Classification and Marking on Catalyst 2950 Switches

Port can be configured to trust CoS, DSCP, or Cisco IP Phone (default = untrusted)

Has default CoS-to-DSCP and DSCP-to-CoS maps

Can set the default CoS by port

Can use class-based marking to set DSCP

No VLAN-based classification Limited ACLs—no port range

Systems, Inc. All rights reserved.

Cisco Catalyst 2950 series switches offer superior and highly granular QoS based on Layer 2 through Layer 4 information to ensure that network traffic is classified and prioritized, and that congestion is avoided in the best possible manner.

Cisco Catalyst 2950 series switches can classify, reclassify, police (determine if the packet is in or out of predetermined profiles and affect actions on the packet), and mark or drop incoming packets before the packets are placed in the shared buffer. Packet classification allows the network elements to discriminate between various traffic flows and enforce policies based on Layer 2 and Layer 3 QoS fields.

The QoS implementation is based on the DiffServ architecture, an IETF standard. The DiffServ architecture specifies that each packet is classified upon entry into the network. The classification is carried in the IP packet header, using six bits from the deprecated IP ToS field to carry the classification information.

Classification can be carried out using prioritization values in the Layer 2 frame information, as follows:

■ Layer 2 802.1Q frame headers are used in trunks, except for native VLAN frames.

■ Other non-802.1Q frame types cannot carry Layer 2 CoS values.

Classification can also be carried out using prioritization bits in the Layer 3 IP packets, with DSCP values 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56 only.

The Catalyst 2950 switch supports four egress queues, which allow you to be discriminating in assigning priorities for the various applications on the LAN. Strict-priority scheduling helps ensure that time-sensitive applications such as voice always follow an expedited path through the switch fabric. WRR scheduling, another significant enhancement, ensures that lower-priority traffic receives attention without comprising the priority settings administered by a network manager. These features allow you to prioritize mission-critical, time-sensitive traffic such as voice (IP telephony traffic); enterprise resource planning (ERP) applications, such as Oracle, SAP, and so on; and computer-aided design (CAD) and computer-aided manufacturing (CAM) over less time-sensitive applications such as FTP or e-mail (Simple Mail Transfer Protocol [SMTP]).

Actions at the egress interface include queuing and scheduling. Queuing evaluates the CoS value and determines which of the four egress queues to place the packet in. Scheduling services the four egress queues based on their configured WRR.

The Catalyst 2950 supports packet classification based on QoS ACLs, as follows:

■ IP standard, IP extended, and Layer 2 MAC ACLs can be used to define a group of packets with the same characteristics (class). In the QoS context, the permit and deny actions in the access control entries (ACEs) have different meanings than with security ACLs.

■ If a match with a permit action is encountered (first-match principle), the specified QoS-related action is taken.

■ If no match with a permit action is encountered and all the ACEs have been examined, no QoS processing occurs on the packet.

■ If multiple ACLs are configured on an interface, the packet matches the first ACL with a permit action, and QoS processing begins.

■ Configuration of a deny action is not supported in QoS ACLs on the switch.

After a traffic class has been defined with the ACL, a policy can be attached to it. A policy might contain multiple classes with actions specified for each one of them. A policy might include commands to classify the class as a particular aggregate (for example, assign a DSCP) or to rate-limit the class. The policy is then attached to a particular port on which it becomes effective.

You can implement IP ACLs to classify IP traffic by using the access-list global configuration command. You can implement Layer 2 MAC ACLs to classify Layer 2 traffic by using the mac access-list extended global configuration command.

In the case of frames that arrive without a CoS value (untagged frames), these switches support classification based on a default CoS value per port assigned by the network administrator. After the frames have been classified or reclassified using one of the above modes, the frames are assigned to the appropriate queue at the egress port.

Note To use the features described in this chapter, you must have the Enhanced Image (EI)

installed on your switch.

Example: Configure Trust Settings on the 2950 Switch

Here are three examples showing how to configure the trust setting on the 2950 switch and how each trust setting affects the internal DSCP value, the egress queue, and the egress CoS/DSCP values.

The first example is to trust the incoming CoS, the second example is to trust the incoming DSCP, and the third example is to trust the incoming CoS and pass through the incoming DSCP.

Was this article helpful?

0 0

Post a comment