6 Replies Latest reply on Apr 28, 2014 10:34 AM by levi

    Are my qos settings correct?

    mikeatcomtech New Member

      I have this router configured with the following QOS config:

       

      interface vlan 10

        ip address  63.139.44.34  255.255.255.248

        ip access-policy Public

        traffic-shape rate 10000000

        qos-policy out WAN_Outbound

        no shutdown

       

      qos map LAN_Inbound

         map entry 10

           match ACL IQ_subnets_out

           set precedence value to 5

       

         Interfaces using qos map LAN_Inbound:

           vlan 1:Input (enabled)

           vlan 2:Input (enabled)

       

      qos map WAN_Outbound

         map entry 10

           match IP packets with a precedence value of 5

           priority bandwidth: 75 (% of total)  burst: default

       

         Interfaces using qos map WAN_Outbound:

           vlan 10:Output (enabled)

       

       

      I would like to have LLQ enforced on the vlan 10 interface which has 10mbps available. However when I look at the output of show queue vlan 10 it states that the available bandwidth is zero and the queuing method is Weighted Fair:

       

      Queueing method
          Configured Queueing Method: fifo
          Effective  Queueing Method: weighted fair
        Output queue: 0/1/684/64/0 (size/highest/max total/threshold/drops)
          Conversations  0/1/256 (active/max active/max total)
          Available Bandwidth 0 kilobits/sec

       

      Am I misreading the output of show queue vlan 10?  or have I misconfigured something?,3448

        • Re: Are my qos settings correct?
          levi Employee

          mikeatcomtech:

           

          Thank you for asking this question in the Support Community.  From the output above, it appears that you are using an ACL to match inbound traffic and set the IPP value to 5.  Then you are prioritizing IPP 5 out VLAN 10.  Is that your intentions?  If you would like to reply to this post, and attach the current configuration (please, remember to remove any information that may be sensitive to the organization), I will be happy to review it for you.

           

          Levi

            • Re: Are my qos settings correct?
              mikeatcomtech New Member

              Levi,

               

              Yes that is my intention, I'm unsure if the show queue command is not showing the proper info. This is for VOIP and I would like to be using LLQ if possible.

               

               

              !
              ip subnet-zero
              ip classless
              ip routing
              ip domain-proxy
              ip name-server 63.80.96.85 63.80.96.86 66.155.216.122 207.59.153.242
              !
              !
              no auto-config
              !
              event-history on
              no logging forwarding
              logging forwarding priority-level info
              no logging email
              !
              service password-encryption
              !

               

              !
              !
              ip firewall
              no ip firewall alg msn
              no ip firewall alg mszone
              no ip firewall alg h323
              no ip firewall alg sip
              !
              no dot11ap access-point-control
              !
              ip dhcp-server excluded-address 10.52.2.1 10.52.2.20
              ip dhcp-server excluded-address 10.52.2.200 10.52.2.254
              !
              ip dhcp-server pool "Private"
                network 10.52.2.0 255.255.255.0
                dns-server 66.155.216.122 207.59.153.242
                netbios-node-type h-node
                default-router 10.52.2.1
              !
              qos map LAN_Inbound 10
                match list IQ_subnets_out
                set precedence 5
              !
              qos map WAN_Outbound 10
                match precedence 5
                priority percent 75
              !
              !
              !
              !
              vlan 1
                name "Default"
              !
              vlan 2
                name "LAN"
              !
              vlan 10
                name "WAN"
              !
              !
              interface eth 0/1
                no ip address
                shutdown
                no lldp send-and-receive
              !
              !
              interface switchport 0/1
                description WAN Port
                no shutdown
                switchport access vlan 10
              !
              interface switchport 0/2
                no shutdown
                switchport access vlan 10
              !
              interface switchport 0/3
                spanning-tree edgeport
                no shutdown
                switchport access vlan 2
                switchport voice vlan 2
              !
              interface switchport 0/4
                spanning-tree edgeport
                no shutdown
                switchport access vlan 2
              !
              !
              !
              interface vlan 1
                ip address  10.10.10.1  255.255.255.0
                qos-policy in LAN_Inbound
                no shutdown
              !
              interface vlan 2
                ip address  10.52.2.1  255.255.255.0
                ip access-policy Private
                qos-policy in LAN_Inbound
                no shutdown
              !
              interface vlan 10
                ip address  xxxxxx  255.255.255.248
                ip access-policy Public
                traffic-shape rate 10000000
                qos-policy out WAN_Outbound
                no shutdown

