Introduction to QoS (Quality of Service)

Do I put QoS on the access ports? If so, why? What is the consequence of putting on trunk ports?

Do I put QoS on the access ports? If so, why? What is the consequence of putting on trunk ports?

Hello David

QoS functions at Layer 3 and Layer 2. Layer 3 QoS will operate when routing packets, as the QoS information is found within the header of the IP packet. At layer 2, QoS information is found within the 802.1Q tag, or the VLAN tag. This VLAN tag exists only on frames that traverse trunk ports. Since frames that enter and exit an access port do not have VLAN tags which contain the tagging information, QoS based on markings cannot be implemented at access ports. There is an exception to this rule, which is access ports that are configured with an additional voice VLAN. This is because voice VLAN frames do have a VLAN tag and can be handled differently than other frames.

This documentation further describes the default Ingress QoS behaviour for access ports.

Enabling QoS on trunk ports will provide rules for handling frames and sending them over the trunk whenever there is congestion. Based on the information in the VLAN tags, priorities are set and acted upon. More info about this can be found at this lesson:

I hope this has been helpful!


I am trying to wrap my head on how the traffic flows and how qos is passed on from one device to another. Lets say that I have a qos config on my switch located on site-A that marked a voice traffic. VoIP server is located on a remote site. So the next hop of the packet will be on Site-A’s router which is then connected say a T1 back to the DC where the VoIP server is located. Question, qos packet coming from the switch is in layer-2, how does the router examine the packet and tag that packet as a priority on layer-3 side prior to forwarding it to the DC? I’ve been looking for some example in a hope that it would shed some light. Hope this question makes sense.

Thank you, in advance for your time on this question.

Hello Benjamin

It’s important to understand that QoS mechanisms take place at both Layer 2 and Layer 3.

At Layer 2, a frame contains all the QoS information in the 802.1Q tag. Remember that this tag only exists on links that are trunks or on voice ports. This means that a frame at layer 2 can only have QoS information if it is travelling over a trunk or if it has just exited an IP phone connected to a switch port configured with a Voice VLAN. Such QoS mechanisms allow switches to correctly prioritize their frames over trunks so that congestion will not affect their transmission. Such QoS mechanisms are local to the switch.

Layer 3 Mechanisms are controlled in the IP header, specifically in the ToS field. These are read by routers and allow them to route voice packets with the necessary priority to avoid delay.

Now it is possible to configure a switch to convert the QoS information in L2 to QoS information for L3 so that routed packets will be treated as they should based on the QoS info found at L2.

But ultimately, to get to your question of how does a route tag a packet as priority, it really depends on how you have set up your QoS.

Voice packets are usually marked at both L2 and L3 at the source, such as an IP phone. The phone will place the appropriate QoS markings so that the network (if properly configured) will treat the packet with the appropriate priority. Devices such as switches and routers can then be configured to appropriately prioritize such packets, or to even modify the QoS markings of those packets (or can even be configured to ignore them!).

The process of examining the traffic and identifying to what kind of application it belongs is called classification. You can find out more about it here:

The process by which classified traffic’s QoS indicators can be modified is called QoS marking, and more about this can be found here:

How the classified and marked traffic is then managed by network devices can be seen in various QoS mechanisms including queuing, shaping, and policing, all of which can be found in lessons found in the QoS course:

I hope this has been helpful!


Hi Rene and staff,

i would suggest that TCP window (size) should be clarified in the lesson Intro to QoS
A comprehensive way for me is written below

First we have a basic mecanism, that is RWND, (also called slide windows, widows size ) in the TCP header: this mecanism prevent the sender to send no more packets that the receiver can hold. If the sender send more packets than the receiver can hold, you create congestion INSIDE the receiver.
But congestion can occur not only inside the receiver but mainly all along the path in routers that you dont know the way they are working, and RWND can do nothing for that !!

