QoS Configurations on Catalyst Switches 737
•Configuring QOS for the Catalyst IOS switch
•Enabling priority queuing for the Catalyst IOS switch
•CoS to egress queue mapping for the Catalyst IOS switch
•Layer 2-to-Layer 3 mapping
•Configuring trust boundaries for a Catalyst IOS switch
•Configuring untagged frames for the Catalyst IOS switch
•Configuring QoS access lists in the Catalyst IOS switch
•Connecting a Catalyst OS switch to WAN segments
Configuring Voice VLANs for a Catalyst IOS Switch
The first step in configuring QoS for the access layer is separating the voice traffic from the data traffic. Cisco IP Phones have the capability to use 802.1Q trunks to accomplish this task. The IP Phone can tag the voice traffic with a VLAN identifier, while leaving the data traffic in the native, or untagged, VLAN. The switch must be configured to participate in the 802.1Q trunk from the IP Phone. Assuming that the voice VLAN has been configured for 110 and the data VLAN has been configured for 10, Example 10-34 shows the configurations necessary on the Catalyst 6500, 4500, 3550, and 3524 switches.
Example 10-34 Creating Voice VLANs
CatIOS (config)#interface FastEthernet0/11
CatIOS (config)#switchport access vlan 10
CatIOS (config)#switchport voice vlan 110
CatIOS (config)#spanning-tree portfast
In this example, switch port 0/11, the first IP Phone port in Figure 10-12, has been configured to participate in the 802.1Q trunk from the IP Phones using VLAN 110 for the tagged VLAN that will carry the voice traffic and VLAN 10 for the untagged traffic.
Enabling QoS for the Catalyst IOS Switch
QoS must be enabled globally within the switch to use the multiple queues desired. The command to enable QoS depends on the Catalyst IOS switch. The Catalyst 6500 and 3550 both use the mls qos command to enable QoS, whereas the Catalyst 4500 uses the qos command. QoS on the catalyst 3524 is enabled by default.
In this example, QoS has been enabled on the Catalyst IOS switch.
738 Chapter 10: LAN QoS
Enabling Priority Queuing for the Catalyst IOS Switch
The Catalyst 6500, with selected line cards that support priority queuing, and 3524 transmit frames with a CoS value of 5, typically voice traffic, using the priority queue by default. Although the Catalyst 4500 and the 3550 have a transmit priority queue, they are not configured when QoS is enabled.
The priority queue on a 3550 interface resides in Queue 4. To enable this priority queue, use the priority-queue out interface command, as shown in Example 10-35.
Example 10-35 Enabling the Priority Queue on a Catalyst 3550
3550 (config)#interface fastethernet 0/11
3550 (config-if)#priority-queue out
3550 (config-if)#wrr-queue cos-map 4 5
The priority queue on a 4500 interface resides in Queue 3. Example 10-36 shoes how to configure this priority queue.
Example 10-36 Enabling the Priority Queue on a Catalyst 4500
4500 (config)# interface fastethernet 1/1
4500 (config-if-tx-queue)# tx-queue 3
4500 (config-if-tx-queue)# priority high
Table 10-22 summarizes the priority queues available on the Catalyst IOS switches.
Table 10-22 Priority Queues
Platform |
Priority Queue |
Configuration Command |
|
|
|
6500 |
1p |
On by default |
|
|
|
4500 |
3 |
tx-queue 3 |
|
|
priority high |
|
|
|
3550 |
4 |
priority-queue out |
|
|
|
3524 |
2 |
On by default |
|
|
|
CoS-to-Egress Queue Mapping for the Catalyst IOS Switch
By default, Cisco IP Phones mark voice bearer traffic with a CoS of 5 and voice signaling traffic with a CoS value of 3. The Catalyst 3550 uses transmit Queue 4 for a priority queue; therefore, the CoS value of 5 needs to be mapped to Queue 4 for voice traffic to take advantage of the priority queue. Example 10-37 shows the configuration needed to map the CoS value of 5 into the priority queue, which resides in Queue 4.
QoS Configurations on Catalyst Switches 739
Example 10-37 Mapping CoS 5 to the Priority Queue in a Catalyst 3550
3550 (config)#interface fastethernet 0/11
3550 (config-if)#priority-queue out
3550 (config-if)#wrr-queue cos-map 4 5
The Catalyst 6500 and 4500 place traffic marked with a CoS value of 5 into the priority queue when QoS is enabled and the priority queue has been activated. However, you must perform the additional step of configuring the Catalyst IOS switches’ CoS queue mapping to ensure that traffic with a CoS of 3 is placed into the second queue on the Catalyst 6500 and 4500. Example 10-38 shows the configuration needed to place the call control traffic (CoS 3) in Queue 2, threshold 1, of a Catalyst 6500 switch. CoS 4 is also placed in the same queue.
