ā03-08-2011 05:36 AM - edited ā03-04-2019 11:41 AM
We have a medium sized campus. Our 2950/60's trunk back to our 3550/60's and those trunk back to our 6500 core. We also run a Call Manager server with several IP phones. I inherited this network and was never able to talk to the original consultants that set up the switches and the Call Manager.
The question is: We have MLS trust COS set up on just about every switch that will support it. It is set up both globally and on the ports. We recently had traffic problems that resolved down to changing the queue size on some of our 3560 switches. I've read up a bit on QOS from Cisco, but have not really figured out where exactly MLS trust QOS has to be set. Does it need to be set on trunks? for instance, the trunks from the 3560's back to the core were done as switchport access vlan x instead of trunk ports. MLS trust QOS is set up on these ports. Does it need to be set up between switches like this? or does it just need to be set up on the switch itself, and only the ports where QOS needs to be controlled?
Thanks!
Solved! Go to Solution.
ā03-08-2011 05:09 PM
Hi Scott,
When you enable mls qos globally on a switch, it puts all the ports in a "untrusted" state. You then manually set whatever ports(access/trunk) to "trust"
Without the " mls qos" globally, all the ports enter in trust state by default. The "mls qos" command globally turns on additional features on the switch
"mls qos" globally enabled helps to use QoS classification, policing, mark down or drop, queueing, and traffic shaping features in HW.
In regards to your CCM and Gateway, you can set those ports to "trust" and leave the others to a non-trust.
HTH,
Regards,
Kishore
Please rate if helpful
ā03-09-2011 08:58 AM
Its covered in the Qos exam certification guide for CCIP curriculum.
Regards.
Alain.
ā03-08-2011 07:05 AM
Hi,
for instance, the trunks from the 3560's back to the core were done as switchport access vlan x instead of trunk ports.
This command doesn't change the port to an access port it can still be a trunk port.
the global command for QoS is mls qos and then on interfaces you can trust cos or dscp.
cos is 3 bits value valid on trunk ports only, traffic untagged hasn't got any cos value.
the best practice is to trust on access and distribution switches. On access you can trust conditionaly if you have cisco phones and on trunks
you can trust cos.
Core switches should concentrate on one thing only: forward traffic.
Regards.
Alain.
ā03-08-2011 07:22 AM
Thanks for your reply Alain.
So as another example, our core doesn't have any phones on it at all, it
just forwards out to the distribution switches.
Yet MLS QOS is enabled globally, and mls qos trust cos is on almost all of
our access ports, even though those access ports do not have phones
connected to them. These access ports connect the core to various
distribution switches. So I am wondering what the implications of removing
mls qos from the core entirely would be. Does mls qos need to be set on
every switch? Or only if you are trying to control qos?
One thing that might be important to note is that our call manager and our
2691 voice gateway router are also connected to the core. So I'm afraid if
I remove the mls command, it would negatively impact my phone system.
Thanks again!
On Tue, Mar 8, 2011 at 10:06 AM, cadetalain <
ā03-08-2011 05:09 PM
Hi Scott,
When you enable mls qos globally on a switch, it puts all the ports in a "untrusted" state. You then manually set whatever ports(access/trunk) to "trust"
Without the " mls qos" globally, all the ports enter in trust state by default. The "mls qos" command globally turns on additional features on the switch
"mls qos" globally enabled helps to use QoS classification, policing, mark down or drop, queueing, and traffic shaping features in HW.
In regards to your CCM and Gateway, you can set those ports to "trust" and leave the others to a non-trust.
HTH,
Regards,
Kishore
Please rate if helpful
ā03-08-2011 11:30 PM
Hi,
Without the " mls qos" globally, all the ports enter in trust state by default
for 3550-3560 without the mls qos command the switch doesn't care about QoS and everything is Best Effort, so no trust state in this case.
On 2950 the default is all ports untrusted ( no need for mls qos command).
For other models you'll have to look at the config guides.
Regards.
Alain.
ā03-09-2011 03:33 AM
Thanks Alain. stars to you for that. I should have made myself clear about different switch models.
Regards,
Kishore
ā03-09-2011 05:23 AM
Thanks for all your help on this. Do either of you know where the info is covered in any of the cisco tracks? I was reading some of the Cisco documentation on line, but the concept kind of escapes me. Do you know if it's in the Cisco SWTICH book for CCNP?
Your help has been greatly appreciated!
ā03-09-2011 08:58 AM
Its covered in the Qos exam certification guide for CCIP curriculum.
Regards.
Alain.
ā03-10-2011 10:57 AM
To add just another dimention to this question, I was having speed issues on a few of my switches, and after researching on the internet, found that if I modified the QOS queue, it would help the problem. I'm not sure why it worked for one, and the other question would be how do I know that the speed issues are related to this solution?
So could you tell me why this works first of all, and then how to test for it on the switches second of all.
Thanks!
mls qos queue-set output 1 threshold 2 400 400 100 400
mls qos queue-set output 1 buffers 15 45 20 20
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide