Wired Intelligent Edge (Campus Switching and Routing)

Occasional Contributor I

Class based QoS

 I'm attempting to roll out some internal QoS on our network.  We are a multi-vendor shop consisting of Cisco (Cat WS-3560), Meraki, and Aruba switches (S1500, S2500, and S3500 all running

I would like to mirror the marking, policing, and interface queueing profiles on our Arubas but am having problems with how to best approach it.

Here's what I do on the Ciscos:
1) Create an access-list defining destinations to mark
ip access-list extended BULK_DATA
 permit tcp any any eq 22
 permit tcp any any eq 465
 permit tcp any any eq 143
 permit tcp any any eq 993
2) Write a class-map for the ACL
class-map match-all BULK_DATA_CLASS
 match access-group name BULK_DATA
3) Create a policy-map which references the class map for DSCP marking and optional policing
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
4) Apply the policy-map to the interface ingress using service-policy
interface FastEthernet0/1
 switchport access vlan 20
 switchport mode access
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 spanning-tree portfast
 service-policy input CLASSIFY-POLICE-POLICY
How can I recreate this using the Arubas?  I have a spattering of S1500s, S2500s, and a couple S3500s and they all run
I've made a few policer-profiles and qos-profiles to set appropriate DSCP values but what is the appropriate approach to bring it all together? 
Trusted Contributor I

Re: Class based QoS

There's quite a bit of flexibility in regards to how you can apply QoS.  For instance, you can apply QoS to a user role, stateless ACL, or interface.  I suspect you want to apply QoS directly to the interface, so in your case do the following:


(switch) # interface gig #/#/#

(switch)(gigabitethernet "0/0/0") # qos-profile profile-name

(switch)(gigabitethernet "0/0/0") # policer-profile profile-name


If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor I

Re: Class based QoS

Thanks for the reply!


I think I figured this out.  My problem is that I was using extended ACLs to define services and not stateless ACLs.  Once I switched over to stateless, it let me apply the appropriate qos profiles.


Just to verify, if I wanted to tag ssh traffic as DSCP CS3:


netservice svc-ssh tcp 22


qos-profile "CS3"

    dscp 24



ip access-list stateless qos-ssh-cs3

    alias any any svc-ssh permit qos-profile cs3



On the Ciscos, I would then need to apply the ACL to any of the ports I wanted it to mark that traffic on but am I safe to assume the Aruba is now marking port 22 traffic as cs3?

Trusted Contributor I

Re: Class based QoS

Were you able to get this to work?  You'll need a permit any statement at the end of your ACL if applying directly to an interface, rather than a role with multiple ACLs.

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor I

Re: Class based QoS

Sorry for the late reply.  Small team, lots to do.

My vendor is extremely late in delivering a MAS to me that I was going to use to test this.  I've been told it will be delivered today and I will be able to run some tests next week and get a definitive answer.

Occasional Contributor I

Re: Class based QoS

OK, I got this working the way I want.


  • Add new netservice alias for our services
  • Create a qos-profile
  • Create a policer-profile that will remark as a lower priority if the threshold is passed
  • Create the ACL and apply the appropriate qos-profile and policer-profiles
  • Apply the ACL to an interface 


I am still confused on the following:

  • Do I need to also set the CoS/dot1p value for the qos-profiles if I'm setting the DSCP to the values I want?  Will the switch automatically use the correct queue?  I'm used to Cisco where I have to set the DSCP-to-CoS mapping manually.
  •  What does drop-precedence high/low set in a qos-profile?  I'm assuming it's in regards to tail-drop but I can't seem to find any solid information on that.
Search Airheads
Showing results for 
Search instead for 
Did you mean: