Switchport operational mode on a port with an IP Phone connected

October 26, 2008 at 1:36 am | Posted in QoS, Switching | Leave a comment

What is the default switchport mode when you connect an IP Phone to a Cisco switch? It should be trunk, isn’t it. Otherwise, how it can carry two VLAN, one for Voice, and one for Data.

The “show interface switchport” output seems to show the contrary.

SW2 (fa0/1) -------- IP Phone --------- BB1 (simulating a PC)

Rack1SW2#sh cdp nei | in Phone
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
SEP0002B9BBCCF9     Fas 0/1               160            H P      IP Phone 7Port 1
BB1#sh cdp nei | in Phone
SEP0002B9BBCCF9     Eth 0              173          H        IP Phone  Port 2

Rack1SW2#sh arp         
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.0.2                0   00e0.1e67.f6fe  ARPA   Vlan10
Internet  10.0.0.1                -   0014.a86b.df46  ARPA   Vlan10
Internet  20.0.0.1                -   0014.a86b.df47  ARPA   Vlan20
Internet  20.0.0.2                0   0002.b9ac.1af9  ARPA   Vlan20

Rack1SW2#sh run int fa0/1
Building configuration...

Current configuration : 86 bytes
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport voice vlan 20
end

Rack1SW2#sb
Interface              IP-Address      OK? Method Status                Protocol
Vlan8                  155.1.8.8       YES NVRAM  up                    up     
Vlan10                 10.0.0.1        YES manual up                    up     
Vlan20                 20.0.0.1        YES manual up                    up   

Rack1SW2#ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
Rack1SW2#ping 20.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

Rack1SW2#sh int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 20 (VLAN0020)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Advertisements

Private VLANs

October 3, 2008 at 11:54 am | Posted in Switching | Leave a comment
The Scenario is from the IE blog
Private VLAN Diagram (from IE blog)

Private VLAN Diagram (from IE blog)

Configuration:

SW1#
!
vlan 1000
  private-vlan primary
  private-vlan association 1012,1034,1055
! Association of private VLAN members (Secondary) to the Primary VLAN
! needs to be defined here, and AGAIN under the Interface switch port
!
vlan 1012
  private-vlan community
!
vlan 1034
  private-vlan community
!
vlan 1055
  private-vlan isolated
!
!
!
interface FastEthernet0/1
! switchport access vlan 1000 ! MOT required 
 switchport private-vlan host-association 1000 1012 
                              ! Primary followed by member(s)
 switchport mode private-vlan host
!
interface FastEthernet0/3
! switchport access vlan 1000
 switchport private-vlan host-association 1000 1034
 switchport mode private-vlan host
!
interface FastEthernet0/5
 switchport access vlan 1000
 switchport private-vlan host-association 1000 1055
 switchport mode private-vlan host
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk

SW2#
!
vlan 1000
  private-vlan primary
  private-vlan association 1012,1034,1055
!
vlan 1012
  private-vlan community
!
vlan 1034
  private-vlan community
!
vlan 1055
  private-vlan isolated
!
!
interface FastEthernet0/2
 switchport private-vlan host-association 1000 1012
 switchport mode private-vlan host
!
interface FastEthernet0/4
 switchport private-vlan host-association 1000 1034
 switchport mode private-vlan host
!
interface FastEthernet0/6
 switchport private-vlan mapping 1000 1012,1034,1055
 switchport mode private-vlan promiscuous
!
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
!

Verification

Before applying the Private VLAN configuration, make sure that we have reachability across all end points of the VLAN.

Once Private VLAN is applied,

SW1#sh vlan id 1000

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1000 VLAN1000                         active    Fa0/13

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1000 enet  101000     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
1000    1012      community         Fa0/1
1000    1034      community         Fa0/3
1000    1055      isolated          Fa0/5

SW1#sh vlan id 1012

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1012 VLAN1012                         active    Fa0/13

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1012 enet  101012     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
1000    1012      community         Fa0/1

SW1#sh vlan id 1034

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1034 VLAN1034                         active    Fa0/13

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1034 enet  101034     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
1000    1034      community         Fa0/3

SW2#sh vlan id 1000

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1000 VLAN1000                         active    Fa0/13

