Auto QOS - service policy with mls qos trust cos

jeevak mukadam · ‎01-17-2013

I need help. Please correct me if i am wrong.First please check below mention configuration.

interface GigabitEthernet1/0/25
description ### DATA ZONE - 7 ###
switchport access vlan 37
switchport mode access
switchport voice vlan 137
switchport port-security maximum 11
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 100
srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
macro description AccessEdgeQoS
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
ip verify source
ip dhcp snooping limit rate 100

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

As we can se in above example auto qos voip cisco-phone is enable that creates service policy and class-map as follows along with this commands 1.mls qos trust device cisco-phone 2.mls qos trust cos 3.service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

class-map match-all AUTOQOS_VOIP_DATA_CLASS

match ip dscp ef

class-map match-all AUTOQOS_DEFAULT_CLASS

match access-group name AUTOQOS-ACL-DEFAULT

class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS

match ip dscp cs3

!

policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY

class AUTOQOS_VOIP_DATA_CLASS

set dscp ef

police 128000 8000 exceed-action policed-dscp-transmit

class AUTOQOS_VOIP_SIGNAL_CLASS

set dscp cs3

police 32000 8000 exceed-action policed-dscp-transmit

class AUTOQOS_DEFAULT_CLASS

set dscp default

police 10000000 8000 exceed-action policed-dscp-transmit

!

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

MY confusion- How both port based and mqc based conguration work together on 2960s switch platform.

MY understanding- using auto qos voip cisco-phone command creates additonal commands mls qos trust device cisco-phone,mls qos trust cos along with service policy.As a result switch enables CDP to detect presence of cisco phone if yes then switch enables trust boundry and all incoming packets coming from cisco phone are trust with cos value 5 and corresponding dscp value obtain from cos-dscp map table that is 46.

IF no cisco-phone found then switch dose not enable trust-boundry feature and all traffic is not trusted and cos,dscp value will be 0.At this stage service policy come into play where all traffic match using class AUTOQOS_DEFAULT_CLASS.

I need help

Please correct me if i am wrong.

Kentse Mogana · ‎02-19-2013

Hi Jeevak,

Here is my understanding of this:

You are right in that when cisco phone is connected cos will be trusted, ie EF and CS3 and these will be matched by the class-maps AUTOQOS_VOIP_DATA_CLASS and AUTOQOS_VOIP_SIGNAL_CLASS, however in addtion to this, untagged traffic(PC traffic -> cos=0) will also be matched by class-map AUTOQOS_DEFAULT_CLASS.

Put it in another way, class-map AUTOQOS_DEFAULT_CLASS will match traffic whether a cisco phone is connected or not, the only difference is that incase there is no cisco phone ALL traffic will hit this class-map due to the fact that the conditional trust by switch will revert to no-trust(cos=0) for all traffic(tagged+untagged) intering the port.

Please lets have some expert weigh in here...

Regards

Kentse