Você está na página 1de 2

Cisco Catalyst 3650/3850 QoS Design At-A-Glance

Role in Campus Network Figure 2 Catalyst 3650/3850 2P6Q3T (Wired Port)

The Catalyst 3650/3850 series switches are engineered Conditional Trust Model Egress Queuing Model
to serve as a converged access switch in wired and The Conditional Trust model configures the interface
wireless campus networks. As such, these switches to dynamically accept markings from endpoints that
Application DSCP 2P6Q3T

may connect directly to a variety of endpoints and have met a specific condition, such as a successful Network Control (CS7) EF PQ Level 1 (10%)

distribution-layer switches, as shown in Figure 1. CDP negotiation (switch ports set to conditional trust Internetwork Control CS6 CS5
PQ Level 2 (20%)
Figure 1 Cisco Catalyst 3650/3850 Switch in a are shown as green circles in Figure 1). VoIP EF

Campus Network This model is suitable for switch ports connecting to: Broadcast Video CS5
CS7 & CS6 Q6
CS3 & CS2 (BWR 10%)

• Cisco IP phones—trust device cisco-phone Multimedia Conferencing AF4

AF4 (BWR 10% + WTD)
Realtime Interactive CS4
• Cisco TelePresence Systems—trust device cts
Multimedia Streaming AF3 Q4
• Cisco IP Video Surveillance cameras—trust AF3 (BWR 10%
+ DSCP-based WTD)
device ip-camera Signaling CS3
(BWR 10%
Cisco Digital Media Players—trust device media-
Transactional Data AF2 AF2

• + DSCP-based WTD)

player Network Management CS2

AF1 Q2

QoS Design Steps This model is also suitable for PCs and untrusted Bulk Data AF1
(BWR 5%
+ DSCP-based WTD)
devices, since the ports connecting to such devices Best Effort
Scavenger DF
There are two main steps to configure QoS on Cisco will remain in their default untrusted state (shown as Best Effort DF DF Q1 (BWR 25%)
Catalyst 3650/3850 series switches: black circles in Figure 1).
1. Configure Ingress QoS Model(s): Step 2b: Configure Egress Queuing for Wireless
Service Policy Models Ports
– Trust DSCP Model
There may be cases where administrators require The Catalyst 3650/3850 switch supports two levels of
– Conditional Trust Model (wired ports only)
more detailed or granular policies on their ingress priority queueing on wireless ports, as well as one
– Service Policy Models edges and as such they may construct MQC-based non-priority queue for unicast traffic and one non-
2. Configure Egress Queuing policies to implement classification, marking, and/or priority queue for multicast traffic. The switch also
– Wired Queuing Models: 1P7Q3T or 2P6Q3T policing policies. These policies are constructed with: supports a bandwidth control algorithm, Approximate
– Wireless Queuing Model: 2P2Q+AFD • class-maps which identify the flows using packet Fair Drop (AFD), to provide fairness between radios,
markings or by access-lists or other criteria. As SSIDs, and even individual clients
Step 1: Configure Ingress QoS Model(s) of IOS XE 16.3 NBAR2 classification on wired Figure 3 Catalyst 3650/3850 2P2Q+AFD (Wireless
The three most utilized ingress QoS models for campus ports is also supported.
Port) Egress Queuing Model
networks are: • policy-maps which specify policy actions to be
• Trust DSCP Model taken on a class-by-class basis
Application DSCP 2P2Q + AFD

• Conditional Trust • service-policy statements which apply a specific Voice EF

Model policy-map to an interface(s) and specify Multicast Queue

direction Interactive Video CS4

• Service Policy Models AF3
On the Catalyst 3650/3850, service policies may be
Combinations of these ingress QoS models may be AF2 Unicast Queue
applied to wired or wireless ports (shown as red
Streaming Video AF3
used at the same time. DF (63%)

circles in Figure 1) or to individual wireless clients Signaling CS3

Trust DSCP Model (shown as purple circles in Figure 1). Network Control CS6

Wired ports on the Catalyst 3650/3850 default to a Step 2a: Configure Egress Queuing for Wired Ports CS4
Priority Queue 2
Transactional Data AF2
trusted state (shown as orange circles in Figure 1). CS3
Wired ports can be configured with a 1P7Q3T or
Prior to IOS XE 3.3 SE wireless ports defaulted to an
2P6Q3T egress queuing model. The only difference
Best Effort DF
CS6 Priority Queue 1
untrusted state. However, wireless ports could also be

between the models is the number of priority queues Scavenger CS1 EF
configured to be trusted by the global configuration
configured via the priority level 1 or priority level 2
command: no qos wireless-default-untrust.
policy-map action commands.
Campus Cisco Catalyst 3650/3850 QoS Design At-A-Glance

