Table Of ContentConfiguring QoS
• FindingFeatureInformation, page 1
• PrerequisitesforQoS, page 1
• RestrictionsforQoS, page 3
• InformationAboutQoS, page 4
• HowtoConfigureQoS, page 33
• MonitoringStandardQoS, page 92
• ConfigurationExamplesforQoS, page 93
• WheretoGoNext, page 104
• AdditionalReferences, page 104
• FeatureHistoryandInformationforQoS, page 105
Finding Feature Information
Yoursoftwarereleasemaynotsupportallthefeaturesdocumentedinthismodule.Forthelatestfeature
informationandcaveats,seethereleasenotesforyourplatformandsoftwarerelease.
UseCiscoFeatureNavigatortofindinformationaboutplatformsupportandCiscosoftwareimagesupport.
ToaccessCiscoFeatureNavigator,gotohttp://www.cisco.com/go/cfn.AnaccountonCisco.comisnot
required.
Prerequisites for QoS
BeforeconfiguringstandardQoS,youmusthaveathoroughunderstandingoftheseitems:
•Thetypesofapplicationsusedandthetrafficpatternsonyournetwork.
•Trafficcharacteristicsandneedsofyournetwork.Forexample,isthetrafficonyournetworkbursty?
Doyouneedtoreservebandwidthforvoiceandvideostreams?
•Bandwidthrequirementsandspeedofthenetwork.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1
Configuring QoS
QoS ACL Guidelines
•Locationofcongestionpointsinthenetwork.
QoS ACL Guidelines
FollowtheseguidelineswhenconfiguringQoSwithaccesscontrollists(ACLs):
•ItisnotpossibletomatchIPfragmentsagainstconfiguredIPextendedACLstoenforceQoS.IPfragments
aresentasbest-effort.IPfragmentsaredenotedbyfieldsintheIPheader.
•OnlyoneACLperclassmapandonlyonematchclass-mapconfigurationcommandperclassmapare
supported.TheACLcanhavemultipleACEs,whichmatchfieldsagainstthecontentsofthepacket.
•AtruststatementinapolicymaprequiresmultiplehardwareentriesperACLline.Ifaninputservice
policymapcontainsatruststatementinanACL,theaccesslistmightbetoolargetofitintotheavailable
QoShardwarememory,andanerrorcanoccurwhenyouapplythepolicymaptoaport.Whenever
possible,youshouldminimizethenumberoflinesisaQoSACL.
Related Topics
CreatinganIPStandardACLforIPv4Traffic, onpage47
CreatinganIPExtendedACLforIPv4Traffic, onpage48
CreatinganIPv6ACLforIPv6Traffic, onpage50
CreatingaLayer2MACACLforNon-IPTraffic, onpage52
Policing Guidelines
Note Tousepolicing,theswitchmustberunningtheLANBaseimage.
•TheportASICdevice,whichcontrolsmorethanonephysicalport,supports256policers(255
user-configurablepolicersplus1policerreservedforsysteminternaluse).Themaximumnumberof
user-configurablepolicerssupportedperportis63.Policersareallocatedondemandbythesoftware
andareconstrainedbythehardwareandASICboundaries.
Youcannotreservepolicersperport;thereisnoguaranteethataportwillbeassignedtoanypolicer.
•Onlyonepolicerisappliedtoapacketonaningressport.Onlytheaveragerateandcommittedburst
parametersareconfigurable.
•OnaportconfiguredforQoS,alltrafficreceivedthroughtheportisclassified,policed,andmarked
accordingtothepolicymapattachedtotheport.OnatrunkportconfiguredforQoS,trafficinallVLANs
receivedthroughtheportisclassified,policed,andmarkedaccordingtothepolicymapattachedtothe
port.
•IfyouhaveEtherChannelportsconfiguredonyourswitch,youmustconfigureQoSclassification,
policing,mapping,andqueueingontheindividualphysicalportsthatcomprisetheEtherChannel.You
mustdecidewhethertheQoSconfigurationshouldmatchonallportsintheEtherChannel.
