Using classifiers to configure QoS for outbound traffic


[NOTE: ]

NOTE: In addition to the information in this section on the various QoS classifiers, see QoS operating notes and restrictions.


Viewing the QoS configuration


[NOTE: ]

NOTE: UDP port priority and TCP port priority are not supported for IPv6 traffic on switches J9779A, J9780A, J9782A, and J9783A.


Examples of the show qos output are included with the example for each priority type.

Syntax:

show qos <priority-classifier>

device-priority: Displays the device priority table/configuration (priority based on the IP address).

dscp-map: Displays mappings between DSCP policy and 802.1p priority.

port-priority: Displays the current source-port priority configuration.

protocol-priority: Displays the protocol priority configuration.

queue-config: Displays the outbound port queue configuration information.

resources: Displays the resources used by the Policy Enforcement Engine.


[NOTE: ]

NOTE: On switches J9779A, J9780A, J9782A, and J9783A, you may run out of QoS resources more quickly.


tcp-udp-port-priority: Displays the TCP/UDP port priorities.

traffic-template: Displays the configured traffic templates and their status.

type-of-service: Displays the current type-of-service priority configuration. The display output differs according to the ToS option used:

  • IP Precedence

  • Diffserve

vlan-priority: Displays the current VLAN priority configuration.

No override

By default, the show command outputs automatically list No-override for priority options that have not been configured. This means that if you do not configure a priority for a specific option, QoS does not prioritize packets to which that option applies, resulting in the No-override state.

  • IP packets received through a VLAN-tagged port are managed using the 802.1p priority they carry in the 802.1Q field in their headers.

  • VLAN-tagged packets received through an untagged port are handled by the switch with “normal” priority.

the show qos vlan-priority output shows the global QoS configurations on the switch that are configured with the VLAN ID classifier. Note that non-default 802.1p priorities have been configured for VLAN IDs 22 and 33; packets received on VLAN 1 are managed with the default settings, as described in the two bulleted items above.

Output for the show qos vlan-priority command (example)

Output for the show qos vlan-priority command (example)

Global TCP/UDP classifier

Global QoS classifier precedence: 1

When you use TCP or UDP and a layer 4 Application port number as a global QoS classifier, traffic carrying the specified TCP/UDP port numbers is marked with a specified priority level, without regard for any other QoS classifiers in the switch.

You can configure up to 50 TCP/UDP application port numbers as QoS classifiers.

Options for assigning priority

The packet-marking options for global TCP/UDP port-number classifiers include:

  • 802.1p priority

  • DSCP policy (Assigning a new DSCP and an associated 802.1p priority)

For a given TCP or UDP port number, you can use only one of the above options at a time. However, for different port numbers, you can use different options.

TCP/UDP port number ranges

There are three ranges:

  • Well-Known Ports: 0 – 1023

  • Registered Ports: 1024 – 49151

  • Dynamic and Private Ports: 49152 – 65535

For more information, including a listing of UDP/TCP port numbers, go to the Internet Assigned Numbers Authority (IANA) website at:

http://www.iana.org

Then click:

Protocol Number Assignment Services

P (under Directory of General Assigned Numbers)

Port Numbers

Assigning an 802.1p priority for a global TCP/UDP classifier

To mark matching TCP or UDP packets with an 802.1p priority, enter the following command:

Syntax:

qos < udp-port | tcp-port > [ ipv4 | ipv6 | ip-all ] < port-number | range start end > priority < 0-7>

Marks an 802.1p priority in outbound packets with the specified TCP or UDP application-port number, where:

ipv4: Marks only IPv4 packets (default).

ipv6: Marks only IPv6 packets.

ip-all: Marks all IP traffic (both IPv4 and IPv6 packets).

port-number: TCP/UDP port number from 1 to 65535.

range <start end>: Marks a range of TCP/UDP ports. If you specify a range, the minimum port number must precede the maximum port number in the range.


[NOTE: ]

NOTE: Port range is not supported on switches J9779A, J9780A, J9782A, and J9783A.


priority <0-7>: Marks the specified 802.1p priority in matching TCP or UDP packets.


[NOTE: ]

NOTE: UDP port priority and TCP port priority are not supported for IPv6 traffic on switches J9779A, J9780A, J9782A, and J9783A.


The 802.1p priority determines the packet's queue in the outbound port on the switch. If the packet leaves the switch on a tagged VLAN port, it carries the 802.1p priority with it to the next downstream device.

Default: Disabled — No 802.1p priority is assigned.

The no form of the command deletes the specified UDP or TCP port number or range of port numbers as a QoS classifier.


[NOTE: ]

NOTE: If you have specified a range of port numbers, you must specify the entire range in the no command; you cannot remove part of a range.


Syntax:

show qos tcp-udp-port-priority

Displays a listing of all TCP and UDP QoS classifiers currently in the running-config file.

Operating notes on using TCP/UDP port ranges

  • Only six concurrent policies are possible when using unique ranges. The number of policies allowed is less if ACLs are also using port ranges.

  • No ranges allowed that include any port numbers configured as part of another QoS application port number policy.

  • An error message is generated if there are not enough hardware resources available when configuring a policy.

