The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure the marking features on the Cisco NX-OS device that you can use to define the class of traffic to which the packet belongs.
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the Feature History table in this chapter.
Marking is a method that you use to modify the QoS fields of the incoming and outgoing packets. The QoS fields that you can mark are CoS in Layer 2, and IP precedence and Differentiated Service Code Point (DSCP) in Layer 3. The QoS group and discard class are two labels local to the system that you can assign intermediate marking values. You can use these two labels to determine the final values marked in a packet.
You can use marking commands in traffic classes that are referenced in a policy map. The marking features that you can configure are listed in the table below.
|
Marking Feature |
Description |
||
|---|---|---|---|
|
DSCP |
Layer 3 DSCP.
|
||
|
IP precedence |
Layer 3 IP precedence.
|
||
|
CoS |
Layer 2 class of service (CoS). |
||
|
QoS group |
Locally significant QoS values that can be manipulated and matched within the system. The range is from 1 to 126. |
||
|
Discard class |
Locally significant values that can be matched and manipulated within the system. The range is from 0 to 63. If you manipulate this discard class value, you cannot manipulate dscp values and vice-versa. |
||
|
Ingress and egress ports |
Status of the marking applies to incoming or outgoing packets. |
||
|
Using table maps |
Method to use table maps for marking. |
Unless noted as a restriction, you can apply marking features to both incoming and outgoing packets.
Marking has the following prerequisites:
You must be familiar with Using Modular QoS CLI
You are logged on to the switch.
You are in the correct VDC. A VDC is a logical representation of a set of system resources. You can use the switchto vdc command with a VDC number.
Marking has the following configuration guidelines and limitations:
The set cos command can only be used in ingress policies when no other set commands are used for the same packet for egress.
The set qos-group command can only be used in ingress policies.
The set discard-class command can only be used in ingress policies.
When PIM is enabled on the switch virtual interface (SVI), you cannot mark the Layer 2 switched multicast traffic on that VLAN.
Egress QoS policies on Layer 2 ports are not supported on VDCs of any module type.
M1 and/or M2 plus an F2e
M1
M2 and F3
M3 and F3
F2 and/or F2e
F3
Egress policies on VLAN configurations do not support set match on CoS.
Egress policies on VLAN configurations do not support set QoS group or discard class.
Proxy-routed marking from F1 and/or F2e modules to M modules is not supported on the Layer 2 ingress port. However, marking that is applied under the VLAN is supported on the Layer 2 ingress port.
You can combine one or more of the marking features in a policy map to control the setting of QoS values. You can then apply policies to either incoming or outgoing packets on an interface.
Do not press Enter after you use the set command and before you add the rest of the command. If you press Enter directly after entering the set keyword, you will be unable to continue to configure with the QoS configuration.
 Note |
If you configure this value, you cannot configure the discard-class value (see the “Configuring Discard Class Marking” section). |
You can set the DSCP value in the six most significant bits of the DiffServ field of the IP header to a specified value. You can enter numeric values from 0 to 60, in addition to the standard DSCP values shown in the table below.