•IfyouneedtomodifyapolicymapofanexistingQoSpolicy,firstremovethepolicymapfromall
interfaces,andthenmodifyorcopythepolicymap.Afteryoufinishthemodification,applythemodified
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
2
Configuring QoS
General QoS Guidelines
policymaptotheinterfaces.Ifyoudonotfirstremovethepolicymapfromallinterfaces,highCPU
usagecanoccur,which,inturn,cancausetheconsoletopauseforaverylongtime.
General QoS Guidelines
ThesearethegeneralQoSguidelines:
•YouconfigureQoSonlyonphysicalports;thereisnosupportforitattheVLANlevel.
•Controltraffic(suchasspanning-treebridgeprotocoldataunits[BPDUs]androutingupdatepackets)
receivedbytheswitcharesubjecttoallingressQoSprocessing.
•Youarelikelytolosedatawhenyouchangequeuesettings;therefore,trytomakechangeswhentraffic
isataminimum.
•Theswitchsupportshomogeneousstackingandmixedstacking.Mixedstackingissupportedonlywith
theCatalyst2960-Sswitches.Ahomogenousstackcanhaveuptoeightstackmembers,whileamixed
stackcanhaveuptofourstackmembers.AllswitchesinaswitchstackmustberunningtheLANBase
image.
Restrictions for QoS
ThefollowingaretherestrictionsforQoS:
•Tousethesefeatures,theswitchmustberunningtheLANBaseimage:stacking,DSCP,auto-QoS,
trustedboundary,policing,marking,mappingtables,andweightedtaildrop.
•Ingressqueueingisnotsupported.
•Theswitchsupports4defaultegressqueues,withtheoptiontoenableanadditional4egressqueuesfor
atotalof8.ThisoptionisonlyavailableonastandaloneswitchrunningtheLANBaseimage.
•Werecommendthatyoudonotenable8egressqueuesbyusingthemlsqossrr-queueoutputqueues
8command,whenrunningthefollowingfeaturesinyourconfiguration:
◦Auto-QoS
◦AutoSmartPort
◦EnergyWise
Runningthesefeatureswith8egressqueueenabledinasingleconfigurationisnotsupportedonthe
switch.
•YoucanconfigureQoSonlyonphysicalports.VLAN-basedQoSisnotsupported.Youconfigurethe
QoSsettings,suchasclassification,queueing,andscheduling,andapplythepolicymaptoaport.When
configuringQoSonaphysicalport,youapplyanonhierarchicalpolicymaptoaport.
•IftheswitchisrunningtheLANLiteimageyoucan:
◦ConfigureACLs,butyoucannotattachthemtophysicalinterfaces.YoucanattachthemtoVLAN
interfacestofiltertraffictotheCPU.
◦Enableonlycostrustatinterfacelevel.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
3
Configuring QoS
Information About QoS
◦EnableSRRshapingandsharingatinterfacelevel.
◦EnablePriorityqueueingatinterfacelevel.
◦Enableordisablemlsqosrewriteipdscp.
•TheswitchmustberunningtheLANBaseimagetousethefollowingQoSfeatures:
◦Policymaps
◦Policingandmarking
◦Mappingtables
◦WTD
Information About QoS
QoS Implementation
Typically,networksoperateonabest-effortdeliverybasis,whichmeansthatalltraffichasequalpriorityand
anequalchanceofbeingdeliveredinatimelymanner.Whencongestionoccurs,alltraffichasanequalchance
ofbeingdropped.
WhenyouconfiguretheQoSfeature,youcanselectspecificnetworktraffic,prioritizeitaccordingtoits
relativeimportance,andusecongestion-managementandcongestion-avoidancetechniquestoprovide
preferentialtreatment.ImplementingQoSinyournetworkmakesnetworkperformancemorepredictableand
bandwidthutilizationmoreeffective.