  • The entire range of configured port numbers must be specified when using the no form of the command, for example:

    switch(config)#: qos udp-port range 1300 1399 dscp 001110
    
    switch(config)#: no qos range 1300 1399

The following example displays the following configuration for TCP and UDP port prioritization:

Configuration for TCP and UDP port prioritization

TCP/UDP port 802.1p priority for TCP 802.1p priority for UDP
TCP Port 23 (Telnet) 7 7
UDP Port 23 (Telnet) 7 7
TCP Port 80 (World Wide Web HTTP) 2 2
UDP Port 80 (World Wide Web HTTP) 1 1

Configuring 802.1p priority assignments on TCP/UDP ports

Configuring 802.1p priority assignments on TCP/UDP ports

Assigning a DSCP policy for a global TCP/UDP classifier

This global QoS packet-marking option assigns a previously configured or default DSCP policy (codepoint and 802.1p priority) to TCP or UDP packets having the specified port number or range of port numbers. When assigning a DSCP policy, the switch performs the following actions:

  1. Selects an incoming IP packet if the TCP or UDP port number it carries matches the port number specified in the TCP or UDP classifier (as shown in Configuring 802.1p priority assignments on TCP/UDP ports, above).

  2. Overwrites (re-marks) the packet's DSCP with the new DSCP configured for matching packets.

  3. Assigns the 802.1p priority associated with the new DSCP (see Differentiated Services Codepoint (DSCP) mapping).

  4. Forwards the packet through the appropriate outbound port queue.

Creating a DSCP policy based on TCP/UDP port number classifiers

The following procedure creates a DSCP policy for IP packets carrying the selected TCP or UDP port-number classifier.

  1. Identify the TCP or UDP port-number classifier you want to use for assigning a DSCP policy.

  2. Determine the DSCP policy for packets carrying the selected TCP or UDP port number or range of port numbers.

    1. Determine the DSCP you want to assign to the selected packets. (This codepoint will be used to overwrite (re-mark) the DSCP carried in packets received from upstream devices.)

    2. Determine the 802.1p priority you want to assign to the DSCP.

  3. If necessary, use the qos dscp-map <codepoint> priority <0-7> command to configure the DSCP policy (codepoint and associated 802.1p priority) that you want to use to mark matching packets.


    [NOTE: ]

    NOTE: Prerequisite: A DSCP codepoint must have a preconfigured 802.1p priority (0 - 7) before you can use the codepoint to mark matching packets. If a codepoint you want to use shows No-override in the Priority column of the DSCP Policy table (using the show qos dscp-map command), you must first configure a priority for the codepoint before proceeding (using the qos dscp-map priority command).


    qos dscp-map <codepoint> priority <0-7>>

    (Optional) This command is required only if an 802.1p priority is not already assigned to the specified <codepoint> in the DSCP Policy table.

    Valid values for a DSCP codepoint are as follows:

    • A binary value for the six-bit codepoint from 000000 to 111111.

    • A decimal value from 0 (low priority) to 63 (high priority) that corresponds to a binary DSCP bit set

    • An ASCII standard (hexadecimal) name for a binary DSCP bit set:

      af11 (001010) af42 (100100)
      af12 (001100) af43 (100110)
      af13 (001110) ef (101110)
      af21 (010010) cs1 (001000) = precedence 1
      af22 (010100) cs2 (010000) = precedence 2
      af23 (010110) cs3 (011000) = precedence 3
      af31 (011010) cs4 (100000) = precedence 4
      af32 (011100) cs5 (101000) = precedence 5
      af33 (011110) cs6 (110000) = precedence 6
      af41 (100010) cs7 (111000) = precedence 7
      default (000000)  

      Enter ? to display the list of valid codepoint entries.

      When the switch applies the specified DSCP policy to a packet, the priority determines the packet's queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device. For IP packets, the DSCP will be replaced by the codepoint specified in this command.

      (Default: No-override for most codepoints.)

  4. Configure the switch to assign the DSCP policy to packets with the specified TCP or UDP port number or range of port numbers.

    Syntax:

    [no] qos < udp-port | tcp-port > < port-number | range <start end >> < dscp < codepoint >

    Assigns a DSCP policy to outbound packets having the specified TCP or UDP application-port number or port range, and overwrites the DSCP in these packets with the assigned <codepoint> value, where:

    • port-number: specifies a TCP/UDP port-number from 1 to 65535.

    • range <start end>: specifies a range of TCP/UDP ports. If you specify a range, the minimum port number must precede the maximum port number in the range.

    • dscp <codepoint>: overwrites the DSCP codepoint in the IPv4 ToS byte or IPv6 Traffic Class byte of matching packets with the specified value.

      Valid values for the DSCP codepoint are as follows:

      • A binary value for the 6-bit codepoint from 000000 to 111111.

      • A decimal value from 0 (low priority) to 63 (high priority) that corresponds to a binary DSCP bit set

      • An ASCII standard name for a binary DSCP bit set

        Enter ? to display the list of valid codepoint entries.

        The DSCP value you enter must be currently associated with an 802.1p priority in the DSCP Policy table. The 802.1p priority and determines the packet's queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device.

        The default DSCP codepoint is No-override. The DSCP codepoint is not overwritten in matching packets.

      The no form of the command deletes the specified UDP or TCP port number or range of port numbers as a QoS classifier. If you configured a range of port numbers as the QoS classifier, you must enter the entire range in the no command; you cannot remove part of a range.

    Syntax:

    show qos tcp-udp-port-priority

    Displays a listing of all TCP and UDP QoS classifiers currently in the running-config file.

Example:

This example shows how to assign the following DSCP policies to packets that match the specified TCP and UDP port applications:

Port Applications DSCP Policies
DSCP Priority
23-UDP 000111 7
80-TCP 000101 5
914-TCP 000010 1
1001-UDP 000010 1
  1. Determine if the DSCP codepoints that you want to use to mark matching packets already have an 802.1p priority assigned, which could indicate use by existing applications (show qos dscp-map command).

    A DSCP codepoint must also have a priority configured before you can use it to mark matching packets.

    switch(config)# show qos dscp-map
    
      DSCP -> 802.p priority mappings
    
      NOTE: ‘qos type-of-service diff-services’ must be configured
             before DSCP is honored on inbound traffic.
    
