cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1408
Views
0
Helpful
4
Replies

Settings on a 3750X for QOS

gp1200x
Level 2
Level 2

I have a question about QOS on some switch ports.....

Lets say I apply QOS to a switch automatically with the mls and auto commands to generate the QOS on ports 3 -24 and the result is shown on port 3. 

On port 2 I want to code all incoming packets from an ASA to be marked cos 5 so they have priority once they enter the switchport and network.

Is what I have configured on port 2 sufficient? Do I also need the service policy command line applied to this port also?  I want ALL packets entering on port 2 to be marked cos 5.  Which bold commands do I have to have on the port and which can be eliminated or what needs to be added?    THANKS!

Setup on switchports in question is below:

interface GigabitEthernet1/0/2
description ASA-VOICE
switchport access vlan 594
switchport port-security maximum 3
switchport port-security aging time 3
switchport port-security aging type inactivity
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos cos 5
mls qos cos override
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 229
switchport mode access
switchport voice vlan 594
switchport port-security maximum 3
switchport port-security aging time 3
switchport port-security aging type inactivity
switchport port-security
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

1 Accepted Solution

Accepted Solutions

The reason we mark on the switch is so that the packet is trusted but with Cisco phones the phone itself marks the packet at the source(best practice) with a dscp of EF so all you really need to do it if you just want phones given priority and the markings carried through is yes use mls trust dscp at the edge and trunk port , you can still turn on mls qos globally  , auto qos is not required some switches support both mls and autoqos you can use both or just 1 but you will see if you get a standard switch and just use mls the voice packet markings are still the same.mls qos trust dscp on access ports and trunk ports if there 3750xs will do as they support full dscp , if its an older switch sometimes you will see like 2950s they only support cos so we have to use cos at access port then re-map it to dscp , when the switch supports dscp and mls you can just do it that way , there are multiple ways to mark the traffic but you don't have to use mls and auto qos together its overkill but saying that wont do any harm

The vpn should not remove an EF tag as its all encapsulated , packet marking should still be contained within

The main thing to check is your packets are still using the markings after they pass through the switch and ASA and are carrying them upstream , wireshark is probably the best way to see this

View solution in original post

4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

Thats fine what you have any packets coming into that port will be assigned a cos value of 5 , if its voip traffic though the packet should already be set with cos 5 EF46 from the source so you should only have to use mls qos trust dscp to carry the current markings

as well on port g1/0/3 all you need if a phone is connected is mls qos trust dscp the phone is already marking the packet if its cisco , adding auto qos creates queues in hardware not really required

always use DSCP instead of cos where possible , cos marks at L2 header while DSCP marks at L3 , if your using cos make sure you map the cos-dscp mls qos map cos-dscp 0 8 16 24 32 46 48 56 on the local switch , if the ports can trust DSCP use that , cos is becoming legacy

The packets coming into the switch from this ASA should almost all be voice but whether or not they are still marked after going through VPN tunnels is questionable without me doing more research..which is why I just mark them,

I use the mls qos trust dscp on all my layer 3 connections between distribution stacks and cores and have the mls qos map cos-dscp 0 8 etc   on all switches

We only use Cisco 79xx phones exclusively. 

Now I am somewhat confused.....

In our setup we have large remote sites interconnected with fiber and L3 connections with mls qos trust dscp on those interfaces.

At each site we have a primary 3750X/E stack with IP services and multiple 3750X stacks with IP base which connect to the primary stack with a portchannel (layer 2).

Are you saying I can simply use mls qos trust dscp on the layer 2 trunk (data, voice) connections to the Cisco phones?  And don't I still need to run my   mls qos  command and auto qos srnd4 on the stack to setup the queues and policy maps properly?

The reason we mark on the switch is so that the packet is trusted but with Cisco phones the phone itself marks the packet at the source(best practice) with a dscp of EF so all you really need to do it if you just want phones given priority and the markings carried through is yes use mls trust dscp at the edge and trunk port , you can still turn on mls qos globally  , auto qos is not required some switches support both mls and autoqos you can use both or just 1 but you will see if you get a standard switch and just use mls the voice packet markings are still the same.mls qos trust dscp on access ports and trunk ports if there 3750xs will do as they support full dscp , if its an older switch sometimes you will see like 2950s they only support cos so we have to use cos at access port then re-map it to dscp , when the switch supports dscp and mls you can just do it that way , there are multiple ways to mark the traffic but you don't have to use mls and auto qos together its overkill but saying that wont do any harm

The vpn should not remove an EF tag as its all encapsulated , packet marking should still be contained within

The main thing to check is your packets are still using the markings after they pass through the switch and ASA and are carrying them upstream , wireshark is probably the best way to see this

Thanks for your comments!  I will take your advice and start looking into it since all our switches support both cos and dscp.