|
Value |
List of DSCP Values |
|---|---|
|
af11 |
AF11 dscp (001010)—decimal value 10 |
|
af12 |
AF12 dscp (001100)—decimal value 12 |
|
af12 |
AF13 dscp (001110)—decimal value 14 |
|
af21 |
AF21 dscp (010010)—decimal value 18 |
|
af22 |
AF22 dscp (010100)—decimal value 20 |
|
af23 |
AF23 dscp (010110)—decimal value 22 |
|
af31 |
AF31 dscp (011010)—decimal value 26 |
|
af31 |
AF40 dscp (011100)—decimal value 28 |
|
af33 |
AF33 dscp (011110)—decimal value 30 |
|
af41 |
AF41 dscp (100010)—decimal value 34 |
|
af42 |
AF42 dscp (100100)—decimal value 36 |
|
af43 |
AF43 dscp (100110)—decimal value 38 |
|
cs1 |
CS1 (precedence 1) dscp (001000)—decimal value 8 |
|
cs2 |
CS2 (precedence 2) dscp (010000)—decimal value 16 |
|
cs3 |
CS3 (precedence 3) dscp (011000)—decimal value 24 |
|
cs4 |
CS4 (precedence 4) dscp (100000)—decimal value 32 |
|
cs5 |
CS5 (precedence 5) dscp (101000)—decimal value 40 |
|
cs6 |
CS6 (precedence 6) dscp (110000)—decimal value 48 |
|
cs7 |
CS7 (precedence 7) dscp (111000)—decimal value 56 |
|
default |
Default dscp (000000)—decimal value 0 |
|
ef |
EF dscp (101110)—decimal value 46 |
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
| Step 3 |
switch(config-pmap)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 4 |
switch(config-pmap-c-qos)# set dscp dscp-value |
Sets the DSCP value to dscp-value . Standard values are shown in the table above. When the QoS policy is applied on the VLAN configuration level, the DSCP value derives the CoS value for bridged and routed traffic from the 3 most significant DSCP bits. |
This example shows how to display the policy-map configuration:
switch# show policy-map policy1You can set the value of the IP precedence field in bits 0–2 of the IPv4 type of service (ToS) field of the IP header.
Note |
The device rewrites the last 3 bits of the ToS field to 0 for packets that match this class. |
The table below shows the precedence values.
|
Value |
List of Precedence Values |
|---|---|
|
0-7 |
IP precedence value |
|
critical |
Critical precedence (5) |
|
flash |
Flash precedence (3) |
|
flash-override |
Flash override precedence (4) |
|
immediate |
Immediate precedence (2) |
|
internet |
Internetwork control precedence (6) |
|
network |
Network control precedence (7) |
|
priority |
Priority precedence (1) |
|
routine |
Routine precedence (0) |
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
| Step 3 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 4 |
switch(config-pmap-c-qos)# set precedence precedence-value |
Sets the IP precedence value to precedence-value . The value can range from 0 to 7. You can enter one of the values shown in the table above. |
This example shows how to display the policy-map configuration:
switch# show policy-map policy1You can set the value of the CoS field in the high-order three bits of the VLAN ID Tag field in the IEEE 802.1Q header.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
| Step 3 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 4 |
switch(config-pmap-c-qos)# set cos cos-value |
Sets the CoS value to cos-value . The value can range from 0 to 7. |
This example shows how to display the policy-map configuration:
switch# show policy-map policy1You can set the value of the internal label QoS group, which is only locally significant. You can reference this value in subsequent policy actions or classify traffic that is referenced in egress policies by using the match qos-group class-map command.
Note |
You can set the QoS group only in ingress policies. |
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
| Step 3 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 4 |
switch(config-pmap-c-qos)# set qos-group qos-group-value |
Sets the QoS group value to qos-group-value . The value can range from 1 to 126. |
This example shows how to display the policy-map configuration:
switch# show policy-map policy1If you configure this value, you cannot configure the DSCP value. See the “Configuring DSCP Marking” section.
You can set the value of the internal label discard class, which is locally significant only. You can reference this value in subsequent policy actions or classify traffic that is referenced in egress policies by using the match discard-class class-map command.
Note |
You can set the discard class only in ingress policies. |
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
||
| Step 2 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
||
| Step 3 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
||
| Step 4 |
switch(config-pmap-c-qos)# set discard-class qos-group-value |
Sets the discard class value to discard-class-value . The value can range from 0 to 63.
|
This example shows how to display the policy-map configuration:
switch# show policy-map policy1You can apply the marking instructions in a QoS policy map to ingress or egress packets by attaching that QoS policy map to an interface. To select ingress or egress, you specify either the input or output keyword in the service-policy command. For detailed instructions, see the “Attaching and Detaching a QoS Policy Action” section.
You can set the DSCP value for each class of traffic defined in a specified ingress policy map.
The default behavior of the device is to preserve the DSCP value or to trust DSCP. To make the port untrusted, change the DSCP value. Unless you configure a QoS policy and attach that policy to specified interfaces, the DSCP value is preserved.