TheQoSimplementationisbasedontheDifferentiatedServices(Diff-Serv)architecture,astandardfromthe
InternetEngineeringTaskForce(IETF).Thisarchitecturespecifiesthateachpacketisclassifieduponentry
intothenetwork.
TheclassificationiscarriedintheIPpacketheader,using6bitsfromthedeprecatedIPtypeofservice(ToS)
fieldtocarrytheclassification(class)information.ClassificationcanalsobecarriedintheLayer2frame.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
4
Configuring QoS
QoS Implementation
ThespecialbitsintheLayer2frameoraLayer3packetareshowninthefollowingfigure:
Figure 1: QoS Classification Layers in Frames and Packets
Layer 2 Frame Prioritization Bits
Layer2Inter-SwitchLink(ISL)frameheadershavea1-byteUserfieldthatcarriesanIEEE802.1pclassof
service(CoS)valueinthethreeleast-significantbits.OnportsconfiguredasLayer2ISLtrunks,alltrafficis
inISLframes.
Layer2802.1Qframeheadershavea2-byteTagControlInformationfieldthatcarriestheCoSvalueinthe
threemost-significantbits,whicharecalledtheUserPrioritybits.OnportsconfiguredasLayer2802.1Q
trunks,alltrafficisin802.1QframesexceptfortrafficinthenativeVLAN.
OtherframetypescannotcarryLayer2CoSvalues.
Layer2CoSvaluesrangefrom0forlowpriorityto7forhighpriority.
Layer 3 Packet Prioritization Bits
Layer3IPpacketscancarryeitheranIPprecedencevalueoraDifferentiatedServicesCodePoint(DSCP)
value.QoSsupportstheuseofeithervaluebecauseDSCPvaluesarebackward-compatiblewithIPprecedence
values.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
5
Configuring QoS
QoS Basic Model
IPprecedencevaluesrangefrom0to7.DSCPvaluesrangefrom0to63.
End-to-End QoS Solution Using Classification
AllswitchesandroutersthataccesstheInternetrelyontheclassinformationtoprovidethesameforwarding
treatmenttopacketswiththesameclassinformationanddifferenttreatmenttopacketswithdifferentclass
information.Theclassinformationinthepacketcanbeassignedbyendhostsorbyswitchesorroutersalong
theway,basedonaconfiguredpolicy,detailedexaminationofthepacket,orboth.Detailedexaminationof
thepacketisexpectedtooccurclosertotheedgeofthenetwork,sothatthecoreswitchesandroutersarenot
overloadedwiththistask.
Switchesandroutersalongthepathcanusetheclassinformationtolimittheamountofresourcesallocated
pertrafficclass.ThebehaviorofanindividualdevicewhenhandlingtrafficintheDiff-Servarchitectureis
calledper-hopbehavior.Ifalldevicesalongapathprovideaconsistentper-hopbehavior,youcanconstruct
anend-to-endQoSsolution.
ImplementingQoSinyournetworkcanbeasimpletaskorcomplextaskanddependsontheQoSfeatures
offeredbyyourinternetworkingdevices,thetraffictypesandpatternsinyournetwork,andthegranularity
ofcontrolthatyouneedoverincomingandoutgoingtraffic.
QoS Basic Model
ToimplementQoS,theswitchmustdistinguishpacketsorflowsfromoneanother(classify),assignalabel
toindicatethegivenqualityofserviceasthepacketsmovethroughtheswitch,makethepacketscomplywith
theconfiguredresourceusagelimits(policeandmark),andprovidedifferenttreatment(queueandschedule)
inallsituationswhereresourcecontentionexists.Theswitchalsoneedstoensurethattrafficsentfromit
meetsaspecifictrafficprofile(shape).
