Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3295
Views
10
Helpful
6
Replies

3850 switches: How to disable qos trust dscp on wired interfaces?

Go to solution
Nadav
Level 7
Level 7

‎11-13-2016 07:36 AM - edited ‎03-08-2019 08:08 AM

Hi everyone,

I'm migrating from 3750 to 3850 switches. It seems that contrary to 3750s, 3850s trust DSCP markings on ingress traffic by default.

I'm interested in removing this trust (something akin to "no mls qos trust dscp").  

I'd prefer a way to disable trust by default, and only apply it where necessary. If I can't configure it by default, then a per-interface solution would be the next best thing.

Does anyone know how to accomplish this?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rolf Fischer
Level 9
Level 9

‎11-16-2016 10:17 PM

Hi,

I believe the only way to accomplish the behavior of an untrusted port on IOS-XE platforms is to apply an ingress service-policy with class-default (only) and a 'set dscp 0'.

policy-map UNTRUST
 class class-default
  set dscp 0
!
interface x/y
 service-policy input UNTRUST

Other thoughts or a confimation from other forum members would be appreciated!

HTH
Rolf

View solution in original post

6 Replies 6

Go to solution
Rolf Fischer
Level 9
Level 9

‎11-16-2016 10:17 PM

Hi,

I believe the only way to accomplish the behavior of an untrusted port on IOS-XE platforms is to apply an ingress service-policy with class-default (only) and a 'set dscp 0'.

policy-map UNTRUST
 class class-default
  set dscp 0
!
interface x/y
 service-policy input UNTRUST

Other thoughts or a confimation from other forum members would be appreciated!

HTH
Rolf

Go to solution
Nadav
Level 7
Level 7
In response to Rolf Fischer

‎11-17-2016 07:45 AM

That's what appeared in the documentation as well, it'll have to do. Thanks :)

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Nadav

‎11-17-2016 08:46 AM

hello

Switch interface specific ?

int x/x

mls qos cos x (tagged)

switchport priority extend cos x (untagged)

mls qos cos x override ( tagged - un tagged)

however I have may mis interpreted the OP

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Rolf Fischer
Level 9
Level 9
In response to paul driver

‎11-17-2016 10:29 AM

Hello Paul,

thanks for joining!

Unlike the cat3750, the cat3650/3850 platforms run IOS-XE and no longer support the old 2k/3k mls qos commands but MQC now. QoS now is enabled by default and the interfaces are trusted by default. Important changes when migrating from old to new.

Regards,

Rolf

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Rolf Fischer

‎11-17-2016 11:24 AM

Hello Rolf 

I didn't know that cheers for the heads up

i guess a review of it white paper is in order!

The beauty of these forums never cease to amaze me !

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎11-17-2016 08:17 AM

Newer switches work like routers have, i.e. by default, they don't change/reset ToS.  So, as Rolf shows, you would need to configure a policy to change/reset ToS, as desired.

Also BTW, 3750s only "untrusted" when QoS was globally enabled.  If QoS wasn't enabled, they too would pass/accept ToS as found.

Customers Also Viewed These Support Documents