      DSCP CodePoint DSCP Value 802.1p tag   DSCP Policy name
      -------------- ---------- -----------  ----------------------
      000000         0          0            cs0
      000001         1          No-override
      000010         2          No-override
      000011         3          No-override
      000100         4          No-override
      000101         5          No-override
      000110         6          No-override
      000111         7          No-override
      001000         8          1            cs1
      001001         9          No-override
  2. Configure the DSCP policies for the codepoints you want to use.

    switch(config)# qos dscp-map af11 priority 3
    switch(config)# qos dscp-map 13 priority 3
    switch(config)# qos dscp-map af13 priority 3
    switch(config)# write memory
    
    switch(config)# show config
    switch configuration:
    
    ; J9146 Configuration Editor; Created on release XX.15.XX
    
    hostname “Switch”
    time daylight-time-rule None
    qos dscp-map af11 priority 3
    qos dscp-map 13 priority 3
    qos dscp-map af13 priority 3
    ...
  3. Assign the DSCP policies to the selected TCP/UDP port applications and display the result.

    switch(config)# qos udp-port 23 dscp 000111
    switch(config)# qos tcp-port 80 dscp 000101
    switch(config)# qos tcp-port 914 dscp 000010
    switch(config)# qos udp-port range 1001 2000 dscp 000010
    
      TCP/UDP port based priorities
    
               | IP Packet Application            |
      Protocol | Type      Port        Apply rule | DSCP   Priority
      -------- + --------- ----------- ---------- + ------ -----------
      UDP      | IPV4      23          DSCP       | 8      7
      TCP      | IPV4      80          DSCP       | 6      5
      TCP      | IPV4      914         DSCP       | 3      1
      UDP      | IPV4      1001-2000   DSCP       | 3      1

    The switch applies the DSCP policies in the about output to IP packets with the specified TCP/UDP port applications that are received in the switch. The switch manages the packets as follows:

    • Overwrites the original DSCPs in the selected packets with the new DSCPs specified in the above policies.

    • Assigns the 802.1p priorities in the above policies to the selected packets.

Global IP-device classifier

Global QoS classifier precedence: 2

The global IP-device classifier enables you to configure up to 300 IP addresses to select IP packets according to source or destination address.

Where a particular device-IP address classifier has the highest precedence in the switch for traffic addressed to or from that device, then traffic received on the switch with that address is marked with the IP address classifier’s configured priority level. Different IP device classifiers can have differing priority levels.


[NOTE: ]

NOTE: QoS IP-device restriction: The switch does not allow a QoS IP-device priority for the Management VLAN IP address (if configured). If no Management VLAN is configured, then the switch does not allow configuring a QoS IP-device priority for the default VLAN IP address.


Options for assigning priority

The packet-marking options for global IP-device classifiers include:

  • 802.1p priority

  • DSCP policy: Assigning a new DSCP and 802.1p priority

For a given IP address or subnet mask, you can assign only one of the above options at a time. However, for different IP addresses, you can use different options.

Assigning a priority for a global IP-device classifier

This global QoS packet-marking option assigns an 802.1p priority to all IP packets that have the specified IP address as either a source or destination. If both the source and destination addresses match, the priority configured for the IP destination address has precedence.

Syntax (IPv4):

qos device-priority <ipv4-address|ipv4-address/mask-length> priority <0-7>

Syntax (IPv6):

[NOTE: ]

NOTE: The global IP-device classifier priority feature for IPv6 is not supported on switches J9779A, J9780A, J9782A, and J9783A.


qos device-priority <ipv6-address|ipv6-address/mask-length> priority <0-7>

Marks an 802.1p priority in outbound packets with the specified IP address or subnet mask in the source or destination field in a packet header, where:

  • ipv4-address or ipv6-address is an IPv4 or IPv6 address used to match the source or destination address in packet headers.


    [NOTE: ]

    NOTE: An IPv6 local-link address (such as fe80::110:252%vlan20) that is automatically generated on a VLAN interface is not supported as an ipv6-address value.


  • ipv4 <ipv4-address/mask-length> is the subnet identified by the IPv4 mask for the specified address that is used to match the IPv4 in the source or destination field of packet headers.

  • ipv6 <ipv6-address/prefix-length> is the subnet identified by the IPv6 prefix-length for the specified address that is used to match the IPv6 address in the source or destination field of packet headers.

    Enter the IPv4 mask or IPv6 prefix length with an address in CIDR format by using the number of significant bits (for example, 2001:db8::1:262:a03:e102:127/64 or 10.28.31.1/24).

  • priority <0-7> marks the specified 802.1p priority in matching IP packets.

The 802.1p priority determines the packet's queue in the outbound port on the switch. If the packet leaves the switch on a tagged VLAN port, it carries the 802.1p priority with it to the next downstream device.

The no form of the command deletes the specified IP address or subnet mask as a QoS classifier, and resets the priority for the VLAN to No-override.

show qos device-priority

Displays a listing of all IP device-priority QoS configurations currently in the running-config file.

Configuring and viewing 802.1p priority

Configuring and viewing the 802.1p priority used to mark packets that match each global IP-device classifier:

IP address / mask or prefix length 802.1p priority
10.28.31.1 7
10.28.31.130 5
10.28.31.100/24 1
2001:db8:2:1:212:79ff:fe88:a100 3
2001:db8:3:3::/64 1
switch(config)#: qos device-priority 10.28.31.1 priority 7
switch(config)#: qos device-priority 10.28.31.130 priority 5
switch(config)#: qos device-priority ipv4 10.28.32.100/24 priority 1
switch(config)#: qos device-priority 2001:db8:2:1:212:79ff:fe88:a100 priority
switch(config)#: qos device-priority ipv6 2001:db8:3:3::/64 priority 1
switch(config)#: show qos device-priority

  Device priorities

  Device Address                                Apply rule | DSCP  Priority
  --------------------------------------------  ---------- + ------ -----------
  10.28.31.1                                    Priority   |        7
  10.28.31.130                                  Priority   |        5
  10.28.32.100/24                               Priority   |        1
  2001:db8:2:1:212:79ff:fe88:a100               Priority   |        3
  2001:db8:3:3::/64                             Priority   |        1

QoS IP Type-of-Service (ToS) policy and priority

Global QoS classifier precedence: 3

You can assign a maximum of 64 ToS rules. This feature applies only to IPv4 traffic and performs either of the following:

  • ToS IP-precedence mode: All IP packets generated by upstream devices and applications include precedence bits in the ToS byte. Using this mode, the switch uses these bits to compute and assign the corresponding 802.1p priority.

