Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
0
Replies

2960-X QoS - mls trust or input policy

CraigZA
Level 1
Level 1

‎04-21-2018 07:52 AM - edited ‎03-08-2019 02:44 PM

Hi everyone (1st post here),

 

Apologies in advance for the somewhat lengthly post, I've "inherited" a Cisco environment comprising 2960-X stacks as access switches which are uplinked to a pair of 4500-X in VSS as core via SFP+.

 

Since I knew enough about Cisco to be dangerous (more a Ubiquiti/MikroTik background), I bought a 3560G to learn the CLI and IOS. So far so good, have worked out the syntax and understand access ports vs trunk ports, port security, spanning tree, trusting marked traffic via mls trust commands and placing into different egress queues, etc.


Now, the previous vendor that used to support the environment has AutoQOS configured on every access port on the 2960-X's and no trust commands or srr-queue on the trunk ports to/from the core or the core itself, so time to get stuck in and sort out a few things on the 2960-X stacks first.

 

For the access ports going to the Cisco phones and computers I have the following config (entries for STP/security/etc intentionally omitted):

 

switchport access vlan X
switchport mode access
switchport voice vlan X
mls qos trust cos (trusts COS5 for RTP and COS3 for signalling set by the phone)
mls qos trust device cisco-phone (sets up the trust boundary)


I have also the following cos-dscp map:

mls qos map cos-dscp 0 8 16 24 32 46 48 56


When I look at the auto-generated input-policy which I'm working off as a reference (see below) I have a few queries?

 

class-map match-all AUTOQOS_VOIP_DATA_CLASS
match ip dscp ef
class-map match-all AUTOQOS_DEFAULT_CLASS
match access-group name AUTOQOS-ACL-DEFAULT
class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS
match ip dscp cs3
!
policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY
class AUTOQOS_VOIP_DATA_CLASS
set dscp ef
police 128000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_VOIP_SIGNAL_CLASS
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_DEFAULT_CLASS
set dscp default
police 10000000 8000 exceed-action policed-dscp-transmit


1.) I understand the above config is for policing to stop EF marked traffic flooding my network, but why (if using the class map match-all statement to match traffic alredy trusted as EF) does it again set dscp to EF?

 

2.) Same question for traffic trusted as being cs3?

 

3.) For the default class, why does it appear to be policing unmatched (default?) traffic down to 10mbit on a 1gbe/10gbe network

 

4.) Can I remove the default class from the policy map? No sense policing my users to 10mbit?

 

5.) If I omit the set dscp syntax from the policy map, will my traffic still be trusted from using mls qos trust commands? I read somewhere that the input policy takes precedence over the mls qos trust commands?


All responses welcomed.

Regards

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card