How to configure Queuing on Cisco 3560 and 3750 switch

Hello Ray

You are correct. When implementing shaping, the command syntax is:

srr-queue bandwidth shape weight1 weight2 weight3 weight4

The syntax of the weight values, as described by Cisco, are as follows:

Specify the weights to specify the percentage of the port that is shaped. The inverse ratio (1/ weight) specifies the shaping bandwidth for this queue. Separate each value with a space. The range is 0 to 65535.

This information was obtained from this Cisco command reference document.

I hope this has been helpful!

Laz

HI Rene,

I have some questions about QoS queuing . Hope to get your insights on it.

mls qos cos x
Q1) When mls cos is turned on and all the ports are untrusted, does the switch reset the COS value for all frames to whatever value set in the “mls qos cos” command ?
Q2) When mls cos is turn on and all the ports are trusted, the switch will only use the value in “mls qos cos” command to set for untagged frames right ?

mls qos trust cos
Q3) When a policy-map + mls qos cos trust is set on the same port, which will have priority ? Assuming the policy-map will set CoS value and the incoming frame also already has a CoS value set.

priority-queue out
Q4) When egress expedite queue is turn on, does the shaped bandwidth defined on queue1 still applies ?

mls qos srr-queue output cos-map queue 2 threshold 3
Q5) Can we mapped the same CoS to more than 1 egress queue ?
CoS 3 to both egress q2 t2 and q3 t1, how will the switch handle the distribution if q2 and q3 has the same weight ?
If the switch send the frame with CoS 3 to q2t2 and q2t2 threshold is already hit, will the switch send the frame to q3t1 or it will simply drop it ?

Regards,
Noob

Hello Sze Jie K

I’ll attempt to answer your questions below:

Yes. When a port is set to untrusted (by default) it does not trust the CoS values of the incoming frames, so those are reset to the value set in the command.

Yes. On a trunk port, if you have the mls qos cos command on a trusted port, then the CoS values will be changed only for untagged frames. The CoS values of tagged frames remain unchanged.

The trust command in a policy map allows you to set the trust state only for the traffic defined within that particular class. mls qos trust applies to ALL traffic entering the interface. Any traffic conforming to the policy map will have priority. Traffic not conforming will have the more general mls qos trust command applied to it.

According to Cisco:

All four queues participate in the SRR unless the expedite queue is enabled, in which case the first bandwidth weight is ignored and is not used in the ratio calculation. The expedite queue is a priority queue, and it is serviced until empty before the other queues are serviced. You enable the expedite queue by using the priority-queue out interface configuration command.

This was obtained from the following documentation, page 29-17:

You can set the same CoS value to be mapped to multiple queues. However, for the rest of your questions, this might need to be labbed up, unless @ReneMolenaar has a ready answer…

I hope this has been helpful!

Laz

Hi Lagapides,

Thank you for your reply.

Actually what I am trying to achieve is to just turn out egress priority queuing for voice traffic with the following conditions

1. only classify voice traffic, rest of the traffic can be group as class-default
2. voice traffic will go to priority queue
3. priority queue must have a maximum bandwidth so that in the event “rogue” traffic get classified into the priority queue , it will not choke up the bandwidth
4. the rest of the traffic is free for all / share all the bandwidth in all the remaining queue, I do not want to classify them.

But it seems that I would need to classify the remaining traffic ? can I mark class-default as CoS 0 and mapped them to all the remaining queue ? – however Cisco support says that each CoS value can only be mapped to 1 queue… – so I am quite confuse…

Hi Sze Jie K,

Let me jump in on this. You are using a 3560 or 3750?

Once you enable QoS, all CoS/DSCP values get assigned to 4 different queues. You can’t change or disable these. If you want to mimic something where only voice traffic gets priorited then you could configure something like this:

Q1: 10% of bandwidth
Q2: 80% of bandwidth
Q3/Q4: each 5% of bandwidth

You can assign the CoS/DSCP values that you use for Voice to Q1 and everything else to Q2. It’s a pain to configure QoS on these switches as it affects all your traffic. It’s not as easy as on a router when you can configure only the priority queue for voice and let everything else be forwarded like it was before QoS.