Example 10-38 Map CoS Value of 3 to Queue 2 Threshold 1
CatIOS (config)# interface fastethernet 0/11
CatIOS (config-if)#wrr-queue cos-map 2 1 3 4
The Catalyst 4500 Supervisor III or IV uses a slightly different configuration for this task. From the global configuration mode, the qos map dscp 3 to tx-queue 3 command is entered to direct frames with a CoS value of 3 to the high-priority queue, Queue 3, on a Catalyst 4500. The queue assignment on a Catalyst 3524 cannot be changed.
Layer 2-to-Layer 3 Mapping
Cisco follows the recommended standard for setting the DSCP classification values for both the VoIP call control traffic and VoIP bearer traffic. The recommended settings are DSCP = AF31 (or decimal 26) for VoIP call control and DSCP = EF (or decimal 46) for VoIP bearer traffic. By default the CoS-to-DSCP mapping does not match this recommendation, as shown in Table 10-23.
Table 10-23 Default CoS-to-DSCP Mapping
CoS Value |
DSCP Value |
|
|
0 |
0 |
|
|
1 |
8 |
|
|
2 |
16 |
|
|
3 |
24 |
|
|
4 |
32 |
|
|
5 |
40 |
|
|
6 |
48 |
|
|
7 |
56 |
|
|
740 Chapter 10: LAN QoS
To map the Layer 2 CoS and Layer 3 IP precedence settings correctly to these DSCP values, you must modify the default CoS/ToS-to-DSCP mappings.
Example 10-39 demonstrates the configuration required for the CoS-to-DSCP mappings in a Catalyst 6500 and 3550.
Example 10-39 Modifying the CoS-to-DSCP Mappings
CatIOS (config)# mls qos map cos-dscp 0 8 16 26 32 46 48 56
Example 10-40 demonstrates the configuration required for the CoS-to-DSCP mappings in a Catalyst 4500.
Example 10-40 Modifying the CoS-to-DSCP Mappings
Cat4500 (config)# qos map cos 3 to dscp 26
Cat4500 (config)# qos map cos 5 to dscp 46
After these command have been applied, the Catalyst 6500, 4500, and 3550 map a CoS value of 3 to IP DSCP 26 (AF31) and a CoS value of 5 to IP DSPC 46 (EF). The Catalyst 3524 operates on Layer 2 tags and does not have the capability to classify or mark based on IP DSCP.
Configuring Trust Boundaries for a Catalyst IOS Switch
Trust boundaries define the point in the network where CoS, IP precedence, or DSCP markings are trusted. Typically this trust is established at the ingress switch port of the access layer switch. The Catalyst 6500, 4500, and 3550 switches establish trust on a per-port basis. By default all listed switches reside in the untrusted state. In other words, any CoS or DSCP value received by the switch is re-marked to a CoS or DSCP value of 0. In Figure 10-12, CallManager 1 is connected to the Catalyst IOS switch on port 1. Assuming that the switch is a 6500 or a 3500, to configure the switch to trust the DSCP values received on port 1, you must place the mls qos trust dscp command on interface 1. If the switch is a 4500, the qos trust dscp command is configured on interface 1. These configurations allow the DSCP values received on the configured interface to be trusted by the switch. In the example, assume that the video server in port 10 can only use CoS values and does not have the capability to classify or mark based on IP DSCP. The Catalyst 6500 and 3550 can be configured to trust the receive CoS value by placing the mls qos trust cos command on interface 10. The Catalyst 4500 uses the qos trust cos command on interface 10 to accomplish the same goal.
The switchport priority extend cos command enables you to overwrite the CoS value presented to an IP Phone from the attached PC. In a typical IP telephony deployment, any CoS value presented by an attached PC should be overwritten with a value of 0. Be cautious if your design includes extending trust to a PC. If you trust one application on a PC, by default, you trust all
QoS Configurations on Catalyst Switches 741
applications on that PC. This can lead to unintentional voice-quality degradation. Example 10-41 shows the switchport priority extend cos configuration of a typical IP telephony deployment.
