Our firewall cannot set 802.1p priority, only DSCP. Since the switches consider 802.1p for classification we must match traffic on the switch and set the appropriate priority somehow:
1) by port
2) by IP address/network
3) map ToS 184 to Cos 5 generally
4) .... ? (feel free to comment)
Neither of these approaches work. We do not see the 802.1p priority being set on the egress port.
This is what we tried:
set policy profile 1 name PrioToVoIP cos-status enable cos 5
set policy rule admin-profile port ge.2.35 mask 16 port-string ge.2.35 admin-pid 1
We also tried all of:
set policy rule 1 ipdestsocket 172.16.0.0 mask 16 cos 5 (the destination network of Callserver-->phones)
set policy rule 1 iptos 184 mask 8 cos 5
set cos settings 5 tos-value 184.0
set cos state enable
Note: Port ge.2.35 is the port receiving the output traffic of the firewall (tagged vlans).
When I capture (port mirror) the egress port (in this case ge.2.41) neither of them shows the 802.1p prio properly set. I tried Remote GRE mirror and local port mirror.
PBX ----> Firewall ----------> ge.2.35 -- Switch -- ge.2.41 -------> ......
I found this: https://gtacknowledge.extremenetworks.com/articles/Solution/CoS-not-working-as-expected-on-SSA-runni...
Could this be related?
Anyone have an idea?
PS: QoS is pain.