Edge QOS

Ian Jones · ‎05-10-2013

I am about to apply the following config to my edge switches -

on my edge switch ports there will either be phones, and laptops with softphones or just laptops with softphones

do I need this command on all ports or only ones that have a phone connected?

mls qos trust device cisco-phone

mls qos map policed-dscp 24 26 46 to 0

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue output cos-map queue 1 threshold 3 5

mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3 2 4

mls qos srr-queue output cos-map queue 4 threshold 2 1

mls qos srr-queue output cos-map queue 4 threshold 3 0

mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23

mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7

mls qos queue-set output 2 threshold 1 149 149 100 149

mls qos queue-set output 2 threshold 2 118 118 100 235

mls qos queue-set output 2 threshold 3 41 68 100 272

mls qos queue-set output 2 threshold 4 42 72 100 242

mls qos queue-set output 1 buffers 10 10 26 54

mls qos queue-set output 2 buffers 20 10 10 60

mls qos

class-map match-all CL_TRUST-CONTROL-PHONE

match ip dscp cs3 af31

class-map match-any CL_TRUST-VOICE-CIPC

match access-group name ACL_VoIP_RTP

class-map match-any CL_TRUST-CONTROL-CIPC

match access-group name ACL_VoIP_SIP

class-map match-all CL_TRUST-PHONE

match ip dscp ef

!

policy-map PO_TRUST-PHONE

class CL_TRUST-PHONE

police 320000 8000 exceed-action policed-dscp-transmit

set dscp ef

class CL_TRUST-CONTROL-PHONE

police 32000 8000 exceed-action policed-dscp-transmit

set dscp af31

class CL_TRUST-VOICE-CIPC

police 320000 8000 exceed-action policed-dscp-transmit

set dscp ef

class CL_TRUST-CONTROL-CIPC

police 32000 8000 exceed-action policed-dscp-transmit

set dscp af31

ip access-list extended ACL_VoIP_RTP

permit udp any range 16384 32767 any

ip access-list extended ACL_VoIP_SIP

permit tcp any any eq 5060

permit tcp any eq 5060 any

interface GigabitEthernet1/0/1

Description***Access_IP_Phone****

switchport access vlan xxx

switchport mode access

switchport nonegotiate

switchport voice vlan xxx

switchport port-security maximum 10

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

no logging event link-status

srr-queue bandwidth share 10 10 10 70

srr-queue bandwidth shape 10 0 0 0

queue-set 2

priority-queue out

no snmp trap link-status

mls qos trust cos

no cdp tlv server-location

no cdp tlv app

spanning-tree portfast

spanning-tree bpduguard enable

spanning-tree guard root

service-policy input PO_TRUST-PHONE

!

interface GigabitEthernet1/0/49

description Uplink

switchport mode trunk

switchport nonegotiate

ip arp inspection trust

srr-queue bandwidth share 10 10 10 70

srr-queue bandwidth shape 10 0 0 0

queue-set 2

priority-queue out

mls qos trust dscp

ip dhcp snooping trust

paolo bevilacqua · ‎05-10-2013

QoS is not really needed on gigabit-based LANs. It will actually cause drops and afftect performances. Others may differ, my adice is that unless is proven that is necessary (never seen a proven case), one does not do it.