So there are another mecanisms/algorithms implemented by TCP: calculation of CWND.
The question is: how some mecanisms/algorithms in L4 can detect a congestion in L3, and make a flow TCP L4 taking the maximum L3 BW available, avoiding congestion all along the path, without any information from the routers along the path, simply just talking with the receiver: this is the magic !
So CWND is just a “window” that is calculated by the sender (not exchanged in the TCP header with the receiver on the contrary of RWND): the calculation is made by these algorithms to go as fast as possible to the best limit available to send packets, avoiding congestion: magic !!

So when WRED drop packets related to a TCP flow (randomly) inside a queue , recalculation of CWND is triggered at the sender (because it do not receive ACK for this packet from the receiver) and the flow TCP is lowered by the sender, and finaly congestion can be avoided in the queue. (Also these mecanisms allow to avoid TCP synchronisation)

To be exhaustive (?), a third mecanism is bits ECN in TOS used by L3 and L4

Hope this is right and helpful

Hello Dominique

Thanks for sharing this information, it is indeed useful for dealing with congestion and understanding various aspects of QoS.

The CWND is used in a feature of TCP called slow start, and you describe it in your post, and it is also further described in the following lesson:

I hope this has been helpful!


Okay, so maybe a feedback on the content.

When there is no packet loss, the window size will increase, doubling every time. Below you can see that hat H2 receives a single TCP segment which is acknowledged. H2 will then inform H1 that the window size can be increased.

This behaviour, of doubling, that is being described in the congestion control section is not for advertised window size but for the congestion window. And this is part of the slow start algorithm. Might be nice to update the article.

On our core-(aggregation-)switch (Cisco 3560E) MLS QoS is enabled and
causes a lot of output drops on those ports with connected access switches.
See the following “sho int” message:

GigabitEthernet0/7 is up, line protocol is up (connected)
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 570205
5 minute output rate 48566000 bits/sec, 10676 packets/sec

GigabitEthernet0/9 is up, line protocol is up (connected)
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 24916656

For optimizing the network we do not need QoS and want to disable
this feature with the command “no mls qos”.
Will any disruption occur in our production network?


Hello Rainer

By issuing the no mls qos command, you will not disrupt the functionality of the device. It will continue to forward traffic normally, but it will simply stop enforcing any QoS mechanisms that may be configured. Even so, it is still a good idea to implement this during a maintenance window.

Keep in mind that although the command itself will not stop the device from continuing to function, it will suddenly change the way that traffic flows on the network. This can have some unpredictable results like unexpected congestion and bottlenecks at various locations. When you do implement this change, make sure that you are on hand to monitor the behaviour of the network and to ensure that it indeed is functioning within normal parameters. You should monitor the network during the next few days as well, especially during peak hours to verify that you are getting the expected results from your change.

Let us know how it goes!

I hope this has been helpful!


I trust everyone is keeping well during the current pandemic. I am working on a QoS assignment in Packet Tracer file and need a little guidance please.

I have been asked to include as many elements as needed to demonstrate an overall knowledge of the design of a secure, durable and scalable converged network for such new development.

The given design considerations are:

• Voice applications traffic, generated by voice-related applications (such as contact call centres)
• Mission-critical traffic, generated, for example, by database applications
• Transactional traffic, generated by e-commerce applications
• Routing update traffic from routing protocols such as Enhanced Interior Gateway Routing Protocol (EIGRP)
• Bulk transfer (such as file transfer or HTTP), considered best-effort traffic

The tasks are:

  1. Design Queuing strategies to cope with the traffic mix mainly at Sligo
  2. Using Access Control Lists (ACL’s) to segregate your different traffic classes
  3. Using the ACL’s then create class maps to cope with the different traffic flows
  4. Create policy maps to contain these class maps
  5. Insert the policy maps at the relevant points on the network
  6. Demonstrate where traffic policing will be implemented within the network
  7. Show also where traffic shaping will take place on the network
  8. Show how PPP multilink could be used and apply if necessary
  9. Show how header compression can be used on the WAN link
  10. Any other scenario which you may consider appropriate

I have created the ACLs based on TCP/UDP ports for the Voice, Video, Mission-Critical, Signalling, Transactional-Data and Bulk-Data. I have created the corresponding Class-Maps. I have created the Policy-Map.

