QoS Marking on Cisco IOS Router

In this lesson, we’ll take a look at marking packets. Marking means that we set the TOS (Type of Service) byte with an IP Precedence value or DSCP value. If you have no idea what precedence or DSCP is about, then you should read my IP Precedence and DSCP value lesson first. I’m also going to assume that you understand what classification is. If you don’t…read my classification lesson first.

Marking on a Cisco catalyst switch is a bit different than on a router. If you want to know how to configure marking on your Cisco switch, then look at this lesson.

Having said that, let’s take a look at the configuration!

Configuration

I will use three routers to demonstrate marking, connected like this:

three routers in a rowI will send some traffic from R1 to R3, and we will use R2 to mark our traffic. I use static routes on R1 and R3 to make all networks reachable. We’ll keep it simple and start by marking telnet traffic.

Let’s create an access-list for classification:

R2(config)#ip access-list extended TELNET-TRAFFIC
R2(config-ext-nacl)#permit tcp any any eq telnet

Now, we need to add the access-list to a class-map:

R2(config)#class-map TELNET-TRAFFIC
R2(config-cmap)#match access-group name TELNET-TRAFFIC

And we’ll add the class-map to a policy-map:

R2(config)#policy-map MARKING
R2(config-pmap)#class TELNET-TRAFFIC
R2(config-pmap-c)#set ?
  atm-clp        Set ATM CLP bit to 1
  cos            Set IEEE 802.1Q/ISL class of service/user priority
  cos-inner      Set Inner CoS
  discard-class  Discard behavior identifier
  dscp           Set DSCP in IP(v4) and IPv6 packets
  fr-de          Set FR DE bit to 1
  ip             Set IP specific values
  mpls           Set MPLS specific values
  precedence     Set precedence in IP(v4) and IPv6 packets
  qos-group      Set QoS Group
  vlan-inner     Set Inner Vlan

There are quite some options for the set command.  When it comes to IP packets, we’ll use the precedence or DSCP values. Let’s start with precedence:

R2(config-pmap-c)#set precedence ?
  <0-7>           Precedence value
  cos             Set packet precedence from L2 COS
  critical        Set packets with critical precedence (5)
  flash           Set packets with flash precedence (3)
  flash-override  Set packets with flash override precedence (4)
  immediate       Set packets with immediate precedence (2)
  internet        Set packets with internetwork control precedence (6)
  network         Set packets with network control precedence (7)
  priority        Set packets with priority precedence (1)
  qos-group       Set packet precedence from QoS Group.
  routine         Set packets with routine precedence (0)

For this example, it doesn’t matter much what we pick. Let’s go for IP precedence 7 (network):

R2(config-pmap-c)#set precedence network

Last but not least, we have to activate the policy-map:

R2(config)#interface FastEthernet 0/0
R2(config-if)#service-policy input MARKING

That’s all there is to it. Let’s see if it works….I’ll telnet from R1 to R3:

R1#telnet 192.168.23.3
Trying 192.168.23.3 ... Open

Now look at R2:

R2#show policy-map interface FastEthernet 0/0
 FastEthernet0/0

  Service-policy input: MARKING

    Class-map: TELNET-TRAFFIC (match-all)
      10 packets, 609 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name TELNET-TRAFFIC
      QoS Set
        precedence 7
          Packets marked 10

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

That’s looking good! Ten packets have been marked with precedence 7. That’s not too bad, right?

Let’s see if we can also mark some packets with a DSCP value, let’s mark some HTTP traffic:

R2(config)#ip access-list extended HTTP-TRAFFIC
R2(config-ext-nacl)#permit tcp any any eq 80

Create a class-map:

R2(config)#class-map HTTP-TRAFFIC
R2(config-cmap)#match access-group name HTTP-TRAFFIC

And we’ll add it to the policy-map:

R2(config)#policy-map MARKING
R2(config-pmap)#class HTTP-TRAFFIC
R2(config-pmap-c)#set dscp ?
  <0-63>     Differentiated services codepoint value
  af11       Match packets with AF11 dscp (001010)
  af12       Match packets with AF12 dscp (001100)
  af13       Match packets with AF13 dscp (001110)
  af21       Match packets with AF21 dscp (010010)
  af22       Match packets with AF22 dscp (010100)
  af23       Match packets with AF23 dscp (010110)
  af31       Match packets with AF31 dscp (011010)
  af32       Match packets with AF32 dscp (011100)
  af33       Match packets with AF33 dscp (011110)
  af41       Match packets with AF41 dscp (100010)
  af42       Match packets with AF42 dscp (100100)
  af43       Match packets with AF43 dscp (100110)
  cos        Set packet DSCP from L2 COS
  cs1        Match packets with CS1(precedence 1) dscp (001000)
  cs2        Match packets with CS2(precedence 2) dscp (010000)
  cs3        Match packets with CS3(precedence 3) dscp (011000)
  cs4        Match packets with CS4(precedence 4) dscp (100000)
  cs5        Match packets with CS5(precedence 5) dscp (101000)
  cs6        Match packets with CS6(precedence 6) dscp (110000)
  cs7        Match packets with CS7(precedence 7) dscp (111000)
  default    Match packets with default dscp (000000)
  ef         Match packets with EF dscp (101110)
  qos-group  Set packet dscp from QoS Group.

Let’s pick something…..AF12 will do:

R2(config-pmap-c)#set dscp af12

Let’s generate some traffic:

R3(config)#ip http server
R1#telnet 192.168.23.3 80
Trying 192.168.23.3, 80 ... Open

And check out the policy-map:

R2#show policy-map interface FastEthernet 0/0
 FastEthernet0/0

  Service-policy input: MARKING

    Class-map: TELNET-TRAFFIC (match-all)
      10 packets, 609 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name TELNET-TRAFFIC
      QoS Set
        precedence 7
          Packets marked 10

    Class-map: HTTP-TRAFFIC (match-all)
      3 packets, 180 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name HTTP-TRAFFIC
      QoS Set
        dscp af12
          Packets marked 3

    Class-map: class-default (match-any)
      99 packets, 5940 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 801 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
509 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Forum Replies

  1. Hi Rene,

    Why only switches and wireless devices are used to configure for re-marking traffic?
    We do it for qos traffic confidentiality ?
    The PHB logic is setting QoS marking for every devices right ? According to that do we need to re- match the traffics along the way , I am not clear about that…

    Thnx , Thnx & Thnx again
    Deniz

  2. Hi Deniz,

    Marking is typically done on the “border” of our network. This could be an IP phone or the switch or router that first receives these packets.

    Once the packets are marked, there’s no need to do this again. You can trust the markings and apply an action to it (queuing, policing, shaping, etc.). The only reason to re-mark packets is if you don’t trust your traffic.

    Rene

  3. Hi, Rene.

    Reading this tutorial I had a doubt: what is the difference of I configure the command set precedence and set ip precedence or even if it was set dscp or set ip dscp into the policy-map? What changes in time of the router should mark the packet?

    Thank you in advance

21 more replies! Ask a question or join the discussion by visiting our Community Forum