- QoS CLI Index
- New and Changed Content for QoS CLI Config Guide
- Preface
- Overview
- Using Modular QoS CLI
- Configuring Classification
- Configuring Marking
- Configuring Mutation Mapping
- Configuring Policing
- Configuring Queuing and Scheduling
- Network QoS Policy Configuration
- Configuring Queuing and Scheduling on F1 Modules
- Configuring Priority Control
- Monitoring QoS Statistics
- Limits Appendix
- Additional References Appendix
Configuring Marking
This chapter describes how to configure the marking features on the Cisco NX-OS device that you can use to define the class of traffic to which the packet belongs.
Information About Marking
Marking is a method that you use to modify the QoS fields of the incoming and outgoing packets. The QoS fields that you can mark are CoS in Layer 2, and IP precedence and Differentiated Service Code Point (DSCP) in Layer 3. The QoS group and discard class are two labels local to the system that you can assign intermediate marking values. You can use these two labels to determine the final values marked in a packet.
You can use marking commands in traffic classes that are referenced in a policy map. The marking features that you can configure are listed in Table 4-1 .
Unless noted as a restriction, you can apply marking features to both incoming and outgoing packets.
Licensing Requirements for Marking
The following table shows the licensing requirements for this feature:
However, using virtual device contexts (VDCs) requires an Advanced Services license.
Prerequisites for Marking
Marking has the following prerequisites:
- You must be familiar with Chapter3, “Using Modular QoS CLI”
- You are logged on to the switch.
- You are in the correct VDC. A VDC is a logical representation of a set of system resources. You can use the switchto vdc command with a VDC number.
Guidelines and Limitations
Marking has the following configuration guidelines and limitations:
- The set cos command can only be used in ingress policies when no other set commands are used for the same packet for egress.
- You can use only the set qos-group command in ingress policies.
- You can use only the set discard-class command in ingress policies.
- When PIM is enabled on the switch virtual interface (SVI), you cannot mark the layer-2 switched multicast traffic on that VLAN.
Configuring Marking
You can combine one or more of the marking features in a policy map to control the setting of QoS values. You can then apply policies to either incoming or outgoing packets on an interface.
This section includes the following topics:
- Configuring DSCP Marking
- Configuring IP Precedence Marking
- Configuring CoS Marking
- Configuring QoS Group Marking
- Configuring Discard Class Marking
- Configuring Ingress and Egress Marking
- Configuring DSCP Port Marking
- Configuring Table Maps for Use in Marking
- Configuring Marking Using Table Maps

Note Do not press Enter after you use the set command and before you add the rest of the command. If you press Enter directly after entering the set keyword, you will be unable to continue to configure with the QoS configuration.
Configuring DSCP Marking

Note If you configure this value, you cannot configure the discard-class value (see the “Configuring Discard Class Marking” section).
You can set the DSCP value in the six most significant bits of the DiffServ field of the IP header to a specified value. You can enter numeric values from 0 to 60, in addition to the standard DSCP values shown in Table 4-2 .
|
|
---|---|
SUMMARY STEPS
2. policy-map [ type qos ] [ match-first ] { qos-policy-map-name | qos-dynamic }
3. class [ type qos ] { class-map-name | qos-dynamic | class-default } [ insert-before before-class-map-name ]
DETAILED STEPS
|
|
|
---|---|---|
policy-map [ type qos ] [ match-first ] [ qos - policy-map-name | qos-dynamic ] |
Creates or accesses the policy map named qos- policy-map-name, and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
|
class [ type qos ] { class-map-name | qos-dynamic | class-default } [ insert-before before-class-map-name ] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
|
Sets the DSCP value to dscp-value. Standard values are shown in Table 4-2 . |
This example shows how to display the policy-map configuration as shown below:
Configuring IP Precedence Marking
You can set the value of the IP precedence field in bits 0–2 of the IPv4 type of service (ToS) field of the IP header.