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1000 enet  101000     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
1000    1012      community         Fa0/2, Fa0/6
1000    1034      community         Fa0/4, Fa0/6
1000    1055      isolated          Fa0/6

R1#bp                                

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.2, 4 ms
Reply to request 0 from 10.0.0.6, 4 ms

R2#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.1, 1 ms
Reply to request 0 from 10.0.0.6, 1 ms

R3#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.6, 4 ms
Reply to request 0 from 10.0.0.4, 4 ms

R4#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.6, 4 ms
Reply to request 0 from 10.0.0.3, 4 ms

R5#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.6, 4 ms

R6#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.2, 1 ms
Reply to request 0 from 10.0.0.5, 4 ms
Reply to request 0 from 10.0.0.3, 4 ms
Reply to request 0 from 10.0.0.4, 4 ms
Reply to request 0 from 10.0.0.1, 1 ms

Catalyst Dot1x Port-based authentication

October 2, 2008 at 5:32 pm | Posted in Security, Switching | Leave a comment

Doc CD Navigation

Configuration

aaa new-model
!
aaa authentication login LINE_VTY line
aaa authentication dot1x default group radius
aaa authorization network default group radius 
!
radius-server host 1.2.3.4 
radius-server key cisco
!
interface fa0/1
 description Connection to R1
 switchport mode access
 switchport access vlan 135
 dot1x port-control force-authorized 

interface range fa0/5-10
 description Ports with Dot1X authentication
 switchport mode access
 switchport access vlan 135
 dot1x port-control auto

Configuring MAC Address Notification Traps

September 30, 2008 at 11:06 am | Posted in IOS services, Switching | Leave a comment

MAC address notification enables you to track users on a network by storing the MAC address activity on the switch. Whenever the switch learns or removes a MAC address, an SNMP notification can be generated and sent to the NMS. If you have many users coming and going from the network, you can set a trap interval time to bundle the notification traps and reduce network traffic. The MAC notification history table stores the MAC address activity for each hardware port for which the trap is enabled. MAC address notifications are generated for dynamic and secure MAC addresses; events are not generated for self addresses, multicast addresses, or other static addresses.

It looks like that MAC address logging can NOT be made to a Syslog server!

DOC CD Navigation

  • Catalyst 3550 Multilayer Switch Software Configuration Guide, Rel. 12.2(25)SEE
  • Administering the Switch
  • Managing the MAC Address Table
  • Configuring MAC Address Notification Traps

Example:

Switch(config)# snmp-server host 172.20.10.10 traps private
Switch(config)# snmp-server enable traps mac-notification
Switch(config)# mac address-table notification
Switch(config)# mac address-table notification interval 60
Switch(config)# mac address-table notification history-size 100
Switch(config)# interface fastethernet0/4
Switch(config-if)# snmp trap mac-notification added

802.1P

September 13, 2008 at 4:36 pm | Posted in Switching | Leave a comment
RSRack1SW1(config-if)#switchport voice vlan ?
  <1-4094>  Vlan for voice traffic
  dot1p     Priority tagged on PVID
  none      Don't tell telephone about voice vlan
  untagged  Untagged on PVID

RSRack1SW1(config-if)#switchport voice vlan dot1p

This command configures the telephone to use IEEE 802.1p priority tagging and uses VLAN 0 (the native VLAN). By default, the Cisco IP phone forwards the voice traffic with an IEEE 802.1p priority of 5.

Doc CD Navigation

  • Catalyst 3560 Switch Software Configuration Guide, Rel. 12.2(46)SE
  • Configuring Voice VLAN
  • Voice VLAN Configuration Guidelines

VTP Prunning Caveat in a mixed VTP mode topology

September 13, 2008 at 4:18 pm | Posted in Switching | Leave a comment
Server  Client   Trans     Client
SW1 ---- SW2 ---- SW3 ----- SW4
                   |         |
                   |VLAN25   |
                   |         |
                   R5       VLAN25

Switch in the transparent mode does not take part in VTP, therefore does not send out prunning messages, except messages it receives from switch in the VTP server/client mode.

Therefore, if we enable prunning on SW1, SW2, SW4, and IF SW1 & SW2 do not have any interfaces in VLAN25, the VLAN 25 will be pruned on the trunk link between SW3 and SW4, even though SW3 may have interface on VLAN25 . Due to this behavior, the reachbility of VLAN25 between SW3 & SW4 will be broken.