Rene

Hey Rene,

Good to hear from you.
Just a couple of confirmation to clarify with you

1. For both 3850 and 2960x series switches, besides the priority queue - does lower queue# equates to having higher priority ? (e.g. queue2 has higher priority then queue3)

2. for 2960x - unlike 3850, we are not able to do CBWFQ. If our intention is just to have priority for voice and all equal fair treatment for default traffic ->

Does that means we have to either

a) mark a CoS value to all traffic in default-class + allocate/map this Cos value to just 1 queue
or
b) assign all possible CoS values to just 1 queue ?

3. For 2960x, are we able to assign/map the same CoS marking to more then 1 queue ? e.g. Cos 5 to queue 3 and 4 ?

4. In your earlier response, you assign 5% bandwidth to Q3/Q4, what the point of doing so since everything else is assign to Q2 ?

Hope to hear from you soon!

These switches only have one priority queue, the other queues are served in (weighted) round robin so Q2 doesn’t have a higher priority than Q3.

You can assign a CoS/DSCP value to only one queue and threshold.

I usually keep it simple and assign all CoS/DSCP values to one queue that you use for “best effort” traffic. This saves you the hassle of marking all traffic.

You don’t really use these queues if you use Q1 as the priority queue and Q2 as the “best effort” queue but the problem is that you can’t assign 0 bandwidth or disable the other queues. You can assign the lowest possible values to these queues. I think 1% is possible.

Hi Rene,

Appreciate your wonderful insight.
Hope you bear with me for a couple more of clarifications

q1) I often read in MQC that classification is to be done during ingress and queueing at the egress.
But when defining an egress policy-map using CBWFQ, you will still somehow classify the traffic

e.g.
policy-map VOIP
class VOIP-class <<< isn’t this already classification ?
priority 888

What the point in classifying during ingress then ?

q2) I am seeing the below on my MPLS service provider CE router’s WAN side interface

interface GigabitEthernet0/1
service-policy input xxx-inpolicy

policy-map xxx-inpolicy
class ce_ef_input
class ce_af3_input
class class-default

In xxx-inpolicy, there are just class definitions without any bandwidth policy/shaping, queuing, nor marking done - nothing. What is the point/meaning of classifying the traffic without any action done in the service-policy ?

q3) is there anyway simple way we can monitor the bandwidth usage of a particular queue ? or even a particular class ? I am on 3850 and the show policy-map is reflecting 0 packets/bytes for class-maps (but the queues are reflecting incrementing bytes-output ) – seems like a bug after googling.

Regards,
Alan

Hi Alan,

Let’s have a look.

You are correct, we still classify the traffic here. Usually, we do classification AND marking on the edge of our network. Let’s say we have a network like this:

Phone1 - SW1 - R1 - R2 - R3 - SW2 - Phone2

And let’s say we have some proprietary Voice over IP application that uses a range of UDP ports for RTP. On the edge of my network (SW1 and SW2) I can do something like this:

SW1(config)#ip access-list extended RTP_PROPRIETARY
SW1(config-ext-nacl)#permit udp any any range 16300 17300   

SW1(config)#class-map RTP_PROPRIETARY
SW1(config-cmap)#match access-group name RTP_PROPRIETARY

SW1(config)#policy-map MARKING
SW1(config-pmap)#class RTP_PROPRIETARY
SW1(config-pmap-c)#set dscp ef

We do classification and marking here. This means that on my other devices, I can just configure a policy-map that prioritizes traffic when it has DSCP value EF. This saves me the hassle of configuring this access-list on all devices throughout my network.

This can still be used as a counter. If you want an example, take a look at my Control plane policing lesson:

I kinda use the same technique there to see how many packets I receive.

