QoS Marking on Cisco IOS Router

This topic is to discuss the following lesson:

Hi Rene,

Why only switches and wireless devices are used to configure for re-marking traffic?
We do it for qos traffic confidentiality ?
The PHB logic is setting QoS marking for every devices right ? According to that do we need to re- match the traffics along the way , I am not clear about that…

Thnx , Thnx & Thnx again

Hi Deniz,

Marking is typically done on the “border” of our network. This could be an IP phone or the switch or router that first receives these packets.

Once the packets are marked, there’s no need to do this again. You can trust the markings and apply an action to it (queuing, policing, shaping, etc.). The only reason to re-mark packets is if you don’t trust your traffic.


Thnx Rene,

You are best !

thankyou v much rene !

Hi, Rene.

Reading this tutorial I had a doubt: what is the difference of I configure the command set precedence and set ip precedence or even if it was set dscp or set ip dscp into the policy-map? What changes in time of the router should mark the packet?

Thank you in advance

Hello Stafanio

According to Cisco, the set ip dscp command was replaced with the set dscp command:

set dscp - 12.2(13)T - This command was introduced. It replaced the set ip dscp command.

Similarly, the set ip precedence command was replaced with the set precedence command:

set precedence - 12.2(13)T This command was introduced. This command replaces the set ip precedence command.

More information about these commands from Cisco can be found here.

I hope this has been helpful!


1 Like

Would it be possible for you to provide marking examples using ECN and CoS?

Hi Chris,

I’ll add ECN (RED/WRED) for sure.

What would you like to know about CoS? It’s similar to DSCP/ IP Precedence but it’s marking on L2 when you use 802.1Q:


Is it possible for you to cover Layer 2 QoS in more detail?

Just going off the blueprint you are expected to know queueing, scheduling, classifcation and marking techniques

Hello Chris.

All of Rene’s lessons concerning Layer 2 QoS can be found under Unit 2 of the Quality of Service course coverage found at the following link:

Unit 2 is titled “LAN QoS” and includes all the L2 QoS found on NetworkLessons.

If you would like something more specific or more detailed than this, feel free to make a suggestion on the Lesson Ideas page found below.

I hope this has been helpful!


You need static routes for this lab to work or some kind of routing


Hello Evan

Yes, you are correct, those static routes should be indicated in the configurations at the end. I will let Rene know.

Thanks for catching that!


Hi All,

I am trying to add DSCP marking for softphones on a cisco 3850. But I am not sure what I am missing and I hoping you can help me. Down below is my config.

config) ip access-list extended VOIP
config-ext-nacl) permit udp any any range 16384 32767

config) ip access-list extended SIP
config-ext-nacl) permit udp any any range 5060 5061
config-ext-nacl) permit tcp any any range 5060 5061

config) class-map match-any VOIP-TRAFFIC
config-cmap) match access-group name VOIP

config-cmap) class-map match-any SIGNALLING
config-cmap) match access-group name SIP

config) policy-map LTU-INGRESS-POLICY
config-pmap) class VOIP-TRAFFIC
config-pmap-c) set dscp ef
config-pmap-c) class SIGNALLING
config-pmap-c) set dscp CS3

int gig1/0/37
service-policy input LTU-INGRESS-POLICY

and this is what I see on the interface:

SW-LAB#show policy-map int gig1/0/37

  Service-policy input: LTU-INGRESS-POLICY

Class-map: VOIP-TRAFFIC (match-any)
  12431 packets
  Match: access-group name VOIP
    0 packets, 0 bytes
    5 minute rate 0 bps
  QoS Set
    dscp ef

Class-map: SIGNALING (match-any)
  545 packets
  Match: access-group name SIP
    0 packets, 0 bytes
    5 minute rate 0 bps
  QoS Set
    dscp cs3

Class-map: class-default (match-any)
  6399 packets
  Match: any

Hello Steve

Looking over your configuration, everything looks to be configured correctly. I don’t see any issues that could be causing the packets not to be matched.

To confirm that SIP and voice packets are indeed passing through that interface and that the access list is correctly configured to match them, I suggest you modify your access lists to log packets like so:

Router(config)#ip access-list extended VOIP
Router(config-ext-nacl)#permit udp any any range 16384 32767 log
Router(config)#ip access-list extended SIP
Router(config-ext-nacl)#permit udp any any range 5060 5061 log
Router(config-ext-nacl)#permit tcp any any range 5060 5061 log

And then apply both access lists to the interface in an inward direction. For example:

Router(config)#int gig1/0/37
Router(config-if)#ip access-group VOIP in
Router(config-if)#ip access-group SIP in

Make some calls on your softphone, and check to see that you are indeed matching packets. The show access-list VOIP and the show access-list SIP commands should show the number of matched packets. If you’re getting matches, then you can go on to troubleshoot the class-map. If you’re not getting matches, then there may be an issue with what traffic is actually passing through that interface.

Hopefully, this will give you a first step in your troubleshooting procedure just to see where the problem may be.

I hope this has been helpful!


Could you pleas help me with a query?
Let’s say hypothetically if I receive certain types of traffic from a company that has certain QoS marking (EF) for example and they are destined to the internet. How do I ensure that this traffic will get the same marking when I receive them back from the internet? Any idea? Is this even possible?

Hello Tarek

The Internet is a “best-effort” network. There are no provisions for implementing quality of service on the Internet itself, so any packets you sent out to the Internet, even if you mark them with EF, for example, will have those markings removed before being forwarded downstream.

However, when you receive packets from the Internet (or from anywhere) you are able to mark them however you like before sending them internally on your network. You can mark them based on whatever parameters you want.

Now having said that, some ISPs on their own internal networks may choose to apply QoS markings and keep them active as long as the packets remain within their networks. In such a case, two customers connected to the same ISP may be able to maintain those markings, if they request this from the ISP.

Could you tell us a little more about what you would like to achieve in your particular case? If you give us some more details, we may be able to suggest a solution that is more suitable to your specific situation. Let us know!

I hope this has been helpful!