To prevent VLAN25 from being pruned, we need to remove it from the Prune Eligible List.

RSRack1SW4#sh int trunk | b prune
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/19      1-2,11,32,43,367

RSRack1SW4(config)#interface FastEthernet0/19
RSRack1SW4(config-if)# switchport trunk pruning vlan remove 25 

RSRack1SW4#sh run int fa0/19
interface FastEthernet0/19
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 11
 switchport trunk pruning vlan 2-24,26-1001
 switchport mode dynamic desirable
end

RSRack1SW4#sh int trunk | b prune
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/19      1-2,11,25,32,43,367

Catalyst QoS: VLAN Access-map for IP traffic filtering

September 12, 2008 at 3:31 pm | Posted in QoS, Switching | Leave a comment

Task: Configuring VLAN access-map to only allow Telnet and Ping and routing (OSPF) traffic within VLAN145.

If the default action of the VLAN access-map is dropping, then we need to explicitly permit ARP frames as well, otherwise, two PC hosts within the VLAN145 won’t be able to ARP for each other MAC address, and the connectivity between them will fail.

Configuration

access-list 100 permit tcp any any eq telnet
access-list 100 permit tcp any eq telnet any
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit ospf any any

!
mac access-list extended ARP
 permit any any 0x806 0x0
!
vlan access-map VLAN145_FILTER 10
 action forward
 match ip address 100
vlan access-map VLAN145_FILTER 15
 action forward
 match mac address ARP
vlan access-map VLAN145_FILTER 20
 action drop
!
vlan filter VLAN145_FILTER vlan-list 145

Catalyst QoS – Using Hierarchical Policy-Maps for Policing Markdown on 3560

September 12, 2008 at 11:44 am | Posted in QoS, Switching | Leave a comment

Configuration

SW2#
class-map match-all IP_TRAFFIC
 match access-group 100
class-map match-all INPUT_INTERFACES
 match input-interface  FastEthernet0/13 - FastEthernet0/15
!
!
policy-map POLICE_32K
 class INPUT_INTERFACES
  police 32000 8000 exceed-action policed-dscp-transmit
policy-map POLICE_64K
 class INPUT_INTERFACES
  police 64000 8000 exceed-action policed-dscp-transmit
policy-map POLICE_VLAN200
 class IP_TRAFFIC
  set ip precedence 5
  service-policy POLICE_64K
policy-map POLICE_VLAN100
 class IP_TRAFFIC
  set ip precedence 4
  service-policy POLICE_32K

mls qos map policed-dscp  32 to 24
mls qos map policed-dscp  40 to 32
mls qos

interface range fa0/13-15
 mls qos vlan-based

interface Vlan100
 service-policy input POLICE_VLAN100
!
interface Vlan200
 service-policy input POLICE_VLAN200

Verification
SW1#ping 200.0.0.4 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 200.0.0.4, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/9 ms

SW2#sh mls qos interface fa0/4 statistics
FastEthernet0/4 (All statistics are in packets)

  dscp: incoming 
-------------------------------

  0 -  4 :           0            0            0            0            0 
  5 -  9 :           0            0            0            0            0 
 10 - 14 :           0            0            0            0            0 
 15 - 19 :           0            0            0            0            0 
 20 - 24 :           0            0            0            0            0 
 25 - 29 :           0            0            0            0            0 
 30 - 34 :           0            0           18            0            0 
 35 - 39 :           0            0            0            0            0 
 40 - 44 :          82            0            0            0            0 
 45 - 49 :           0            0            0            0            0 
 50 - 54 :           0            0            0            0            0 
 55 - 59 :           0            0            0            0            0 
 60 - 64 :           0            0            0            0 
  dscp: outgoing
-------------------------------

  0 -  4 :           0            0            0            0            0 
  5 -  9 :           0            0            0            0            0 
 10 - 14 :           0            0            0            0            0 
 15 - 19 :           0            0            0            0            0 
 20 - 24 :           0            0            0            0            0 
 25 - 29 :           0            0            0            0            0 
 30 - 34 :           0            0           18            0            0 
 35 - 39 :           0            0            0            0            0 
 40 - 44 :          82            0            0            0            0 
 45 - 49 :           0            0            0            0            0 
 50 - 54 :           0            0            0            0            0 
 55 - 59 :           0            0            0            0            0 
 60 - 64 :           0            0            0            0 
  cos: incoming 
-------------------------------