IOS XE 16.3 AVC / NBAR2 Policy Example

An example design for a Catalyst 3650/3850 series policy-map NBAR-MARKING class MULTIMEDIA-STREAMING-QUEUE
switch in the role of a converged access switch in a class VOICE bandwidth remaining percent 10
campus network are presented below. set dscp ef queue-buffers ratio 10
class BROADCAST-VIDEO queue-limit dscp af33 percent 80
set dscp cs5 queue-limit dscp af32 percent 90
Step 1: Configure Ingress QoS Model : class REAL-TIME-INTERACTIVE queue-limit dscp af31 percent 100
Trust DSCP Model:
class CALL-SIGNALING bandwidth remaining percent 10
Wired Ports : <default>
Wireless Ports: <default since IOS XE 3.3 SE> set dscp cs3 queue-buffers ratio 10
class TRANSACTIONAL-DATA queue-limit dscp af23 percent 80
Conditional Trust Model: set dscp af21 queue-limit dscp af22 percent 90
trust device cisco-phone or class BULK-DATA queue-limit dscp af21 percent 100
trust device cts or set dscp af11 class SCAVENGER-BULK-DATA-QUEUE
trust device ip-camera or class SCAVENGER bandwidth remaining percent 5
trust device media-player set dscp cs1 queue-buffers ratio 10
class class-default queue-limit dscp values af13 cs1 percent 80
Service Policy Models (Wired ): set dscp default queue-limit dscp values af12 percent 90
queue-limit dscp values af11 percent 100
class-map match-any VOICE Wired Port Application: class class-default
match protocol cisco-phone interface GigabitEthernet 1/0/1 bandwidth remaining percent 25
match protocol cisco-jabber-audio service-policy input NBAR-MARKING queue-buffers ratio 25
match protocol ms-lync-audio
match protocol citrix-audio
Wireless SSID Application:
Wired Port Application:
wlan WLAN-1
class-map match-any BROADCAST-VIDEO service-policy input MARKER
interface GigabitEthernet 1/0/1
match protocol cisco-ip-camera service-policy output 2P6Q3T
class-map match-any REAL-TIME-INTERACTIVE Per-Wireless-Client Application:
match protocol telepresence-media wlan WLAN-1 Step 2b: Configure 2P2Q+AFD Egress Queuing on
class-map match-any CALL-SIGNALING service-policy client input MARKER
Wireless Ports :
match protocol skinny
match protocol telepresence-control Step 2a: Configure 1P7Q3T or 2P6Q3T Egress Queuing
policy-map port_child_policy
class-map match-any TRANSACTIONAL-DATA on Wired Ports (2P6Q3T Example is shown) :
class non-client-nrt-class
match protocol citrix bandwidth remaining ratio 7
match protocol sap policy-map 2P6Q3T
class RT1
priority level 1
class-map match-any BULK-DATA class VOICE-PQ1
police rate percent 10
match protocol attribute category email priority level 1
conform-action transmit
match protocol attribute category file- police rate percent 10
exceed-action drop
sharing class VIDEO-PQ2
class RT2
match protocol attribute sub-category priority level 2
priority level 2
backup-systems police rate percent 20
police rate percent 20
class-map match-any SCAVENGER class CONTROL-MGMT-QUEUE
conform-action transmit
match protocol attribute category gaming bandwidth remaining percent 10
exceed-action drop
match protocol attribute application-group queue-buffers ratio 10
class class-default
bandwidth remaining ratio 63
bandwidth remaining percent 10
queue-buffers ratio 10
queue-limit dscp af43 percent 80
Note: This policy is applied automatically to all
queue-limit dscp af42 percent 90 wireless ports and thus no explicit service-
queue-limit dscp af41 percent 100 policy attachment statement is needed.

Note: Yellow highlighted commands are interface specific; otherwise these are global.

Copyright © 2015 Cisco Systems, Inc. All rights reserved. Cisco, the Cisco logo, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.