I’d have to check the 3850. On the older platforms, you can use this command:

SW1#show mls qos interface GigabitEthernet 0/1 statistics 
GigabitEthernet0/1 (All statistics are in packets)

  dscp: incoming  
-------------------------------

  0 -  4 :       19783            0            0            0            0  
  5 -  9 :           0            0            0            0            0  
 10 - 14 :           0            0            0            0            0  
 15 - 19 :           0            0            0            0            0  
 20 - 24 :           0            0            0            0            0  
 25 - 29 :           0            0            0            0            0  
 30 - 34 :           0            0            0            0            0  
 35 - 39 :           0            0            0            0            0  
 40 - 44 :           0            0            0            0            0  
 45 - 49 :           0            0            0            0            0  
 50 - 54 :           0            0            0            0            0  
 55 - 59 :           0         3087            0            0            0  
 60 - 64 :           0            0            0            0  
  dscp: outgoing 
-------------------------------

  0 -  4 :       84603            0            0            0            0  
  5 -  9 :           0            0            0            0            0  
 10 - 14 :           0            0            0            0            0  
 15 - 19 :           0            0            0            0            0  
 20 - 24 :           0            0            0            0            0  
 25 - 29 :           0            0            0            0            0  
 30 - 34 :           0            0            0            0            0  
 35 - 39 :           0            0            0            0            0  
 40 - 44 :           0            0            0            0            0  
 45 - 49 :           0            0            0            0            0  
 50 - 54 :           0            0            0            0            0  
 55 - 59 :           0          112            0            0            0  
 60 - 64 :           0            0            0            0  
  cos: incoming  
-------------------------------

  0 -  4 :       92908            0            0            0            0  
  5 -  7 :           0            0            0  
  cos: outgoing 
-------------------------------

  0 -  4 :      118383            0            0            0            0  
  5 -  7 :       74056            0       286048  
  output queues enqueued: 
 queue:    threshold1   threshold2   threshold3
-----------------------------------------------
 queue 0:           0           0           0 
 queue 1:           0       19773      360104 
 queue 2:           0           0           0 
 queue 3:           0           0       98610 

  output queues dropped: 
 queue:    threshold1   threshold2   threshold3
-----------------------------------------------
 queue 0:           0           0           0 
 queue 1:           0           0           0 
 queue 2:           0           0           0 
 queue 3:           0           0           0 

Policer: Inprofile:            0 OutofProfile:            0 

This doesn’t tell me which class gets dropped but it does tell me which queues are working and how many packets get dropped in each queue.

Which IOS version are you using on the 3850? I tried a simple policy-map on my 3850:

class-map match-any TELNET
 match access-group name TELNET

policy-map COUNT_TELNET
 class TELNET

interface GigabitEthernet1/0/24
 service-policy output COUNT_TELNET

It does show me packets:

SW1#telnet 192.168.1.2 /vrf TEST1 
Trying 192.168.1.2 ... Open

SW5#show policy-map interface GigabitEthernet 1/0/24
 GigabitEthernet1/0/24 

  Service-policy output: COUNT_TELNET

    Class-map: TELNET (match-any)  
      8 packets
      Match: access-group name TELNET
        0 packets, 0 bytes
        5 minute rate 0 bps

    Class-map: class-default (match-any)  
      55 packets
      Match: any 

This is on a 3850 running 03.06.06E (quite old).

Rene

Hello rene there is something I do not understand … the selection of interface must be one for which comes from the Wan and another for which goes out to the network Lan ?

Hello Sebastian

When you apply QoS to a switch, you apply it to a particular port independently of whether or not it is applied elsewhere on the switch as well. QoS mechanisms begin to function when the egress traffic of a particular port exceeds the maximum speed of that port. Then, frames/packets begin to be queued based on the mechanisms you configure.

The selection of interface is the one that you desire to provide some sort of prioritization to traffic being sent from that port.

I hope this has been helpful!

Laz

Thank you very much !

Hello,

For the command " mls qos srr-queue ‘direction’ ‘marking’ ‘queue’ ‘threshold’ ‘values’ " there should be a note for the Threshold like:
Thresholds 1 and 2 are the ones configured in the previous buffer allocation commands. Threshold 3 is 100% (implicit, not configurable).
Also I have a question: the CoS values are assigned to the same queue for both queue-sets? I don’t see any queue-set option in this command.

Also I believe the below examples:
Queue 2 will receive 20/70 = 0.28 * 100 Mbit – 5 Mbit = 27.1 Mbit.
Queue 3 will receive 25/70 = 0.35 * 100 Mbit – 5 Mbit = 33.9 Mbit.
Queue 4 will receive 25/70 = 0.35 * 100 Mbit – 5 Mbit = 33.9 Mbit.
Should be replaced with:
Queue 2 will receive 20/70 = 0.28 * 95 Mbit = 27.1 Mbit.
Queue 3 will receive 25/70 = 0.35 * 95 Mbit = 33.9 Mbit.
Queue 4 will receive 25/70 = 0.35 * 95 Mbit = 33.9 Mbit.

