> local switching, so it would just forward the packets, not learn destination
> macs.
> 2) Regarding the QoS - I've seen some cases where you need to put the
> policy-map on the main interface. This was on a GSR and a particular
> linecard - but may be worth a try. It could just be it won't work properly
> with the way your doing bridging.
> 3) Have you done any debugs?
>
>
>
> On Wed, May 4, 2011 at 7:11 PM, Robert Johnson <fasterfourier at gmail.com>
> wrote:
>>
>> IOS 12.4 advanced enterprise on a 3745. I have two fast ethernet
>> interfaces, each with a set of 802.1q subinterfaces. Each subinterface
>> has a bridge-group assigned to it so that select VLANS on each FE port
>> are bridged. I'd like to apply a policy-map to one of the outbound
>> subinterfaces that looks at the DSCP value of outbound IP packets and
>> sets an 802.1p COS according to the DSCP value found. Here's the
>> relevant part of the configuration:
>>
>>
>> class-map match-all assure
>> match ip dscp af31
>> class-map match-all critical
>> match ip dscp cs6
>> class-map match-all expedite
>> match ip dscp ef
>> !
>> policy-map output-cos
>> class expedite
>> set cos 6
>> class assure
>> set cos 5
>> class critical
>> set cos 7
>> !
>> interface FastEthernet1/0
>> description Trunk to switch 1
>> no ip address
>> full-duplex
>> !
>> interface FastEthernet1/0.500
>> encapsulation dot1Q 500
>> bridge-group 100
>> service-policy output output-cos
>> !
>> interface FastEthernet2/0
>> description trunk to cheverly-md-s1b
>> no ip address
>> full-duplex
>> !
>> interface FastEthernet2/0.500
>> description Customer access
>> encapsulation dot1Q 500
>> bridge-group 100
>> service-policy output output-cos
>> !
>> interface BVI100
>> ip address x.x.x.x y.y.y.y
>> ip verify unicast reverse-path
>> !
>> bridge 100 protocol ieee
>> bridge 100 route ip
>>
>>
>> The policy-map can't be applied to the BVI since it's not handling
>> VLAN tagging. However, the above configuration doesn't pick up any of
>> the traffic marked with the DSCPs specified in the class-map:
>>
>> #sho policy-map int f1/0.500
>> FastEthernet1/0.500
>>
>> Service-policy output: output-cos
>>
>> Class-map: expedite (match-all)
>> 0 packets, 0 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: ip dscp ef (46)
>> QoS Set
>> cos 6
>> Packets marked 0
>>
>> Class-map: assure (match-all)
>> 0 packets, 0 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: ip dscp af31 (26)
>> QoS Set
>> cos 5
>> Packets marked 0
>>
>> Class-map: critical (match-all)
>> 0 packets, 0 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: ip dscp cs6 (48)
>> QoS Set
>> cos 7
>> Packets marked 0
>>
>> Class-map: class-default (match-any)
>> 4380 packets, 297206 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: any
>>
>> Also, the class-default class does not seem to be counting in tune
>> with the actual traffic flowing across the subinterface.
>>
>> This configuration works if the BVI is removed and IP addresses are
>> assigned directly to the subinterfaces. Unfortunately this is not a
>> practical solution due to other design considerations.
>>
>> Ideas? TIA.
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list