Note |
|
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
| Step 3 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 4 |
switch(config-pmap-c-qos)# set dscp dscp-value |
Sets the DSCP value to dscp-value . Valid values are shown in Table 1. |
| Step 5 |
switch(config-pmap-c-qos)# exit |
Returns to policy-map configuration mode. |
| Step 6 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 7 |
switch(config-pmap-c-qos)# set dscp dscp-value |
Sets the DSCP value to dscp-value . Valid values are shown in Table 1. |
| Step 8 |
switch(config-pmap-c-qos)# exit |
Returns to policy-map configuration mode. |
| Step 9 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 10 |
switch(config-pmap-c-qos)# set dscp dscp-value |
Sets the DSCP value to dscp-value . Valid values are shown in Table 1. |
| Step 11 |
switch(config-pmap-c-qos)# exit |
Returns to policy-map configuration mode. |
| Step 12 |
switch(config)# interface ethernet {slot/port} |
Enters interface mode to configure the Ethernet interface. |
| Step 13 |
switch(config-if)#service-policy [type qos] {input | output} {policy-map-name | qos-dynamic} [no-stats] |
Adds policy-map-name to the input packets of the interface. You can attach only one input policy and one output policy to an interface. |
This example shows how to display the policy-map configuration:
switch# show policy-map policy1You can use the system-defined table maps to define the mapping of values from one variable to another from a source QoS field to a destination QoS field. For the list of system-defined table maps, see “Using Modular QoS CLI.” The source and destination fields are determined by the context of the table map in the set and police commands. For information about table maps, see the “Configuring Marking Using Table Maps” section.
The system-defined table maps are not configurable. To display the current values, enter the show table map command.
Use the default command to define the destination value of unmapped source values. By default, unmapped values are copied to the destination value, so that the destination value is the same as the source value. The ignore variable for the default command is no longer supported.
Note |
You can use only one of the system-defined table maps in this procedure. For information on the system-defined table maps, see “Using Modular QoS CLI.” |
You can use the system-defined table maps to perform marking in the set and police policy map class commands.
Note |
For the list of system-defined table maps, see “Using Modular QoS CLI.” |
A source field and destination field are specified in the command that maps to the source and destination values supplied in the referenced table map. The QoS fields that can be used in these commands are listed in the table below.
|
QoS Table Map Field |
Description |
|---|---|
|
CoS |
Class of service field in the 802.1Q header. |
|
DSCP |
Differentiated Services Code Point in the IP header. |
|
IP precedence |
Bits 0–2 of the IPv4 ToS field. |
|
Discard class |
Locally significant values that can be matched and manipulated within the system. The range is from 0 to 63. |
By using the system-defined table maps, you cannot change unlike values, but you can only change one value to another when it is the same variable. You can use the markdown system-defined table maps for the exceed or violate action of the police command by using the same syntax as the set command.
Note |
The internal label QoS group is not supported through table maps. |
Note |
Marking down in the police command requires the use of a table map. |
For information on the police command, see “Configuring Policing.”
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
||
| Step 2 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
||
| Step 3 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
||
| Step 4 |
switch(config-pmap-c-qos)# set {cos | dscp | discard-class | precedence | discard-class} {cos | dscp | discard-class | precedence | discard-class} table-map-name |
Sets the first packet field to the value of the second packet field based on the mapping values specified in the referenced table-map-name .
|
||
| Step 5 |
switch(config-pmap-c-qos)# exit |
Returns to policy-map configuration mode. |
This example shows how to display the policy1 policy-map configuration:
switch# show policy-map policy1To display the marking configuration information, perform one of the following tasks:
|
Command |
Purpose |
|---|---|
| show table-map |
Displays all table maps. |
| show policy-map |
Displays all policy maps. |
The following example shows how to configure marking:
configure terminal
policy-map type qos untrust_dcsp
class class-default
set dscp 0
policy-map type queuing untrust_1Gport_policy
class type queuing 2q4t-in-q-default
set cos 0
policy-map type queuing untrust_10Gport_policy
class type queuing 8q2t-in-q-default
set cos 0The table below summarizes the new and changed features for this document and shows the releases in which each feature is supported. Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release.
|
Feature Name |
Release |
Feature Information |
|---|---|---|
|
set cos command |
5.0(3) |
Support for set cos command in ingress policies. |
Feedback