Figure 2: QoS Basic Wired Model
Actions at Ingress Port
Actionsattheingressportincludeclassifyingtraffic,policing,marking,andscheduling:
•ClassifyingadistinctpathforapacketbyassociatingitwithaQoSlabel.TheswitchmapstheCoSor
DSCPinthepackettoaQoSlabeltodistinguishonekindoftrafficfromanother.TheQoSlabelthat
isgeneratedidentifiesallfutureQoSactionstobeperformedonthispacket.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
6
Configuring QoS
QoS Basic Model
•Policingdetermineswhetherapacketisinoroutofprofilebycomparingtherateoftheincomingtraffic
totheconfiguredpolicer.Thepolicerlimitsthebandwidthconsumedbyaflowoftraffic.Theresultis
passedtothemarker.
•Markingevaluatesthepolicerandconfigurationinformationfortheactiontobetakenwhenapacketis
outofprofileanddetermineswhattodowiththepacket(passthroughapacketwithoutmodification,
markingdowntheQoSlabelinthepacket,ordroppingthepacket).
Note Queueingandschedulingareonlysupportedategressandnotatingressontheswitch.
Actions at Egress Port
Actionsattheegressportincludequeueingandscheduling:
•QueueingevaluatestheQoSpacketlabelandthecorrespondingDSCPorCoSvaluebeforeselecting
whichofthefouregressqueuestouse.Becausecongestioncanoccurwhenmultipleingressports
simultaneouslysenddatatoanegressport,WTDdifferentiatestrafficclassesandsubjectsthepackets
todifferentthresholdsbasedontheQoSlabel.Ifthethresholdisexceeded,thepacketisdropped.
•SchedulingservicesthefouregressqueuesbasedontheirconfiguredSRRsharedorshapedweights.
Oneofthequeues(queue1)canbetheexpeditedqueue,whichisserviceduntilemptybeforetheother
queuesareserviced.
Classification Overview
Classificationistheprocessofdistinguishingonekindoftrafficfromanotherbyexaminingthefieldsinthe
packet.ClassificationisenabledonlyifQoSisgloballyenabledontheswitch.Bydefault,QoSisglobally
disabled,sonoclassificationoccurs.
Duringclassification,theswitchperformsalookupandassignsaQoSlabeltothepacket.TheQoSlabel
identifiesallQoSactionstobeperformedonthepacketandfromwhichqueuethepacketissent.
TheQoSlabelisbasedontheDSCPortheCoSvalueinthepacketanddecidesthequeueingandscheduling
actionstoperformonthepacket.Thelabelismappedaccordingtothetrustsettingandthepackettypeas
showninClassificationFlowchart, onpage10.
Youspecifywhichfieldsintheframeorpacketthatyouwanttousetoclassifyincomingtraffic.
Related Topics
IngressPortActivity
EgressPortActivity
ConfiguringaQoSPolicy, onpage46
Non-IP Traffic Classification
Thefollowingtabledescribesthenon-IPtrafficclassificationoptionsforyourQoSconfiguration.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
7
Configuring QoS
QoS Basic Model
Table 1: Non- IP Traffic Classifications
Non-IP Traffic Classification Description
TrusttheCoSvalue TrusttheCoSvalueintheincomingframe(configurethe
porttotrustCoS),andthenusetheconfigurable
CoS-to-DSCPmaptogenerateaDSCPvalueforthepacket.
Layer2ISLframeheaderscarrytheCoSvalueinthe3
least-significantbitsofthe1-byteUserfield.
Layer2802.1QframeheaderscarrytheCoSvalueinthe3
most-significantbitsoftheTagControlInformationfield.
CoSvaluesrangefrom0forlowpriorityto7forhigh
priority.
