Monday, February 2, 2009

3560 QoS: VLAN-Based Classification

This is a topic I learned about while reading blogs over at IE. Here is the original:

Comparing Traffic Policing Features in the 3550 and 3560 switches

I have the following topology:

R1----|
R3---SW1---SW2---R2
R5----|

R1,R3 are in vlan 100, 192.168.100.0/24
R5 is in vlan 200, 192.168.200.0/24

R2 is on a trunked port with the following configuration:

interface Ethernet0/0.100
 encapsulation dot1Q 100
 ip address 192.168.100.2 255.255.255.0
 ip accounting precedence input
 no snmp trap link-status
!
interface Ethernet0/0.200
 encapsulation dot1Q 200
 ip address 192.168.200.2 255.255.255.0
 ip accounting precedence input
 no snmp trap link-status

On SW2 we will enable vlan-based qos and then mark traffic based on ACLs. First we make the ACLs:

ip access-list extended ICMP
 permit icmp any any
ip access-list extended TCP
 permit tcp any any

Next we make our class-maps and policy-maps:

class-map match-all ICMP
  match access-group name ICMP
class-map match-all TCP
  match access-group name TCP

policy-map VLAN
  class TCP
   set ip precedence 5
  class ICMP
   set ip precedence 3

Next enable mls qos, vlan-based qos and apply the policy to an SVI. Note that the SVI does not need an IP address:

mls qos

int f0/13
 interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 50
 switchport mode trunk
 mls qos vlan-based

int vlan 100
 service-policy input VLAN
int vlan 200
 service-policy input VLAN

Now run some tests. Here I Ping and Telnet from R5, telnet from R1 and then ping from R3:

R5#ping 192.168.200.2 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 192.168.200.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/3/4 ms
R5#

R5#telnet 192.168.200.2
Trying 192.168.200.2 ... Open

R2>exit

[Connection to 192.168.200.2 closed by foreign host]
R5#

R1#telnet 192.168.100.2 
Trying 192.168.100.2 ... Open

R2>exit

[Connection to 192.168.100.2 closed by foreign host]
R1#

R3#ping 192.168.100.2 re 50

Type escape sequence to abort.
Sending 50, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (50/50), round-trip min/avg/max = 1/3/4 ms
R3#

Verify on R2:

R2#sho int precedence 
Ethernet0/0.100 
  Input
    Precedence 3:  50 packets, 5900 bytes
    Precedence 5:  46 packets, 2953 bytes
Ethernet0/0.200 
  Input
    Precedence 3:  100 packets, 11800 bytes
    Precedence 5:  15 packets, 969 bytes
R2#
posted by deadhead blues at 9:08 AM
Labels: , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)