  0 -  4 :         102            0            0            0            0 
  5 -  7 :           0            0            0 
  cos: outgoing
-------------------------------

  0 -  4 :           0            0            0            0           18 
  5 -  7 :          82            0            0 
Policer: Inprofile:            0 OutofProfile:            0 

SW2#clear mls qos int statistic

SW1#ping 100.0.0.4 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 100.0.0.4, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/3/9 ms

SW2#sh mls qos interface fa0/4 statistics          
FastEthernet0/4 (All statistics are in packets)

  dscp: incoming 
-------------------------------

  0 -  4 :           0            0            0            0            0 
  5 -  9 :           0            0            0            0            0 
 10 - 14 :           0            0            0            0            0 
 15 - 19 :           0            0            0            0            0 
 20 - 24 :           0            0            0            0           26 
 25 - 29 :           0            0            0            0            0 
 30 - 34 :           0            0           74            0            0 
 35 - 39 :           0            0            0            0            0 
 40 - 44 :           0            0            0            0            0 
 45 - 49 :           0            0            0            0            0 
 50 - 54 :           0            0            0            0            0 
 55 - 59 :           0            0            0            0            0 
 60 - 64 :           0            0            0            0 
  dscp: outgoing
-------------------------------

  0 -  4 :           0            0            0            0            0 
  5 -  9 :           0            0            0            0            0 
 10 - 14 :           0            0            0            0            0 
 15 - 19 :           0            0            0            0            0 
 20 - 24 :           0            0            0            0           26 
 25 - 29 :           0            0            0            0            0 
 30 - 34 :           0            0           74            0            0 
 35 - 39 :           0            0            0            0            0 
 40 - 44 :           0            0            0            0            0 
 45 - 49 :           0            0            0            0            0 
 50 - 54 :           0            0            0            0            0 
 55 - 59 :           0            0            0            0            0 
 60 - 64 :           0            0            0            0 
  cos: incoming 
-------------------------------

  0 -  4 :         109            0            0            0            0 
  5 -  7 :           0            0            0 
  cos: outgoing
-------------------------------

  0 -  4 :           0            0            0           26           74 
  5 -  7 :           0            0            0 
Policer: Inprofile:            0 OutofProfile:            0

SW2#show mls qos maps policed-dscp 
   Policed-dscp map:
     d1 :  d2 0  1  2  3  4  5  6  7  8  9 
     ---------------------------------------
      0 :    00 01 02 03 04 05 06 07 08 09 
      1 :    10 11 12 13 14 15 16 17 18 19 
      2 :    20 21 22 23 24 25 26 27 28 29 
      3 :    30 31 24 33 34 35 36 37 38 39 
      4 :    32 41 42 43 44 45 46 47 48 49 
      5 :    50 51 52 53 54 55 56 57 58 59 
      6 :    60 61 62 63

Doc CD Navigation

  • Catalyst 3560 Switch Software Configuration Guide, Rel. 12.2(46)S
  • Configuring QoS
  • Configuring Standard QoS
    • Configuring a QoS Policy
      • Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps
    • Configuring DSCP Maps
      • Configuring the Policed-DSCP Map

Catalyst QoS – Per port, Per VLAN classification

September 11, 2008 at 5:26 pm | Posted in QoS, Switching | 1 Comment

Configure SW3 to mark traffic comming to the trunk interface Fa0/16 fromm VLAN201 to IP Precedence 1, and from VLAN 202 to IP Precedence 2.

Topology:

VLAN201          VLAN201
  |                 |
  |                 |
  |                 |
SW2 ------------- SW3
  |                 |
  |		    |
  |		    |
VLAN202          VLAN202

Configuration

SW3#

!
class-map match-all VLAN202
match vlan  202
class-map match-all VLAN201
match vlan  201
!
!
policy-map MARK_PREC
 class VLAN201
  set ip precedence 1
 class VLAN202
  set ip precedence 2

!

