I’ve been practising my Catalyst 3560 QoS a lot recently. Not only is it a major topic on the CCIE exam, I also happens to use 3560’s daily in my workplace.
QoS on the 3560 is a completely different beast than on a regular IOS router. This is probably why it’s ‘difficult’ as it’s customised towards a single platform.
There are a couple of things I’m not happy about. One is that my policy-maps don’t show exactly what’s going on. I’ll give you an example.
This is my topology:
Note that as I’m on my laptop which doesn’t have Visio, I’ve used Gliffy’s online drawing app to create this image
The goal here is that I want to mark traffic coming from Laptop2 (fa0/1) as CS1 and Laptop3 (fa0/8) as CS4. This is the simple configuration I put together:
access-list 100 permit ip any any class-map match-all INT1ANY match access-group 100 class-map match-all INT8ANY match access-group 100 ! ! policy-map MARK1 class INT1ANY set dscp cs1 policy-map MARK8 class INT8ANY set dscp cs4 ! ! interface FastEthernet0/1 load-interval 30 service-policy input MARK1 ! interface FastEthernet0/8 load-interval 30 service-policy input MARK8
Right, let’s generate some traffic. I’m going to use iperf to send loads of traffic from laptop2.
I now want to see what’s happening on fa0/1. It should be matching everything and remarking them to CS1, but I see nothing!
3560Test#sh policy-map int fa0/1 FastEthernet0/1 Service-policy input: MARK1 Class-map: INT1ANY (match-all) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps Match: access-group 100 Class-map: class-default (match-any) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps Match: any 0 packets, 0 bytes 30 second rate 0 bps
Zilch, nada, nothing!
What about fa0/8?
3560Test#sh policy-map int fa0/8 FastEthernet0/8 Service-policy input: MARK8 Class-map: INT8ANY (match-all) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps Match: access-group 100 Class-map: class-default (match-any) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps Match: any 0 packets, 0 bytes 30 second rate 0 bps
Again, the service policy says we are not matching or doing anything. But is this really true? Let’s fire up wireshark on Laptop1 and see the marking as they come in.
This is the output for traffic coming from Laptop2 (check the highlighted section):
This is the output for traffic coming from Laptop3:
The wireshark capture proves that the 3560 IS classifying and marking traffic, but the show service policy commands above are showing nothing.
Anyone have any ideas?