policy-map WAN
class Voice
priority percent 18
set precedence 5
class Video 
Priority percent 15
set precedence 4	
class Signalling 
bandwidth percent 5
set precedence 3
class Mission-Critical-Data
bandwidth percent 10
set precedence 3
random-detect prec-based
class Transactional-Data
bandwidth percent 7
set precedence 2
random-detect prec-based
class Bulk-Data
bandwidth percent 4
set precedence 1
random-detect prec-based
class Class-Default
bandwidth percent 25
set precedence 0

Configuration questions I have and would appreciate some help in understanding are:

  1. Where to place the policy?
    I believe the configured policy-map should in the outbound direction of the Serial 0/0/0 interface

  2. What QoS information should be configured on the Dublin router?

  3. Do I need to include an ACL, CLass-Map and update the Policy for EIGRP updates a Precedence 6?

Thank you in advance for your help.

Hello Martin

This depends on what you want to achieve. What part of your network do you want QoS mechanisms to take place? Usually, this should be wherever you expect to see congestion. On your network, the WAN link is probably where you would most likely see congestion, so I agree, that QoS should be applied on the outbound interface of the Sligo router. Remember that QoS mechanisms can only be applied on interfaces in an outbound direction. Incoming traffic cannot be shaped, as an interface cannot control egress traffic.

Now having said this, where else on your network do you think you may need to implement QoS? It can be implemented on trunk networks as well where CoS values are taking into account in the VLAN tag of the Ethernet frame. You can find out more about L2 QoS at the following lesson:

QoS mechanisms should be implemented in the Dublin router if you choose to also apply these mechanisms for traffic from Dublin to Sligo. It would only make sense to do so, since traffic for such applications is usually symmetric (approximately the same volume of traffic in both directions). These should be similar or the same as those implemented at Sligo.

IP Precedence of 6 is automatically assigned to EIGRP packets, so adding a policy for this will also include EIGRP updates in the QoS mechanisms.

I hope this has been helpful!


Thank you so much Laz. that’s greta help!

So traffic policing should be applied within the network where faster interfaces merge into slower interfaces or where multiple interfaces of the same speed converge and queues may form. In this case the switch interface to router (trunk link), and router to WAN (serial) interface - both in the outgoing direction.

Traffic shapping should take place on the WAN (serial) interface.

However, I don’t know how PPP multilink could be used and applied or how header compression can be used on the WAN link?

Are there any other scenario which could be considered appropriate please?

Hello Martin

The general rule of thumb is, if you have time sensitive traffic on your network (voice, video, mission critical traffic, etc) then you should employ QoS mechanisms everywhere you can within your network. This means trunks, and Layer 3 links.

Remember that QoS mechanisms will only “kick in” when there is congestion. You may never need them, they may actually never be used, but it’s always good to have them, because user traffic can be unpredictable, and will eventually create congestion at one time or another.

So to answer your question directly, anywhere where you have a trunk, or a layer 3 link, it’s good to employ them. You describe very well the reasons and the situations that this is necessary when you state:

Now you use the terms policing, and shaping, but these are two different features. Policing will drop any packets that are violating the required speed limitations, while shaping will attempt to queue any exceeding traffic, and buffer it so it will not be lost. Although these are considered QoS mechanisms, their purpose is to rate limit traffic on particular interfaces. As a result, they can both be detrimental to time sensitive data such as voice, because they will either drop packets, or delay packets, both of which are not good for voice.

What you need to apply is a policy map that creates priority queues. This is what you have already done, so I think the problem here is more with the terminology rather than the application. These prioritization techniques are further described in the lessons below.

PPP Multilink would not be used in your topology, because you only have a single serial link. Multilink is used when there is more than one serial link between two routers.
Header compression on the other hand may be useful, but it is designed to be used on slow serial links of 32 Kbps or less. Only at these speeds does header compression produce a significant performance improvement.

I hope this has been helpful!



Can you explain the difference between bit rate and bandwith?
I think that bit rate is the actual trasmission speed in b/s and the term ‘bandwith’ indicate the maximum amount of data that a cable can carrie on.