  • ToS Differentiated Services (Diffserv) mode: This mode requires knowledge of the codepoints set in IP packets by the upstream devices and applications. It uses the ToS codepoint in IP packets coming from upstream devices and applications to assign 802.1p priorities to the packets. You can use this option to do both of the following:

    • Assign a new prioritization policy: A “policy” includes both a codepoint and a corresponding 802.1p priority. This option selects an incoming IPv4 packet on the basis of its codepoint and assigns a new codepoint and corresponding 802.1p priority. (Use the qos dscp-map command to specify a priority for any codepoint; see Differentiated Services Codepoint (DSCP) mapping.)

    • Assign an 802.1p priority: This option reads the DSCP of an incoming IPv4 packet and, without changing this codepoint, assigns the 802.1p priority to the packet, as configured in the DSCP Policy Table (Partial display from the default DSCP Policy Table). This means that a priority value of 0 – 7 must be configured for a DSCP before the switch will attempt to perform a QoS match on the packet’s DSCP bits.

    Before configuring the ToS Diffserv mode, you must use the qos dscp-map command to configure the desired 802.1p priorities for the codepoints you want to use for either option. See Differentiated Services Codepoint (DSCP) mapping for more information.

Unless IP-Precedence mode and Diffserv mode are both disabled (the default setting), enabling one automatically disables the other.


[NOTE: ]

NOTE: “Mixing” ToS DSCP policies and 802.1p priorities is not recommended. See the ‘Note’ in Packet classifiers and evaluation order.


Assigning an 802.1p priority to IPv4 packets on the basis of the ToS precedence bits

If a device or application upstream of the switch sets the precedence bits in the ToS byte of IPv4 packets, you can use this feature to apply that setting for prioritizing packets for outbound port queues. If the outbound packets are in a tagged VLAN, this priority is carried as an 802.1p value to the adjacent downstream devices.

Syntax:

qos type-of-service ip-precedence

Causes the switch to automatically assign an 802.1p priority to all IPv4 packets by computing each packet’s 802.1p priority from the precedence bits the packet carries. This priority determines the packet’s queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device.

(ToS IP Precedence Default: Disabled)

no qos type-of-service

Disables all ToS classifier operation, including prioritization using the precedence bits.

show qos type-of-service

When the IP-precedence mode is enabled (or if neither ToS option is configured), this command displays the ToS configuration status. If the Diff-serv mode is enabled, codepoint data is displayed.

Using the IP-precedence classifier, prioritization of outbound packets relies on the IP-Precedence bit setting that IP packets carry with them from upstream devices and applications. To configure and verify this option:

Enabling ToS IP-precedence prioritization

Enabling ToS IP-precedence prioritization

To replace this option with the ToS diff-services option, configure diff-services as described below, which automatically disables IP-Precedence. To disable IP-Precedence without enabling the diff-services option, use this command: no qos type-of-service

Assigning an 802.1p priority to IPv4 packets on the basis of incoming DSCP

One of the best uses for this option is on an interior switch where you want to honor (continue) a policy set on an edge switch. That is, it enables you to select incoming packets having a specific DSCP and forward these packets with the desired 802.1p priority. For example, if an edge switch “A” marks all packets received on port 5 with a particular DSCP, you can configure a downstream (interior) switch “B” to handle such packets with the desired priority (regardless of whether 802.1Q tagged VLANs are in use).

Interior switch B honors the policy established in edge switch A

Interior switch B honors the policy established in edge switch A

To do so, assign the desired 802.1p priority to the same codepoint that the upstream or edge switch assigns to the selected packets. When the downstream switch receives an IPv4 packet carrying one of these codepoints, it assigns the configured priority to the packet and sends it out the appropriate priority queue. (The packet retains the codepoint it received from the upstream or edge switch). You can use this option concurrently with the diffserv DSCP Policy option (described later in this section), as long as the DSCPs specified in the two options do not match.


[NOTE: ]

NOTE: Regarding DSCP use: Different applications may use the same DSCP in their IP packets. Also, the same application may use multiple DSCPs if the application originates on different clients, servers, or other devices. Using an edge switch enables you to select the desired packets and mark them with predictable DSCPs that can be used by downstream switches to honor policies set in the edge switch.

When enabled, the switch applies direct 802.1p prioritization to all packets having codepoints that meet these prerequisites:

  • The codepoint is configured with an 802.1p priority in the DSCP table. (Codepoints configured with No-override are not used.)

  • The codepoint is not configured for a new DSCP policy assignment.

Thus, the switch does not allow the same incoming codepoint (DSCP) to be used simultaneously for directly assigning an 802.1p priority and also assigning a DSCP policy. For a given incoming codepoint, if you configure one option and then the other, the second overwrites the first.


To use this option:

  1. Identify a DSCP used to set a policy in packets received from an upstream or edge switch.

  2. Determine the 802.1p priority (0–7) you want to apply to packets carrying the identified DSCP. (You can either maintain the priority assigned in the upstream or edge switch, or assign a new priority.)