TrusttheDSCPortrustIPprecedencevalue TrusttheDSCPortrustIPprecedencevalueintheincoming
frame.Theseconfigurationsaremeaninglessfornon-IP
traffic.Ifyouconfigureaportwitheitheroftheseoptions
andnon-IPtrafficisreceived,theswitchassignsaCoSvalue
andgeneratesaninternalDSCPvaluefromtheCoS-to-DSCP
map.TheswitchusestheinternalDSCPvaluetogenerate
aCoSvaluerepresentingthepriorityofthetraffic.
Performclassificationbasedonconfigured PerformtheclassificationbasedonaconfiguredLayer2
Layer2MACACL MACaccesscontrollist(ACL),whichcanexaminethe
MACsourceaddress,theMACdestinationaddress,and
otherfields.IfnoACLisconfigured,thepacketisassigned
0astheDSCPandCoSvalues,whichmeansbest-effort
traffic.Otherwise,thepolicy-mapactionspecifiesaDSCP
orCoSvaluetoassigntotheincomingframe.
Afterclassification,thepacketissenttothepolicingandmarkingstages.
IP Traffic Classification
ThefollowingtabledescribestheIPtrafficclassificationoptionsforyourQoSconfiguration.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
8
Configuring QoS
QoS Basic Model
Table 2: IP Traffic Classifications
IP Traffic Classification Description
TrusttheDSCPvalue TrusttheDSCPvalueintheincomingpacket(configuretheporttotrust
DSCP),andassignthesameDSCPvaluetothepacket.TheIETFdefines
the6most-significantbitsofthe1-byteToSfieldastheDSCP.Thepriority
representedbyaparticularDSCPvalueisconfigurable.DSCPvaluesrange
from0to63.
YoucanalsoclassifyIPtrafficbasedonIPv6DSCP.
ForportsthatareontheboundarybetweentwoQoSadministrative
domains,youcanmodifytheDSCPtoanothervaluebyusingthe
configurableDSCP-to-DSCP-mutationmap.
TrusttheIPprecedencevalue TrusttheIPprecedencevalueintheincomingpacket(configuretheport
totrustIPprecedence),andgenerateaDSCPvalueforthepacketbyusing
theconfigurableIP-precedence-to-DSCPmap.TheIPVersion4
specificationdefinesthe3most-significantbitsofthe1-byteToSfieldas
theIPprecedence.IPprecedencevaluesrangefrom0forlowpriorityto
7forhighpriority.
YoucanalsoclassifyIPtrafficbasedonIPv6precedence.
TrusttheCoSvalue TrusttheCoSvalue(ifpresent)intheincomingpacket,andgeneratea
DSCPvalueforthepacketbyusingtheCoS-to-DSCPmap.IftheCoS
valueisnotpresent,usethedefaultportCoSvalue.
IPstandardoranextendedACL PerformtheclassificationbasedonaconfiguredIPstandardoranextended
ACL,whichexaminesvariousfieldsintheIPheader.IfnoACLis
configured,thepacketisassigned0astheDSCPandCoSvalues,which
meansbest-efforttraffic.Otherwise,thepolicy-mapactionspecifiesa
DSCPorCoSvaluetoassigntotheincomingframe.
OverrideconfiguredCoS OverridetheconfiguredCoSofincomingpackets,andapplythedefault
portCoSvaluetothem.ForIPv6packets,theDSCPvalueisrewrittenby
usingtheCoS-to-DSCPmapandbyusingthedefaultCoSoftheport.You
candothisforbothIPv4andIPv6traffic.
Afterclassification,thepacketissenttothepolicingandmarkingstages.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
9
Configuring QoS
QoS Basic Model
Classification Flowchart
Figure 3: Classification Flowchart
Access Control Lists
YoucanuseIPstandard,IPextended,orLayer2MACACLstodefineagroupofpacketswiththesame
characteristics(class).YoucanalsoclassifyIPtrafficbasedonIPv6ACLs.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
10
Description:Bandwidth requirements and speed of the network. Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches). 1 .. You implement IP ACLs to classify IP traffic by using the access-list global configuration command; you implement Layer 2 MAC ACLs to classify
