3560 QoS - DSCP mutation

I am completely absorbing myself in 3560 qos. I love it. I love reading about it and labbing it. So browsing through the DocCD today, I decided to lab dscp-dscp mutation. It's fairly simple, but along the way I also learned how to monitor and a way to mark traffic.

Here is the topology (it's a mutated iewb topology)

R4====SW2====SW1====SW3---[int vlan 201,202]

R4 is trunk link carrying vlan 201,202:

interface Ethernet0/0.201
encapsulation dot1Q 201
ip address 155.1.201.4 255.255.255.0
!
interface Ethernet0/0.202
encapsulation dot1Q 202
ip address 155.1.202.4 255.255.2550

SW3 has two SVIs:

interface Vlan201
ip address 155.1.201.9 255.255.255.0

interface Vlan202
ip address 155.1.202.9 255.255.255.0

Other links are all dot1q trunks passing vlan 201 and 202.

1. SET UP SW2 TO CLASSIFY AND MARK

mls qos

access-list 1 permit 155.1.201.0 0.0.0.255
access-list 2 permit 155.1.202.0 0.0.0.255

class-map match-all VLAN202
match access-group 2
class-map match-all VLAN201
match access-group 1

policy-map MARK
class VLAN201
set precedence 1
class VLAN202
set precedence 2

interface FastEthernet0/4
service-policy input MARK

2. ON SW3 TRUST AND MONITOR QOS

mls qos

int f0/13
mls qos trust dscp
mls qos monitor dscp 0 8 16 24 32

SW3# show mls qos int f0/13 st
FastEthernet0/13
Ingress
dscp: incoming no_change classified policed dropped (in pkts)
0 : 19 19 200 0 0
8 : 200 100 0 0 0
16: 200 100 0 0 0
24: 0 0 0 0 0
32: 0 0 0 0 0
Others: 0 0 0 0 0
Egress
dscp: incoming no_change classified policed dropped (in pkts)
0 : 200 n/a n/a 0 0
8 : 100 n/a n/a 0 0
16: 100 n/a n/a 0 0
24: 0 n/a n/a 0 0
32: 0 n/a n/a 0 0
Others: 283 n/a n/a 0 0

You can see that we already have traffic coming in as DSCP 8 and 16. We will be mutating these on SW1.

3. CONFIGURE DSCP-to-DSCP MUTATION ON SW1

mls qos
mls qos map dscp-mutation MAP1 8 to 24
mls qos map dscp-mutation MAP1 16 to 32
int f0/13
mls qos trust dscp
mls qos dscp-mutation MAP1

4. PING FROM R4 to SVI on SW3

R4#ping 155.1.202.9 re 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 155.1.202.9, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/4 ms
R4#ping 155.1.201.9 re 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 155.1.201.9, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/8 ms
R4#

5. VERIFY MUTATION ON SW3

SW3# show mls qos int f0/13 st
FastEthernet0/13
Ingress
dscp: incoming no_change classified policed dropped (in pkts)
0 : 194 194 200 0 0
8 : 600 500 0 0 0
16: 700 600 0 0 0
24: 100 100 0 0 0
32: 100 100 0 0 0
Others: 0 0 0 0 0
Egress
dscp: incoming no_change classified policed dropped (in pkts)
0 : 200 n/a n/a 0 0
8 : 500 n/a n/a 0 0
16: 600 n/a n/a 0 0
24: 100 n/a n/a 0 0
32: 100 n/a n/a 0 0
Others: 2674 n/a n/a 0 0

Notice that we now have 100 packets each marked DSCP 24 and 32.