Note that within a class-map, match VLAN has to be followed by a match class-map (nested configuration). See the wrong configuration example without match class-map (above) and the error message when the service policy is applied onto the interface:

SW3(config)#int fa0/16
SW3(config-if)#service-policy input MARK_PREC
QoS: match class-map must follow match vlan in class-map VLAN201.
QoS: Policy map MARK_PREC failed vlan check
Service Policy attachment failed
*Mar  1 05:45:32.418: %QM-4-MATCH_NOT_SUPPORTED: Match type is not supported in classmap VLAN201
SW3(config)#class-map match-all VLAN202
SW3(config-cmap)#match vlan  202
SW3(config-cmap)#match class-map IP_TRAFFIC
SW3(config)#class-map match-all VLAN201
SW3(config-cmap)#match vlan  201
SW3(config-cmap)#match class-map IP_TRAFFIC
SW3(config-cmap)#int fa0/16
SW3(config-if)#service-policy input MARK_PREC

Verification

SW3(config)#int vlan 201
SW3(config-if)#ip accounting precedence input
SW3#
SW3#
SW3#sh int vlan 201 precedence
Vlan201
  Input
    (none)

SW2#ping 201.0.0.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 201.0.0.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms

SW3#sh int vlan 201 precedence
Vlan201
  Input
    Precedence 0:  5 packets, 590 bytes
SW3#sh mls qos
QoS is disabled

SW3#c
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#mls qos
QoS: ensure flow-control on all interfaces are OFF for proper operation.
SW3(config)#
SW3#
SW3#

SW3#sh mls qos
QoS is enabled

SW2#ping 201.0.0.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 201.0.0.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms

SW3#sh int vlan 201 precedence
Vlan201
  Input
    Precedence 0:  5 packets, 590 bytes
    Precedence 1:  5 packets, 590 bytes

SW2#ping 202.0.0.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.0.0.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

SW3#sh int vlan 202 precedence
Vlan202
  Input
    Precedence 2:  5 packets, 590 bytes

Alternatively on a C3550 we can use “mls qos monitor dscp” on physical interface to count number of packets with a particular IP Precendence or DSCP values.

SW3#c
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#int fa0/16
SW3(config-if)#mls qos
SW3(config-if)#mls qos mo
SW3(config-if)#mls qos monitor ?
  bytes    Collect byte statistics
  dscp     Collect DSCP statistics
  packets  Collect packet statistics

SW3(config-if)#mls qos monitor ds
SW3(config-if)#mls qos monitor dscp ?
  <0-63>  DSCP values separated by spaces (up to 8 values total)

SW3(config-if)#mls qos monitor dscp 0 ?
  <0-63>  DSCP values separated by spaces (up to 8 values total)
  <cr>

SW3(config-if)#mls qos monitor dscp 0 8 16
SW3(config-if)#
SW3#
SW3#
SW3#
SW3#
SW3#
SW3#
*Mar  1 06:00:28.574: %SYS-5-CONFIG_I: Configured from console by console
SW3#c
Enter configuration commands, one per line.  End with CNTL/Z.
SW3(config)#int fa0/16
SW3(config-if)#mls qos monitor packets
QoS: This command is only applicable on a master port.
 On a 24 ports switch:
  -port 1 controls interface 1 to 12
  -port 13 controls interface 13 to 24
 On a 48 ports switch:
  -port 25 controls interface 25 to 36
  -port 37 controls interface 37 to 48
SW3(config-if)#
SW3(config-if)#
SW3(config-if)#int fa0/13
SW3(config-if)#mls qos monitor packets
SW3(config-if)#

SW2#ping 201.0.0.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 201.0.0.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
SW2#ping 202.0.0.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.0.0.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms

SW3#sh mls qos int fa0/16 statistics
FastEthernet0/16
Ingress
  dscp: incoming   no_change  classified policed    dropped (in pkts)
    0 : 14         4          0          0          0        
    8 : 0          0          5          0          0        
    16: 0          0          5          0          0        
Others: 0          0          0          0          0        
Egress
  dscp: incoming   no_change  classified policed    dropped (in pkts)
    0 : 5             n/a       n/a      0          0        
    8 : 5             n/a       n/a      0          0        
    16: 5             n/a       n/a      0          0        
Others: 69            n/a       n/a      0          0         

SW3#

Blog at WordPress.com.
Entries and comments feeds.