Am I correct??

Hello Giovanni

There are various terms used to specify the speed at which data moves on a network. Speed, bandwidth, bit rate, throughput, data rate… All of these terms, and others as well, are used differently by different people and in different contexts. However, generally accepted definitions for the terms you used in the context of networking are:

Bandwidth - The maximum rate of data transfer across a given path. So, for communication over a FastEthernet link, for example, the available bandwidth is 100Mbps.

Bit-rate - The number of bits that are transmitted over a unit of time. This may refer to the actual bit rate at a particular instance, or the maximum available transmission rate over a particular path. This depends upon the context in which it is being used.

The context, as mentioned above, is of utmost importance when determining the meaning in the use of these terms. Because these terms are often used incorrectly, the context is usually the most reliable information to be used to determine the real meaning of what is being said.

I hope this has been helpful!


Hello everyone. I’m new here on the portal but I found it very useful for everyday life. I have a problem to limit the bandwidth of clients in the IOS XR of a 9006. I am proceeding with the blocking according to what was done in the other versions but the same is not working. Can someone help me with this configuration?

ipv4 access-list FILEMON
 10 permit ipv4 any any
class-map match-all FILEMON
 match access-group ipv4 FILEMON 
policy-map FILEMON
 class FILEMON
  police rate 3000000000 bps 
   conform-action transmit
   exceed-action drop
interface Bundle-Ether4.1620
service-policy output FILEMON


Bundle-Ether4.1620 output: FILEMON

Classification statistics (packets/bytes) (rate - kbps)
Matched : 17597918/23085533174 3965118
Transmitted : N/A
Total Dropped : 0/0 0
Policing statistics (packets/bytes) (rate - kbps)
Policed(conform) : 17597918/23085533174 3965118
Policed(exceed) : 0/0 0
Policed(violate) : 0/0 0
Policed and dropped : 0/0
Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 0/0 0
Transmitted : N/A
Total Dropped : N/A

I would like to block this client’s link at 3Gbps but it is not working.

Hello Filemon

At first glance, your configuration looks good. From your output, it seems that all traffic conformed to the policer, and was simply transmitted. What troubles me, and what is probably central to your question, is that the rate in kbps it states is 3965118 or 3.9Gbps, which is beyond the 3Gbps of the policer. In addition, we see N/A in the Transmitted value. Note also that all the traffic is considered conforming.

I suggest you consider the following to continue troubleshooting:

  1. Ensure that traffic is being transmitted and is actually passing through and getting to its destination. Note that your access list is matching all IPv4 traffic. Is there any IPv6 traffic on the network?
  2. Reduce the police rate in the policy-map to a very low number like 1 Mbps and make the exceed action transmit, (if this is a production network, such a configuration will not affect user traffic) and see if all of that excess traffic is still considered conforming or exceeding. This will allow you to see if it is simply a volume of traffic issue, or some misconfiguration.
  3. I notice that you’ve applied the policer to an Ethernet Bundle. QoS on bundles is measured differently, and may actually exceed the maximum of the policer depending on how load balancing across the individual links takes place. Take a look at the following Cisco documentation to see this in detail:

I hope this has been helpful!


This is the first time I use this forum.
I’m study for exam Cisco encore exam.
I’m now reading about QoS.
I alleways learned that you can only add QoS when you have a 1:1 connection.
I do not read anyting about this. why?

Hello Ronald

Great to have you with us! I’m not sure what you mean when you say 1:1 connection, however, QoS involves many mechanisms used to ensure that specific types of traffic get priority whenever there is congestion on the network. QoS includes things like markings of the headers of IP packets, CoS values in the tags of frames on Layer 2, as well as policing and shaping.

QoS markings in IP packets and frames are simply the way that data is catagorized on the network. It is used to identify what traffic should have special treatment, or priority. Shaping and policing are policies that are applied on specific interfaces that, when they experience congestion, will begin to function based on the markings of the packets/frames being processed, as well as on other configured parameters.

More about these can be found in the lessons within the QoS course:

I hope this has been helpful!