Marking specific application traffic for QoS DSCP

Folks,

Hopefully you can help me out here or point me in the right direction...............

What is the best way to mark specific application traffic to be marked with a specific DSCP value on a Cisco switch.

For example if all ERP traffic destined for 10.20.12.199 should be marked DSCP AF41 how would you go about this on a Cisco switch?

I'm guessing there is a class map, match ip dscp af41 commands in there somewhere and some access lists but can't get my head round how you would do it.

I'm familiar with basic voip qos on 2950 switches for VoIP with the switch priority extend cos 0 command etc but not so sure how to mark a specific application based on destination address.

I've done this on Nortel switches using IP filters but not on Cisco's.

Can anyone advise or post a link that gives an example config? I have looked about but can only find general diffserv help guides which I'm already familiar with such as

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800949f2.shtml

Thanks
Malc

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

lildeezul

create an access list for the desired traffic, and then under a class map issue the command match access-group. also you can use the access-list based on the port number, and then another option would be NBAR, then create a policy map to tell what you want to do with data that matches the class map.

Met44

Malcybood,

If I understand you correctly, the general idea would be to create an access list to match the destination IP address and/or ERP port number, then apply that access list as the match criteria of a class map.

Then, in a policy map, reference the class you created above, and perform whatever action you wish on it (such as setting the dscp bits to af41).

Finally, apply the policy to the interface in an appropriate direction.

Your config would look similar to this:

ip access-list extended ERPTraffic
  permit tcp any host 10.20.12.199 eq [ERP tcp port number]

class-map ERPClass
  match access-group name ERPTraffic

policy-map OutPolicy
  class ERPClass
    set dscp af41

interface FastEthernet 0/0
  service-policy output OutPolicy

Hope this helps. If anyone spots an inaccuracy please point it out.

malcybood

lildeezul, thanks for the response

Met44 wrote:
Malcybood,

If I understand you correctly, the general idea would be to create an access list to match the destination IP address and/or ERP port number, then apply that access list as the match criteria of a class map.

Then, in a policy map, reference the class you created above, and perform whatever action you wish on it (such as setting the dscp bits to af41).

Finally, apply the policy to the interface in an appropriate direction.

Your config would look similar to this:
ip access-list extended ERPTraffic
  permit tcp any host 10.20.12.199 eq [ERP tcp port number]

class-map ERPClass
  match access-group name ERPTraffic

policy-map OutPolicy
  class ERPClass
    set dscp af41

interface FastEthernet 0/0
  service-policy output OutPolicy
Hope this helps. If anyone spots an inaccuracy please point it out.

Met44 this makes perfect sense, thanks for the response. The only question I have is in a WAN scenario, if the ERP bound traffic is coming from the PC connected to the switch port at the remote site would you apply the policy inbound as opposed to outbound?

For info traffic returning from the ERP server is marked on the data centre core switch and is trusted end to end over the MPLS network.

Met44

Yeah, you'd rather want the policy applied "inbound" on each switch interface that will have PCs accessing the ERP data. Don't forget your interface range command.

malcybood

Met44 wrote:

Yeah, you'd rather want the policy applied "inbound" on each switch interface that will have PCs accessing the ERP data. Don't forget your interface range command.

Great, thanks for the clarification.

Yeah I'm familiar with the interface range command, although it doesn't work on some of our older switches. I think it must've only came into IOS at a certain level as it is not recognised on some of our 3500XL's and 2950's!

Anyway these are the switches we're replacing and I'm designing / testing the config for the new switches so no worries

Just waiting on the kit arriving but trying to get ahead of the game!

Thanks again