  3. Use qos dscp-map <codepoint> priority <0-7> to assign the 802.1p priority you want to the specified DSCP.

  4. Enable diff-services if not already enabled.

Syntax:

qos type-of-service diff-services <codepoint>

Causes the switch to read the <codepoint> (DSCP) of an incoming IPv4 packet and, when a match occurs, assign a corresponding 802.1p priority, as configured in the switch’s DSCP table (Partial display from the default DSCP Policy Table).

no qos type-of-service

Disables all ToS classifier operation.

no qos dscp-map <codepoint>

Disables direct 802.1p priority assignment to packets carrying the <codepoint> by reconfiguring the codepoint priority assignment in the DSCP table to No-override. If this codepoint is in use as a DSCP policy for another diffserv codepoint, you must disable or redirect the other diffserv codepoint’s DSCP policy before you can disable or change the codepoint. For example, in ToS configuration that enables both 802.1p priority and DSCP policy assignment you cannot change the priority for the 000000 codepoint until you redirect the DSCP policy for 000001 away from using 000000 as a policy. (See Note on changing a priority setting“ and Differentiated Services Codepoint (DSCP) mapping.)

show qos type-of-service

Displays current Type-of-Service configuration. In diffserv mode it also shows the current direct 802.1p assignments and the current DSCP assignments covered later in this section.

For example, an edge switch “A” in an untagged VLAN assigns a DSCP of 000110 on IP packets it receives on port 6, and handles the packets with high priority (7). When these packets reach interior switch “B” you want the switch to handle them with the same high priority. To enable this operation, you would configure an 802.1p priority of 7 for packets received with a DSCP of 000110. ToS diff-services must be enabled:

Viewing the codepoints available for 802.1p priority assignments

Viewing the codepoints available for 802.1p priority assignments

ToS configuration that enables both 802.1p priority and DSCP policy assignment

ToS configuration that enables both 802.1p priority and DSCP policy assignment

Assigning a DSCP policy on the basis of the DSCP in IPv4 packets received from upstream devices

The preceding section describes how to forward a policy set by an edge (or upstream) switch. This option changes a DSCP policy in an IPv4 packet by changing its IP ToS codepoint and applying the priority associated with the new codepoint. (A DSCP policy consists of a differentiated services codepoint and an associated 802.1p priority.) You can use this option concurrently with the diffserv 802.1p priority option (above), as long as the DSCPs specified in the two options do not match.

To use this option to configure a change in policy:

  1. Identify the DSCP used to set a policy in packets received from an upstream or edge switch.

  2. Create a new policy by using the qos dscp-map <code-point> priority <0-7> command to configure an 802.1p priority for the codepoint you will use to overwrite the DSCP that the packet carries from upstream.

  3. Use the qos type-of-service diff-services < mapped to DSCP > dscp < mapped from DSCP > command to change the policy on packets coming from the edge or upstream switch with the specified incoming DSCP.

    Interior switch B honors the policy established in edge switch A illustrates this scenario.

Syntax:

qos type-of-service diff-services

Enables ToS Diff-serve QoS so that Diff-serve policy configurations can be applied to incoming packets that have matching codepoints.

Syntax:

qos type-of-service diff-services <current-codepoint> dscp <new-codepoint>

Configures the switch to select an incoming IP packet carrying the <current-codepoint> and then use the <new-codepoint> to assign a new, previously configured DSCP policy to the packet. The policy overwrites the <current-codepoint> with the <new-codepoint> and assigns the 802.1p priority specified by the policy.

Syntax:

no qos type-of-service

Disables all ToS classifier operation. Current ToS DSCP policies and priorities remain in the configuration and will become available if you re-enable ToS Diff-services.

Syntax:

no qos type-of-service [diff-services <codepoint>]

Deletes the DSCP policy assigned to the <codepoint> and returns the <codepoint> to the 802.1p priority setting it had before the DSCP policy was assigned, which is either a value from 0 - 7 or No-override.

Syntax:

show qos type-of-service

Displays a listing of codepoints with any corresponding DSCP policy reassignments for outbound packets. Also displays the 802.1p priority for each codepoint that does not have a DSCP remarking policy assigned to it.

For example, suppose that you want to configure the following two DSCP policies for packets received with the indicated DSCPs.

Received DSCP Policy DSCP 802.1p Priority Policy Name (Optional)
001100 17 6 Level 6
001101 16 4 Level 4
  1. Determine whether the DSCPs already have priority assignments, which could indicate use by existing applications. This is not a problem as long as the configured priorities are acceptable for all applications using the same DSCP. (See Note on changing a priority setting. Also, a DSCP must have a priority configured before you can assign any QoS classifiers to use it. See Differentiated Services Codepoint (DSCP) mapping.)

  2. After configuring the DSCP policies for the codepoints you want to use, assign the policies to the codepoints in the selected packet type.

    Policy assignment to outbound packets on the basis of the DSCP in the packets received from upstream devices

    switch(config)# qos type-of-service diff-services 001100 dscp 17
    switch(config)# qos type-of-service diff-services 001101 dscp 16
    switch(config)# show qos type-of-service
      Type of Service : Differentiated Services
    
      Codepoint DSCP Policy | Priority
      --------- ----------- + -----------
      000000                | No-override
      000001                | No-override
      000010                | No-override
      000011                | No-override
      000100                | No-override
      000101                | No-override
      000110                | No-override
      000111                | No-override
      001000    001011      | 7
      001001                | No-override
      001010                | 1
      001011                | 7
      001100    010001      | 6
      001101    010000      | 4

    The specified DSCP policies overwrite the original DSCPs on the selected packets, and use the 802.1p priorities previously configured.