Example 10-41 Configuring trust-ext
CatIOS (config)#interface FastEthernet0/11
CatIOS (config)#switchport access vlan 10
CatIOS (config)#switchport voice vlan 110
CatIOS (config)#switchport priority extend 0
CatIOS (config)#spanning-tree portfast
Configuring Untagged Frames for the Catalyst IOS Switch
What if the end device does not support 802.1Q trunks? How do you prioritize the traffic of this device? The addition of a Layer 3 switching engine allows the Catalyst to use IP precedence or DSCP to classify this traffic, but what if you do not have a Layer 3 switching engine or you would still prefer to mark the traffic with a CoS value?
You can accomplish this by setting the CoS value on the ingress switch port. By doing this, you are telling the switch to mark any frame received on this port with a specific CoS value. Even though the actual received frame may not have even had an ISL or 802.1Q header, the switch can process the frame as if it had a CoS value set, based on configuration. In Figure 10-12, for example, CallManager 1 is connected to port 1, and CallManager 2 is connected to port 2. The mls qos cos 3 command can be added to interface 1 and 2 on a Catalyst 6500 and a 3550 to mark all inbound traffic with a CoS value of 3. A Catalyst 4500 Supervisor III or IV can use the qos cos 3 command to accomplish the same results, whereas a Catalyst 3524 can use the switchport priority default 3 command.
Because this CoS value is assigned to the port in this example, there is no regard for the end device connected to this port. In other words, any device connected to interface 1 or 2 receive the configured CoS value. Additionally, all traffic from that end device receive this CoS value. In this configuration, for example, web browsing from the CallManager server receives the same priority across your network as call control traffic. For this reason, it is recommended to trust IP DSCP whenever possible, allowing the CallManager to identify the proper QoS classification.
Configuring QoS Access Lists in the Catalyst IOS Switch
The Catalyst 6500, 4500, and 3550 IOS switches enable you to classify traffic based on standard or extended access lists typically deployed on routers. This allows the switches to classify traffic flows by examining Layer 3 and Layer 4 information, providing a much more granular control of QoS.
742 Chapter 10: LAN QoS
In the Example 10-42, three IP access lists (GOLD-DATA, VOICE, and VOICE-CONTROL) are created to specify interesting traffic flows.
Example 10-42 Creating the ACL
CatIOS (config)#ip access-list extended GOLD-DATA
CatIOS (config-ext-nacl)#remark Match IP Address of the application server
CatIOS (config-ext-nacl)#permit ip any host 192.168.100.1
CatIOS (config-ext-nacl)#permit ip host 192.168.100.1 any
CatIOS (config)#ip access-list extended VOICE
CatIOS (config-ext-nacl)#remark Match the UDP ports that VoIP Uses for Bearer Traffic CatIOS (config-ext-nacl)#permit udp any any range 16384 32767
CatIOS (config)#ip access-list extended VOICE-CONTROL
CatIOS (config-ext-nacl)#remark Match VoIP Control Traffic
CatIOS (config-ext-nacl)#remark SCCP
CatIOS (config-ext-nacl)#permit tcp any any range 2000 2002
CatIOS (config-ext-nacl)#remark H323 Fast Start
CatIOS (config-ext-nacl)#permit tcp any any eq 1720
CatIOS (config-ext-nacl)#remark H323 Slow Start
CatIOS (config-ext-nacl)#permit tcp any any range 11000 11999
CatIOS (config-ext-nacl)#remark H323 MGCP
CatIOS (config-ext-nacl)#permit udp any any eq 2427
After the traffic flows have been specified, you use the class-map command to identify these traffic flows. Example 10-43 shows a class-map for each of the IP access lists created in Example 10-42.
Example 10-43 Create Classes Based on the ACL
CatIOS (config)#class-map match-all GOLD-DATA
CatIOS (config-cmap)#description Mission Critical Traffic
CatIOS (config-cmap)#match access-group name GOLD-DATA
CatIOS (config)#class-map match-all VOICE
CatIOS (config-cmap)#description VoIP Bearer Traffic
CatIOS (config-cmap)#match access-group name VOICE
CatIOS (config)#class-map match-all VOICE-CONTROL
CatIOS (config-cmap)#description VoIP Control Traffic (SCCP, H225, H254, MGCP) CatIOS (config-cmap)#match access-group name VOICE-CONTROL
Next, the behavior of the traffic flow can be altered. In Example 10-44, the policy-map command is used to overwrite the DSCP value of all traffic identified in the three classes.
Example 10-44 Set the DSCP Value for the Classes
CatIOS (config)#policy-map CAT-IOS-IN
CatIOS (config-pmap)#description Set DSCP Value for Each Class
CatIOS (config-pmap)#class VOICE-CONTROL
CatIOS (config-pmap-c)#set ip dscp 26
CatIOS (config-pmap)#class VOICE