               

              ip access-list standard wizard-ics
                remark Internet Connection Sharing
                permit any
              !
              !
              ip access-list extended IQ_subnets_out
                ! Implicit permit (only for empty ACLs)
              !
              ip access-list extended IQ_subnet_out
                permit udp any  69.43.131.224 0.0.0.31 range 50000 55000
                permit udp any  74.123.80.0 0.0.3.255 range 50000 55000
              !
              ip access-list extended self
                remark Traffic to NetVanta
                permit ip any  any     log
              !
              ip access-list extended web-acl-3
                remark Remote Access
                permit tcp any  any eq https   log
                permit tcp any  any eq ssh   log
              !
              ip access-list extended web-acl-6
                permit tcp any  any eq ssh   log
              !
              ip policy-class Private
                allow list self self
                nat source list wizard-ics interface vlan 10 overload
              !
              ip policy-class Public
                allow list web-acl-6 self
              !
              !
              ip route 0.0.0.0 0.0.0.0 63.139.44.33
              !
              no tftp server
              no tftp server overwrite
              ip http server
              ip http secure-server
              no snmp agent
              no ip ftp server
              ip ftp server default-filesystem flash
              no ip scp server
              no ip sntp server
              !
              no ip sip udp
              no ip sip tcp
              !
              line con 0
                login
              !
              line telnet 0 4
                login local-userlist
                password encrypted
                no shutdown
              line ssh 0 4
                login local-userlist
                no shutdown
              !

              ntp peer 64.236.96.53 version 3

                • Re: Are my qos settings correct?
                  levi Employee

                  mikeatcomtech:

                   

                  I do not see anything misconfigured in the configuration output you sent.  Are you certain the phones are sending traffic matching the UDP ports 50000 to 55000?  What firmware version are you using?  What is the output from the show access-lists command?  Are there matches on the "QoS" ACLs?  What about in the show qos map interface vlan 10?

                   

                  Levi

                    • Re: Are my qos settings correct?
                      mikeatcomtech New Member

                      Levi,

                       

                      Here is the output from Show qos map int vlan 10:

                       

                      vlan 10

                       

                        qos-policy out: WAN_Outbound

                       

                         map entry 10

                           match IP packets with a precedence value of 5

                           priority bandwidth: 75 (% of total)

                           burst budget 187282/187500 bytes (current/max)

                           packets matched: 58301468, bytes matched: 12681210796

                           packets dropped: 0, bytes dropped: 0

                           5 minute offered rate 68968 bits/sec, drop rate 0 bits/sec

                       

                         map entry default

                           packets matched: 28155666, bytes matched: 2752020779

                           5 minute offered rate 6528 bits/sec, drop rate 0 bits/sec

                       

                      Perhaps LLQ is not supposed to show in the output of the "show queue vlan 10" command?

                        • Re: Are my qos settings correct?
                          mikeatcomtech New Member

                          Oops, here is the show access lists output:

                           

                           

                          winvale#show access-lists

                          * - Indicates access list entry disabled by track.

                          Standard IP access list wizard-ics

                              remark Internet Connection Sharing

                             permit any (3530647 matches)

                          Extended IP access list IQ_subnets_out

                          Extended IP access list IQ_subnet_out

                             permit udp any  69.43.131.224 0.0.0.31 range 50000 55000    (0 matches)

                             permit udp any  74.123.80.0 0.0.3.255 range 50000 55000    (0 matches)

                          Extended IP access list self

                              remark Traffic to NetVanta

                             permit ip any  any    log (811 matches)

                          Extended IP access list web-acl-3

                              remark Remote Access

                             permit tcp any  any eq https  log (0 matches)

                             permit tcp any  any eq ssh  log (0 matches)

                          Extended IP access list web-acl-6

                             permit tcp any  any eq ssh  log (50104 matches)