Marking specific application traffic for QoS DSCP
Folks,
Hopefully you can help me out here or point me in the right direction...............
What is the best way to mark specific application traffic to be marked with a specific DSCP value on a Cisco switch.
For example if all ERP traffic destined for 10.20.12.199 should be marked DSCP AF41 how would you go about this on a Cisco switch?
I'm guessing there is a class map, match ip dscp af41 commands in there somewhere and some access lists but can't get my head round how you would do it.
I'm familiar with basic voip qos on 2950 switches for VoIP with the switch priority extend cos 0 command etc but not so sure how to mark a specific application based on destination address.
I've done this on Nortel switches using IP filters but not on Cisco's.
Can anyone advise or post a link that gives an example config? I have looked about but can only find general diffserv help guides which I'm already familiar with such as
http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800949f2.shtml
Thanks
Malc
Hopefully you can help me out here or point me in the right direction...............
What is the best way to mark specific application traffic to be marked with a specific DSCP value on a Cisco switch.
For example if all ERP traffic destined for 10.20.12.199 should be marked DSCP AF41 how would you go about this on a Cisco switch?
I'm guessing there is a class map, match ip dscp af41 commands in there somewhere and some access lists but can't get my head round how you would do it.
I'm familiar with basic voip qos on 2950 switches for VoIP with the switch priority extend cos 0 command etc but not so sure how to mark a specific application based on destination address.
I've done this on Nortel switches using IP filters but not on Cisco's.
Can anyone advise or post a link that gives an example config? I have looked about but can only find general diffserv help guides which I'm already familiar with such as
http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800949f2.shtml
Thanks
Malc
Comments
-
lildeezul
Member Posts: 404
create an access list for the desired traffic, and then under a class map issue the command match access-group. also you can use the access-list based on the port number, and then another option would be NBAR, then create a policy map to tell what you want to do with data that matches the class map.NHSCA National All-American Wrestler 135lb -
Met44
Member Posts: 194
Malcybood,
If I understand you correctly, the general idea would be to create an access list to match the destination IP address and/or ERP port number, then apply that access list as the match criteria of a class map.
Then, in a policy map, reference the class you created above, and perform whatever action you wish on it (such as setting the dscp bits to af41).
Finally, apply the policy to the interface in an appropriate direction.
Your config would look similar to this:ip access-list extended ERPTraffic permit tcp any host 10.20.12.199 eq [ERP tcp port number] class-map ERPClass match access-group name ERPTraffic policy-map OutPolicy class ERPClass set dscp af41 interface FastEthernet 0/0 service-policy output OutPolicy
Hope this helps. If anyone spots an inaccuracy please point it out. -
malcybood
Member Posts: 900 ■■■□□□□□□□
lildeezul, thanks for the responseMet44 wrote:Malcybood,
If I understand you correctly, the general idea would be to create an access list to match the destination IP address and/or ERP port number, then apply that access list as the match criteria of a class map.
Then, in a policy map, reference the class you created above, and perform whatever action you wish on it (such as setting the dscp bits to af41).
Finally, apply the policy to the interface in an appropriate direction.
Your config would look similar to this:ip access-list extended ERPTraffic permit tcp any host 10.20.12.199 eq [ERP tcp port number] class-map ERPClass match access-group name ERPTraffic policy-map OutPolicy class ERPClass set dscp af41 interface FastEthernet 0/0 service-policy output OutPolicy
Hope this helps. If anyone spots an inaccuracy please point it out.
Met44 this makes perfect sense, thanks for the response. The only question I have is in a WAN scenario, if the ERP bound traffic is coming from the PC connected to the switch port at the remote site would you apply the policy inbound as opposed to outbound?
For info traffic returning from the ERP server is marked on the data centre core switch and is trusted end to end over the MPLS network. -
Met44
Member Posts: 194
Yeah, you'd rather want the policy applied "inbound" on each switch interface that will have PCs accessing the ERP data. Don't forget your interface range command.
-
malcybood
Member Posts: 900 ■■■□□□□□□□
Met44 wrote:Yeah, you'd rather want the policy applied "inbound" on each switch interface that will have PCs accessing the ERP data. Don't forget your interface range command.
Great, thanks for the clarification.
Yeah I'm familiar with the interface range command, although it doesn't work on some of our older switches. I think it must've only came into IOS at a certain level as it is not recognised on some of our 3500XL's and 2950's!
Anyway these are the switches we're replacing and I'm designing / testing the config for the new switches so no worries
Just waiting on the kit arriving but trying to get ahead of the game!
Thanks again