Details of QoS IP ToS

IP packets include a Type of Service (ToS) byte. The ToS byte includes:

  • A Differentiated Services Codepoint (DSCP): This element is composed of the upper 6 bits of the ToS byte). There are 64 possible codepoints.

    • In the switches covered in this guide, the default qos configuration includes some codepoints with 802.1p priority settings for Assured- Forwarding (af), Expedited Forwarding (ef, codepoint 101110), and Class Selector (cs). Others are unused (listed with No-override for a Priority).

    See The ToS codepoint and precedence bits for an illustration of the default DSCP policy table.

    Using the qos dscp-map command, you can configure the switch to assign different prioritization policies to IPv4 packets having different codepoints. As an alternative, you can configure the switch to assign a new codepoint to an IPv4 packet, along with a corresponding 802.1p priority (0-7). To use this option in the simplest case, you would:

    1. Configure a specific DSCP with a specific priority in an edge switch.

    2. Configure the switch to mark a specific type of inbound traffic with that DSCP (and thus create a policy for that traffic type).

    3. Configure the internal switches in your LAN to honor the policy.

    (For example, you could configure an edge switch to assign a codepoint of 000001 to all packets received from a specific VLAN, and then handle all traffic with that codepoint at high priority.)

    For a codepoint listing and the commands for displaying and changing the DSCP Policy table, see Differentiated Services Codepoint (DSCP) mapping.

  • Precedence Bits: This element is a subset of the DSCP and is composed of the upper 3 bits of the ToS byte. When configured to do so, the switch uses the precedence bits to determine a priority for handling the associated packet. (The switch does not change the setting of the precedence bits.) Using the ToS Precedence bits to prioritize IPv4 packets relies on priorities set in upstream devices and applications.

The ToS codepoint and precedence bits shows an example of the ToS byte in the header for an IPv4 packet, and illustrates the diffserv bits and precedence bits in the ToS byte. (Note that the Precedence bits are a subset of the Differentiated Services bits.)

The ToS codepoint and precedence bits

The ToS codepoint and precedence bits

How the switch uses the ToS configuration

Outbound port ToS option:
802.1p (value = 0 - 7) Differentiated services
IP packet sent out an untagged port in a VLAN Depending on the value of the IP Precedence bits in the packet’s ToS field, the packet will go to one of eight outbound port queues in the switch. See 802.1p priority settings and outbound queue assignment

For a given packet carrying a ToS codepoint that the switch has been configured to detect:

Depending on the 802.1p priority used, the packet will leave the switch through one of the following queues:

1 and 2 = low priority, exits queue 1

0 or 3 = normal priority, exits queue 2

4 and 5 = medium priority, exits queue 3

6 and 7 = high priority, exits queue 4

If No-override (the default) has been configured for a specified codepoint, then the packet is not prioritized by ToS and, by default, is sent to the “normal priority” queue.

IP packet sent out an untagged port in a VLAN Same as above, plus the IP Precedence value (0 - 7) will be used to set a corresponding 802.1p priority in the VLAN tag carried by the packet to the next downstream device. See ToS IP-precedence bit mappings to 802.1p priorities, below. Same as above, plus the Priority value (0 - 7) will be used to set a corresponding 802.1p priority in the VLAN tag carried by the packet to the next downstream device. Where No-override is the assigned priority, the VLAN tag carries a “0” (normal priority) 802.1p setting if not prioritized by other QoS classifiers.

ToS IP-precedence bit mappings to 802.1p priorities

ToS byte IP precedence bits Corresponding 802.1p priority Service priority level
000 1 Lowest
001 2 Low
002 0 Normal
003 3  
004 4  
005 5  
006 6  
007 7 Highest

Global Layer-3 protocol classifier

Global QoS classifier precedence: 4

When a global Layer-3 Protocol classifier is configured as the highest-precedence classifier and the switch receives traffic carrying the specified protocol, matching packets are assigned the priority configured for the classifier.

Assigning a priority for a global Layer-3 protocol classifier

This global QoS packet-marking option assigns an 802.1p priority to outbound packets having the specified Layer-3 protocol.

Syntax:

qos protocol < ip | ipx | arp | appletalk | sna | netbeui> priority < 0 - 7 >

Configures an 802.1p priority for outbound packets having the specified protocol. This priority determines the packet's queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device. You can configure one QoS classifier for each protocol type.

(Default: No-override)

Syntax:

[no] qos protocol < ip | ipx | arp | appletalk | sna | netbeui >>

Disables use of the specified protocol as a QoS classifier and resets the protocol priority to No-override.

Syntax:

show qos protocol-priority

Lists the QoS protocol classifiers with their priority settings.

Configuring global Layer-3 protocol classifiers

To configure the following global Layer-3 protocol classifiers:

  1. Configure QoS protocol classifiers with IP at 0 (normal), ARP at 5 (medium), and AppleTalk at 7 (high) and display the QoS protocol configuration.

  2. Disable the QoS IP protocol classifier, downgrade the ARP priority to 4, and again display the QoS protocol configuration.

The following example shows the necessary configuration commands.

Adding, viewing, removing, and changing QoS protocol classifiers

Adding, viewing, removing, and changing QoS protocol classifiers

QoS VLAN-ID (VID) priority

Global QoS classifier precedence: 5

Where a particular VLAN-ID classifier has the highest precedence in the switch for traffic in that VLAN, then traffic received in that VLAN is marked with the VID classifier’s configured priority level. Different VLAN-ID classifiers can have differing priority levels.

Options for assigning priority

Priority control options for packets carrying a specified VLAN-ID include:

  • 802.1p priority

  • DSCP policy (Assigning a new DSCP and an associated 802.1p priority; inbound packets must be IPv4.)

(For operation when other QoS classifiers apply to the same traffic, see Classifiers for prioritizing outbound packets.)