Note The device rewrites the last 3 bits of the ToS field to 0 for packets that match this class.
Table 4-3 shows the precedence values.
|
|
---|---|
SUMMARY STEPS
2. policy-map [ type qos ] [ match-first ] { qos-policy-map-name | qos-dynamic }
3. class [ type qos ] { class-map-name | qos-dynamic | class-default} [ insert-before before-class-map-name ]
DETAILED STEPS
|
|
|
---|---|---|
policy-map [ type qos ] [ match-first ] [ qos-policy-map-name | qos-dynamic ] |
Creates or accesses the policy map named qos- policy-map-name, and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
|
class [ type qos ] { class-map-name | qos-dynamic | class-default } [ insert-before before-class-map-name ] |
Creates a reference to class-map-name and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
|
set precedence precedence-value |
Sets the IP precedence value to precedence-value. The value can range from 0 to 7. You can enter one of the values shown in Table 4-3 . |
This example shows how to display the policy-map configuration:
Configuring CoS Marking
You can set the value of the CoS field in the high-order three bits of the VLAN ID Tag field in the IEEE 802.1Q header.
SUMMARY STEPS
2. policy-map [ type qos ] [ match-first ] { qos-policy-map-name | qos-dynamic }
3. class [ type qos ] { class-map-name | qos-dynamic | class-default} [ insert-before before-class-map-name ]
DETAILED STEPS
This example shows how to display the policy-map configuration:
Configuring QoS Group Marking
You can set the value of the internal label QoS group, which is only locally significant. You can reference this value in subsequent policy actions or classify traffic that is referenced in egress policies by using the match qos-group class-map command.

Note You can set QoS group only in ingress policies.
SUMMARY STEPS
2. policy-map [ type qos ] [ match-first ] { qos-policy-map-name | qos-dynamic }
3. class [ type qos ] { class-map-name | qos-dynamic | class-default} [ insert-before before-class-map-name ]
DETAILED STEPS
This example shows how to display the policy-map configuration:
Configuring Discard Class Marking

Note If you configure this value, you cannot configure the DSCP value. See the “Configuring DSCP Marking” section.
You can set the value of the internal label discard class, which is locally significant only. You can reference this value in subsequent policy actions or classify traffic that is referenced in egress policies by using the match discard-class class-map command.

Note You can set the discard class only in ingress policies.
SUMMARY STEPS
2. policy-map [ type qos ] [ match-first ] { qos-policy-map-name | qos-dynamic }
3. class [ type qos ] { class-map-name | qos-dynamic | class-default} [ insert-before before-class-map-name ]
DETAILED STEPS
|
|
|
---|---|---|
policy-map [ type qos ] [ match-first ] {qos-policy-map-name | qos-dynamic } |
Creates or accesses the policy map named qos- policy-map-name, and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
|
class [ type qos ] { class-map-name | qos-dynamic | class-default } [ insert-before before-class-map-name ] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
|
set discard-class discard-class-value |
Sets the discard class value to discard-class-value. The value can range from 0 to 63. Note For information on using table maps with marking, see the “Configuring Marking Using Table Maps” section. |
This example shows how to display the policy-map configuration:
Configuring Ingress and Egress Marking
You can apply the marking instructions in a QoS policy map to ingress or egress packets by attaching that QoS policy map to an interface. To select ingress or egress, you specify either the input or output keyword in the service-policy command. For detailed instructions, see the “Attaching and Detaching a QoS Policy Action from an Interface” section.
Configuring DSCP Port Marking
You can set the DSCP value for each class of traffic defined in a specified ingress policy map.
The default behavior of the device is to preserve the DSCP value, or to trust DSCP. To make the port untrusted, change the DSCP value. Unless you configure a QoS policy and attach that policy to specified interfaces, the DSCP value is preserved.

