On 3560x, I'd like to markdown any traffic received >100mbps to CS2.
It looks like the only markdown map available is DSCP-based, not CoS-based (there is no "police ... exceed-action policed-cos-transmit" command)
Does that mean I need to:
-not trust DSCP or CoS on input ; internal DSCP value will be 0
interface GigabitEthernet0/1
no switchport
no trust dscp
no trust qos
- markdown the internal DSCP value from 0 to 16 using 100mbps policer
mls qos map policed-dscp 0 to 16
policy-map pm-policed-input
class class-default
police 100000 8000 exceed-action policed-dscp-transmit
- then map dscp16 to CS2 for output
mls qos map dscp-cos 0 8 16 24 32 40 48 56 to 0 1 2 3 4 5 6 7
(or would packets with internal dscp 16 just automatically be tagged CS2 when egress is over a trunk port?)
Not sure if it matters, but this ingress is via "no switchport" ports and egress is via SVI carried over a trunk port.