[NOTE: ]

NOTE: QoS with VID priority applies to static VLANs only, and applying QoS to dynamic VLANs created by GVRP operation is not supported. A VLAN must exist while a subject of a QoS configuration, and eliminating a VLAN from the switch causes the switch to clear any QoS features configured for that VID.


Assigning a priority based on VLAN-ID

This option assigns a priority to all outbound packets having the specified VLAN-ID (VID). You can configure this option by either specifying the VID ahead of the qos command or moving to the VLAN context for the VLAN you want to configure for priority.

Syntax:

vlan <vid> qos priority <0-7>

Configures an 802.1p priority for outbound packets belonging to the specified VLAN. This priority determines the packet’s queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device. You can configure one QoS classifier for each VLAN-ID.

(Default: No-override)

Syntax:

no vlan <vid> qos

Removes the specified VLAN-ID as a QoS classifier and resets the priority for that VLAN to No-override.

Syntax:

show qos vlan-priority

Displays a listing of the QoS VLAN-ID classifiers currently in the running-config file, with their priority data.

  1. For example, suppose that you have the following VLANs configured on the switch and want to prioritize them as shown:

    A list of VLANs available for QoS prioritization

    switch(config)# show vlan
     Status and Counters - VLAN Information
    
      Maximum VLANs to support : 8
      Primary VLAN : DEFAULT_VLAN
    
      802.1Q VLAN ID Name         Status
      -------------- ----------   ------------
      1              DEFAULT_VLAN static
      22             VLAN_22      static
  2. You would then execute the following commands to prioritize the VLANs by VID:

    Configuring and displaying QoS priorities on VLANs

    switch(config)# vlan 1 qos dscp 9
    switch(config)# vlan 22 qos dscp 8
    
    switch(config)# show qos vlan-priority
    
      VLAN priorities
      
      VLAN ID Apply rule  | DSCP   Priority
      ------- ----------- + ------ -----------
      1       DSCP        | 001001 7
      22      DSCP        | 001000 6

    If you then decided to remove VLAN_22 from QoS prioritization:

    Returning a QoS-prioritized VLAN to “No-override” status

    In this instance, No-override indicates that VLAN 22 is not prioritized by QoS.

    switch(config)# no vlan 22 qos
    switch(config)# show qos vlan
    
      VLAN priorities
      
      VLAN ID Apply rule  | DSCP   Priority
      ------- ----------- + ------ -----------
      1       DSCP        | 001001 7
      22      No-override |        No-override

Assigning a DSCP policy based on VLAN-ID

This option assigns a previously configured DSCP policy (codepoint and 802.1p priority) to outbound IP packets having the specified VLAN-ID (VID). The switch performs the following:

  1. Selects an incoming IP packet on the basis of the VLAN-ID it carries.

  2. Overwrites the packet’s DSCP with the DSCP configured in the switch for such packets.

  3. Assigns 802.1p priority configured in the switch for the new DSCP (see Differentiated Services Codepoint (DSCP) mapping).

  4. Forwards the packet through the appropriate outbound port queue.

Steps for creating a policy based on VLAN-ID classifier:
  1. Determine the VLAN-ID classifier to which you want to assign a DSCP policy.

  2. Determine the DSCP policy for packets carrying the selected VLAN-ID:

    1. Determine the DSCP you want to assign to the selected packets. (This codepoint will be used to overwrite the DSCP carried in packets received through the source-port from upstream devices.)

    2. Determine the 802.1p priority you want to assign to the DSCP.

  3. Configure the DSCP policy by using qos dscp-map to configure the priority for each codepoint (see Differentiated Services Codepoint (DSCP) mapping for more information).

  4. Configure the switch to assign the DSCP policy to packets with the specified VLAN-ID.

Syntax:

vlan <vid> qos dscp <codepoint>

Assigns a DSCP policy to packets carrying the specified VLAN-ID, and overwrites the DSCP in these packets with the assigned <codepoint> value. This policy includes an 802.1p priority and determines the packet’s queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with downstream device.

(Default: No-override)

Syntax:

no vlan <vid> qos

Removes QoS classifier for the specified VLAN.

Syntax:

show qos vlan-priority

Displays a listing of the QoS VLAN-ID classifiers currently in the running-config file.

For example, suppose that you wanted to assign this set of priorities:

VLAN-ID DSCP Priority
40 15 7
30 16 5
20 17 1
1 17 1

Assign the DSCP policies to the selected VIDs and display the result.

The completed VID-DSCP priority configuration

switch(config)# vlan 1 qos dscp 17
switch(config)# vlan 20 qos dscp 17
switch(config)# vlan 30 qos dscp 16
switch(config)# vlan 40 qos dscp 15

switch(config)# show qos vlan-priority

 VLAN priorities

  VLAN ID Apply rule  | DSCP   Priority
  ------- ----------- + ------ -----------
  1       DSCP        | 010001 1
  20      DSCP        | 010001 1
  30      DSCP        | 010000 5
  40      DSCP        | 001111 7

The switch will now apply the DSCP policies in The completed VID-DSCP priority configuration to packets received on the switch with the specified VLAN-IDs. This means the switch will:

  • Overwrite the original DSCPs in the selected packets with the new DSCPs specified in the above policies.

  • Assign the 802.1p priorities in the above policies to the appropriate packets.

QoS source-port priority

Global QoS classifier precedence: 6

The QoS source-port option enables you to use a packet’s source-port on the switch as a QoS classifier. Where a particular source-port classifier has the highest precedence in the switch for traffic entering through that port, then traffic received from the port is marked with the source-port classifier’s configured priority level. Different source-port classifiers can have different priority levels.

