QoSCCNA 200-301

DSCP Marking Not Being Applied to Traffic

Presenting Symptom

Traffic is not being marked with the expected DSCP value, and QoS policies are not applying the correct markings.

Network Context

A small branch office with a Cisco 4321 ISR router running IOS XE 16.9 connects to an enterprise WAN. The router has a QoS policy configured to mark VoIP traffic (RTP) with DSCP EF (46) and signaling traffic (SIP) with DSCP AF41 (34). The policy is applied outbound on the WAN interface (GigabitEthernet0/0/1).

Diagnostic Steps

Verify QoS policy application on the interface

show policy-map interface GigabitEthernet0/0/1

  Service-policy output: QOS-POLICY
    Class-map: VOIP (match-all)
      5 packets, 520 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: ip dscp ef (46)
      QoS Set
        dscp ef
          Mark count: 0
    Class-map: SIGNALING (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: ip dscp af41 (34)
      QoS Set
        dscp af41
          Mark count: 0
    Class-map: class-default (match-any)
      100 packets, 10000 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

The policy is applied but the 'Mark count' is 0 for both VOIP and SIGNALING classes, indicating that no packets have been marked. This suggests the traffic is not matching the class maps as expected.

Check the class-map match criteria

show class-map VOIP

 Class Map match-all VOIP (id 1)
   Match   ip dscp ef (46)

The class-map is configured to match DSCP EF, but the traffic may not have DSCP EF set initially. The policy is intended to mark traffic, but the class-map is matching on DSCP, not on other fields like protocol or port. This is likely the root cause: the class-map should match on the traffic characteristics (e.g., protocol/port) rather than the DSCP value that is to be set.

Examine the policy-map configuration

show policy-map QOS-POLICY

  Policy Map QOS-POLICY
    Class VOIP
      set dscp ef
    Class SIGNALING
      set dscp af41
    Class class-default
      (no specific actions)

The policy-map correctly sets DSCP values, but the class-maps are matching on DSCP values that are not present in the traffic. The traffic (e.g., RTP) does not have DSCP EF initially, so it falls into class-default and never gets marked.

Check the actual traffic DSCP values

show access-lists | include RTP

Extended IP access list RTP
    10 permit udp any any range 16384 32767

The ACL for RTP traffic is defined but not used in the class-map. The class-map should use this ACL to match traffic, not the DSCP value.

Root Cause

The class-maps in the QoS policy are configured to match on DSCP values (e.g., 'match ip dscp ef') rather than matching on the actual traffic characteristics (e.g., protocol/port). Since the traffic does not have any DSCP marking initially, it never matches the class-maps, and the 'set dscp' action is never applied.

Resolution

Reconfigure the class-maps to match on traffic characteristics (e.g., protocol and port) instead of DSCP values. 1. Create class-maps with ACL-based match: class-map match-all VOIP match access-group name RTP class-map match-all SIGNALING match access-group name SIP 2. Ensure ACLs are defined: ip access-list extended RTP permit udp any any range 16384 32767 ip access-list extended SIP permit tcp any any eq 5060 permit udp any any eq 5060 3. Apply the policy-map to the interface (if not already applied): interface GigabitEthernet0/0/1 service-policy output QOS-POLICY

Verification

Run 'show policy-map interface GigabitEthernet0/0/1' and verify that the 'Mark count' increments for the VOIP and SIGNALING classes when traffic is generated. Expected output: Service-policy output: QOS-POLICY Class-map: VOIP (match-all) 10 packets, 1040 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group name RTP QoS Set dscp ef Mark count: 10 Class-map: SIGNALING (match-all) 5 packets, 500 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group name SIP QoS Set dscp af41 Mark count: 5

Prevention

1. Always match on the original traffic characteristics (protocol, port, source/destination IP) rather than the DSCP value you intend to set. 2. Use ACLs in class-maps for granular traffic identification. 3. Test QoS policies with traffic generators before deploying to production.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario tests understanding of QoS classification and marking. Questions may present a troubleshooting scenario where a QoS policy is not marking traffic, and the candidate must identify that the class-map is matching on the wrong criteria (e.g., matching on DSCP instead of ACL). The exam expects candidates to know that classification should be based on the original traffic attributes, not the marking to be applied.

Exam Tips

Remember that class-maps should match on the traffic's original characteristics (e.g., protocol/port) before marking, not on the DSCP value you want to set.

The 'show policy-map interface' command is crucial for verifying QoS statistics; look for 'Mark count' to see if marking is occurring.

Be aware that 'match ip dscp' is used for matching packets that already have a DSCP value, not for initial marking.

Commands Used in This Scenario

show class-map

Displays the configuration and match criteria of all class maps or a specific class map, used to verify QoS classification rules.

show policy-map

Displays the configuration and statistics of all policy maps applied to interfaces, used to verify QoS policies and monitor traffic class counters.

show policy-map interface

Displays the current QoS policy applied to an interface, including per-class statistics such as packets matched, bytes, and actions taken, used to verify and troubleshoot QoS configurations.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions