QoS command....

rakemrakem Member Posts: 800
Is there a command to see what markings (IP Precedence or DSCP) IP packets have when the enter a device??

So for example if i set an edge switch to mark all traffic from a certain subnet with AF43, can i enter a command on the device doing the marking, or a downstream device, to confirm that traffic is being marked with the correct value?
CCIE# 38186
showroute.net

Comments

  • kpjunglekpjungle Member Posts: 426
    rakem wrote: »
    Is there a command to see what markings (IP Precedence or DSCP) IP packets have when the enter a device??

    So for example if i set an edge switch to mark all traffic from a certain subnet with AF43, can i enter a command on the device doing the marking, or a downstream device, to confirm that traffic is being marked with the correct value?

    Make a policy-map matching what you expect on a downrange L3 device, and do a sh policy-map int <interface>:

    R2#sh policy-map int f1/0
    FastEthernet1/0

    Service-policy output: CHECK-STATUS

    Class-map: MATCH-EF (match-all)
    0 packets, 0 bytes
    5 minute offered rate 0 bps
    Match: dscp ef (46)

    You should be able to see packets increase as you send traffic of the desired class.

    Either that or create a span port, and use the destination to a workstation you control with wireshark :)
    Studying for CCNP (All done)
  • rakemrakem Member Posts: 800
    kpjungle wrote: »
    Make a policy-map matching what you expect on a downrange L3 device, and do a sh policy-map int <interface>:

    Good idea...

    Cheers.
    CCIE# 38186
    showroute.net
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    Span / port mirror is your best bet and use wireshark, then you don't have to know what you're traffic is being marked, the packet capture will tell you.

    just go under the interface your laptop is plugged (in this case fa0/5) into and do the following (to capture packets going in/out of port fa0/1) then start a capture in Wireshark.

    switch(config)#int fa0/5
    switch(config-if)#port monitor fa0/1

    When you stop the capture you find the packet in the trace by source/destination address by using a filter.

    To find a particular source/destination IP, type the following in the filter field of wireshark to for example find all traffic for ip address 10.1.1.1

    ip.addr==10.1.1.1

    Press return and your trace will filter to all traffic tx/rx from this ip address.

    When you find the packet in the trace and open up Internet Protocol and look at the DSCP marking.
  • cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    malcybood wrote: »
    Span / port mirror is your best bet and use wireshark, then you don't have to know what you're traffic is being marked, the packet capture will tell you.

    just go under the interface your laptop is plugged (in this case fa0/5) into and do the following (to capture packets going in/out of port fa0/1) then start a capture in Wireshark.

    switch(config)#int fa0/5
    switch(config-if)#port monitor fa0/1

    When you stop the capture you find the packet in the trace by source/destination address by using a filter.

    To find a particular source/destination IP, type the following in the filter field of wireshark to for example find all traffic for ip address 10.1.1.1

    ip.addr==10.1.1.1

    Press return and your trace will filter to all traffic tx/rx from this ip address.

    When you find the packet in the trace and open up Internet Protocol and look at the DSCP marking.

    +1

    Show policy map is great, but it only shows packet counts, etc. If you sniff the wire you can see if you are missing anything and see the actual markings. I have a strong preference for sniffing the wire when checking these things.
Sign In or Register to comment.