Options for assigning priority on the switch

Priority control options for packets from a specified source-port include:

  • 802.1p priority

  • DSCP policy: Assigning a new DSCP and an associated 802.1p priority; inbound packets must be IPv4.)

(For operation when other QoS classifiers apply to the same traffic, see Classifiers for prioritizing outbound packets.)

Options for assigning priority from a RADIUS server

You can use a RADIUS server to impose a QoS source-port priority during an 802.1X port-access authentication session. See the RADIUS chapter in the Access Security Guide for your switch.

Assigning a priority based on source-port

This option assigns a priority to all outbound packets having the specified source-port. You can configure this option by either specifying the source-port ahead of the qos command or moving to the port context for the port you want to configure for priority. (If you are configuring multiple source-ports with the same priority, you may find it easier to use the interface <port-list> command to go to the port context instead of individually configuring the priority for each port.)

Syntax:

interface <port-list> qos priority <0-7>

Configures an 802.1p priority for packets entering the switch through the specified (source) ports. This priority determines the packet queue in the outbound ports to which traffic is sent. If a packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device. You can configure one QoS classifier for each source-port or group of source-ports.

(Default: No-override)

Syntax:

no interface <port-list> qos

Disables use of the specified source-ports for QoS classifiers and resets the priority for the specified sourceports to No-override.

Syntax:

show qos port-priority

Lists the QoS port-priority classifiers with their priority data.

For example, suppose that you want to prioritize inbound traffic on the following source-ports:

Source-port Priority
1–3 2
4 3

You would then execute the following commands to prioritize traffic received on the above ports.

Configuring and displaying source-port QoS priorities

switch(config)# interface e 1-3 qos priority 2
switch(config)# interface e 4 qos priority 3
switch(config)# show qos port-priority

  Port priorities
  
  Port Apply rule  | DSCP  Priority    Radius Override
  ---- ----------    ----  --------    ---------------
  1    Priority    |       2           No-override
  2    Priority    |       2           No-override
  3    Priority    |       2           No-override
  4    Priority    |       3           No-override
  5    No-override |       No-override No-override
  .    .                   .           .
  .    .                   .           .

If you then decided to remove port 1 from QoS prioritization:

Returning a QoS-prioritized VLAN to “No-override” status

In this instance, No-override indicates that port 1 is not prioritized by QoS.

switch(config)# no interface e 1 qos
switch(config)# show qos port-priority

  Port priorities
  
  Port Apply rule  | DSCP  Priority    Radius Override
  ---- ----------    ----  --------    ---------------
  1    No-override |       No-override No-override
  2    Priority    |       2           No-override
  3    Priority    |       2           No-override
  4    Priority    |       3           No-override
  5    No-override |       No-override No-override
  .    .                   .           .
  .    .                   .           .

Assigning a DSCP policy based on the source-port

This option assigns a previously configured DSCP policy (codepoint and 802.1p priority) to outbound IP packets (received from the specified sourceports). That is, the switch:

  1. Selects an incoming IP packet on the basis of its source-port on the switch.

  2. Overwrites the packet’s DSCP with the DSCP configured in the switch for such packets.

  3. Assigns 802.1p priority configured in the switch for the new DSCP (see Differentiated Services Codepoint (DSCP) mapping).

  4. Forwards the packet through the appropriate outbound port queue.

Steps for creating a policy based on source-port classifier:

[NOTE: ]

NOTE: You can select one DSCP per source-port. Also, configuring a new DSCP for a source-port automatically overwrites (replaces) any previous DSCP or 802.1p priority configuration for that port.)


  1. Identify the source-port classifier to which you want to assign a DSCP policy.

  2. Determine the DSCP policy for packets having the selected source-port:

    1. Determine the DSCP you want to assign to the selected packets. (This codepoint will be used to overwrite the DSCP carried in packets received through the source-port from upstream devices.)

    2. Determine the 802.1p priority you want to assign to the DSCP.

  3. Configure the DSCP policy by using qos dscp-map to configure the priority for each codepoint (see Differentiated Services Codepoint (DSCP) mapping for more information).

  4. Configure the switch to assign the DSCP policy to packets from the specified source-port.

Syntax:

interface <port-list> qos dscp <codepoint>

Assigns a DSCP policy to packets from the specified sourceports, and overwrites the DSCP in these packets with the assigned <codepoint> value. This policy includes an 802.1p priority and determines the packet’s queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device.

(Default: No-override)

Syntax:

no interface <port-list> qos

Removes QoS classifier for the specified source-ports.

Syntax:

show qos port

Displays a listing of all source-port QoS classifiers currently in the running-config file.

For example, suppose that you wanted to assign this set of priorities that have been configured on the switch:

Source-port DSCP Priority
2 15 7
1, 3 16 5
4, 5 17 1

Assign the DSCP policies to the selected source-ports and display the result.

The completed source-port DSCP-priority configuration

switch(config)# int 4,5
switch(eth-4,5)# qos dscp 17
switch(eth-4,5)# int 1,3
switch(eth-1,3)# qos dscp 16
switch(eth-1,3)# int 2
switch(eth-2)# qos dscp 15

switch(eth-2)# show qos port-priority

Port priorities

  Port Apply rule  | DSCP   Priority    Radius Override
  ---- ----------- + ------ ----------- ---------------
  1    DSCP        | 010000 5           No-override
  2    DSCP        | 001111 7           No-override
  3    DSCP        | 010000 5           No-override
  4    DSCP        | 010001 1           No-override
  5    DSCP        | 010001 1           No-override
  6    No-override |        No-override No-override
  7    No-override |        No-override No-override
  .         .         .          .           .
  .         .         .          .           .

RADIUS override field

During a client session authenticated by a RADIUS server, the server can impose a port priority that applies only to that client session. For more information, see the RADIUS chapter in the access security guide for your switch.