Many thanks,
Stefanita

Hi Rene and staff,
i am learning qos as deep as i can, and it is best to use physical devices
So to do my “own labs” i want my GNS3 routers to interact with my physical SW L3 3750 (i bought 2) and that does not work
So i wonder if you could help ?
First i want to do just a connection as simple as possible, like this

I use GNS3 2.1.11 server on a VMWARE ESXi (5.5) and a laptop W7 (64) as client
My physical server VMWARE is connected to 4 ports trunk (making a network team) in a physical L2 2960 (about ten other VMs works in this server ESXi)
On my VM GNS3, i add a NIC, that is eth1 for the GNS3 cloud (eth0 is for the LAN making GNS3 working fine)

GNS3 network is tagged VLAN ID = 222 on the vSWITCH0
So I tried to collect the traffic from the cloud eth1 from an access port of my physical 2960 (mode access, and switchport access vlan 222), say port g0/5, and connect g0/5 to a port of one of my physical SW 3750, say g2/0/3, to test IP connectivity
From g0/5 (of the 2960) to g2/0/3 (3750) frames are not tagged, so the frame is vlan 1 inside 3750 (i hope i am right !)
So i put the router GNS3 g0/0 and int vlan 1 in my SW 3750 on the same subnet; but i cant ping between these interfaces.
Do i miss something ?

I will really appreciate a help
Regards

Hello Dominique

There are several ways to connect real equipment to a virtual GNS3 network. I’m not sure I can troubleshoot your particular setup, but Rene has a very good example in his GNS3 Vault site at the following link:

Some additional resources that may be helpful include some discussions on the GNS3 site on this topic.

I hope this has been helpful!

Laz

Hi, there.
The section 5 calculation is not entirely correct. There are brackets missing in the calculation.
Should be something like this:
Queue 2 will receive 20/70 = 0.28 * (100 Mbit – 5 Mbit) = 27.1 Mbit.
Queue 3 will receive 25/70 = 0.35 * (100 Mbit – 5 Mbit) = 33.9 Mbit.
Queue 4 will receive 25/70 = 0.35 * (100 Mbit – 5 Mbit) = 33.9 Mbit.
Thank you.

Hello Denis

Thanks for pointing that out, I’ll let @ReneMolenaar know to make the adjustments.

Laz

Hi,

I have two questions

1. My customer has a bunch of 2960s. I see in these 2960s, the qos is configured using mls qos, but the latest 9000 catalyst series using class-maps and policy-maps. What is the difference ?

2. When configuring priority queue on 2960s, I read in Cisco documentation, ‘the expedite queue is a priority queue, and it is serviced until empty before the other queues are serviced. You enable the expedite queue by using the priority-queue out interface configuration command.’ So if this is the case how do I enable policing to rate limit this queue to say 33% of the bandwidth ?

Thanks
Krish

Hello Adrtps

Catalyst 2960s, 3560s, and 3750s use what is known as Multilayer Switch QoS or MLS QoS. This has been replaced with what is known as IOS Modular QoS Command Line Interface (MQC) in platforms including the 9000, 3650/3850, and 4500E. This has to do with the way in which QoS is to be implemented on each type of platform.

The following Cisco live presentation is an excellent resource that shows, in detail, the way in which each type of syntax is to be applied.

Here are some highlights of the presentation:

• Slide 22 - Describes the different types of software and syntax used for various platforms
• Slide 40 - Begins a section that describes in detail the configuration of MLS QoS (2960/3560/3750)
• Slide 58 - Begins a section that describes in detail the configuration of MQC (9000/3850/3650)

Concerning your second question, if Scheduled Round Robin (SRR) is enabled, only then will the expedite queue be serviced and emptied before all others. If you want to apply a specific policing value, you must apply that to the interface as a whole, as shown in the following lesson.

I hope this has been helpful!

Laz

Thank you so much! These are good references

-Krish