Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Using ACL to ID traffic by port on 2610 and mark with certain DSCP values

Bill Petersen
Occasional Visitor

Using ACL to ID traffic by port on 2610 and mark with certain DSCP values

Hello,
I have a need to use ACL's to ID traffic coming into ports on my 2610 by TCP and UDP port and to mark that traffic with certain DSCP values so that my MPLS provider will process the traffic correctly.
Could you please point me to examples that would address that or let me know if you cant do that with the 2610.
thanks
3 REPLIES
Natasha Samoylenko
Trusted Contributor

Re: Using ACL to ID traffic by port on 2610 and mark with certain DSCP values

With 2610 you can only classify traffic based on ONE parameter: IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, or DiffServ.
And you can mark traffic with DSCP and 802.1p values.
Command syntax:
qos dscp

For example:
qos tcp-port 80 dscp 000101

Use can find some examples in Advanced Traffic Guide
http://cdn.procurve.com/training/Manuals/2610-AdvTrafficMgmt-Dec2007-59918641.pdf
"Assigning a DSCP Policy Based on TCP or UDP Port Number"

If you want to combine few parameters, for example, IP and TCP port, you can't do this with 2610.
But you can use layer 3 switches (3500, 5400 etc) with Classifier-Based Policy.
Bill Petersen
Occasional Visitor

Re: Using ACL to ID traffic by port on 2610 and mark with certain DSCP values

Thanks for the Reply

So if you mark traffic of a certain TCP port number with a DSCP value, is that done globally on ingress of any traffic coming into a port on the switch before egress out another port?

Is it a global command?

Do you need to enable qos globally first before issueing the
qos tcp-port XX dscp XXX command ?

thanks

Natasha Samoylenko
Trusted Contributor

Re: Using ACL to ID traffic by port on 2610 and mark with certain DSCP values

1. You need to enable recognition of ToS field in IP packet as DiffServ:
sw1(config)# qos type-of-service diff-services

2. Configure DSCP Policy (dscp-map) to associate DSCP value and 802.1p priority (you must create dscp-map before you can assign DSCP value, before third command):
sw1(config)# qos dscp-map 000101 priority 5

3. Assign DSCP value:
sw1(config)# qos tcp-port 80 dscp 000101

All commands are global.
Traffic classified on ingress in any switch port and marked. On egress port its placed in appropriate queue.

ProCurve switch assign port queue for traffic based on 802.1p priority values.
So if you need to place packets with dscp 000101 in medium queue, you must create a dscp-map (second command). After that switch knows that this traffic corresponds to Medium queue.

Port Queue and 802.1p Priority Values:
Low (1 - 2)
Normal (0, 3)
Medium (4 - 5)
High (6 - 7)


By default switch have association:
queue Medium <--> 802.1p value 4 or 5

The second command create association:
DSCP 000101 <--> 802.1p value 5

The third command create association:
TCP port 80 <--> DSCP 000101

Third command actually create 2 rules:
for traffic which goes FROM TCP port 80 and TO TCP port 80.

You can check all configurations you made with this commands:
Displays how switch recognise ToS field:
show qos type-of-service

Displays the DSCP Policy Table:
show qos dscp-map

Displays a listing of all TCP and UDP QoS classifiers currently in the running-config file:
show qos tcp-udp-port-priority

Hope this helps