Note ● You can attach only one policy type qos map to each interface in each direction.
- The DSCP value is trust on the Layer 3 port of a Cisco NX-OS device.
- If the default policy-map policy is used, DSCP maps to a relevant CoS value and the queuing works correctly.
- If a customer policy is used, you must manually set the DSCP value to map to a CoS value so that the traffic is queued to the correct queue.
SUMMARY STEPS
2. policy-map [ type qos ] [ match-first ] { qos-policy-map-name | qos-dynamic }
3. class [ type qos ] { class-map-name | qos-dynamic | class-default} [ insert-before before-class-map-name ]
6. class [ type qos ] { class-map-name | qos-dynamic | class-default} [ insert-before before-class-map-name ]
9. class [ type qos ] { class-map-name | qos-dynamic | class-default} [ insert-before before-class-map-name ]
12. interface ethernet { slot / port }
13. service-policy [ type qos ] { input | output } { policy-map-name | qos-dynamic } [ no-stats ]
DETAILED STEPS
|
|
|
---|---|---|
policy-map [ type qos ] [ match-first ] [qos- policy-map-name | qos-dynamic ] |
Creates or accesses the policy map named qos- policy-map-name and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
|
class [ type qos ] { class-map-name | qos-dynamic | class-default } [ insert-before before-class-map-name ] |
Creates a reference to class-map-name and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
|
Sets the DSCP value to dscp-value. Valid values are shown in Table 4-2 . |
||
class [ type qos ] { class-map-name | qos-dynamic | class-default } [ insert-before before-class-map-name ] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
|
Sets the DSCP value to dscp-value. Valid values are shown in Table 4-2 . |
||
class [ type qos ] { class-map-name | qos-dynamic | class-default } [ insert-before before-class-map-name ] |
Creates a reference to class-map-name, and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
|
Sets the DSCP value to dscp-value. Valid values are shown in Table 4-2 . |
||
interface ethernet {slot/port} |
||
service-policy [type qos] {input | output} { policy-map-name | qos-dynamic} [no-stats] |
Adds policy-map-name to the input packets of the interface. You can attach only one input policy and one output policy to an interface. |
This example shows how to display the policy-map configuration:
Configuring Table Maps for Use in Marking
You can use the system-defined table maps to define the mapping of values from one variable to another from a source QoS field to a destination QoS field. For the list of system-defined table maps, see Chapter3, “Using Modular QoS CLI” The source and destination fields are determined by the context of the table map in the set and police commands. For information about table maps, see the “Configuring Marking Using Table Maps” section.

Note The system-defined table maps are not configurable. To display the current values, enter the show table map command.
Use the default command to define the destination value of unmapped source values. By default, unmapped values are copied to the destination value, so that the destination value is the same as the source value. The ignore variable for the default command is no longer supported.

Note You can use only one of the system-defined, table maps in this procedure. For information on the system-defined table maps, see Chapter3, “Using Modular QoS CLI”
Configuring Marking Using Table Maps
You can use the system-defined table maps to perform marking in the set and police policy map class commands.

Note For the list of system-defined table maps, see Chapter3, “Using Modular QoS CLI”
A source field and destination field are specified in the command that maps to the source and destination values supplied in the referenced table map. The QoS fields that can be used in these commands are listed in Table 4-4 .
|
|
---|---|
Locally significant values that can be matched and manipulated within the system. The range is from 0 to 63. |
By using the system-defined table maps, you cannot change unlike values, but you can only change one value to another when it is the same variable. You can use the markdown system-defined table maps for the exceed or violate action of the police command by using the same syntax as the set command.

Note The internal label QoS group is not supported through table maps.

Note Marking down in the police command requires the use of a table map.
For information on the police command, see Chapter6, “Configuring Policing”
SUMMARY STEPS
2. policy-map [ type qos ] [ match-first ] { qos-policy-map-name | qos-dynamic }
3. class [ type qos ] { class-map-name | qos-dynamic | class-default} [ insert-before before-class-map-name ]
4. set { cos | dscp | discard-class | precedence | discard-class } { cos | dscp | discard-class | precedence | discard-class } table-map-name
DETAILED STEPS
|
|
|
---|---|---|
policy-map [ type qos ] [ match-first ] {qos- policy-map-name | qos-dynamic } |
Creates or accesses the policy map named qos- policy-map-name, and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
|
class [ type qos ] { class-map-name | qos-dynamic | class-default } [ insert-before before-class-map-name ] |
Creates a reference to class-map-name and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
|
set {cos | dscp | discard-class | precedence | discard-class} {cos | dscp | discard-class| precedence | discard-class} table-map-name |
Sets the first packet field to the value of the second packet field based on the mapping values specified in the referenced table-map-name. Note The table-map-name must be the name of one of the system-defined table maps, which are not configurable, listed in Chapter3, “Using Modular QoS CLI” You cannot use the name of a user-defined table in this procedure. The example shows that CoS is replaced by DSCP based on the system-defined cos-dscp-map. |
|
This example shows how to display the policy1 policy-map configuration:
Verifying the Marking Configuration
To display the marking configuration information, perform one of the following tasks:
|
|
---|---|
Configuration Examples for Marking
The following example shows how to configure marking:
Feature History for Marking
Table 4-5 lists the release history for this feature.
|
|
|
---|---|---|