Re: mls qos trust cos and device cisco-phone

tomek0001 · ‎10-09-2009

Question regarding these two features. Using the auto qos macro "auto qos voip cisco-phone" the switchport get configured with:

mls qos trust device cisco-phone

mls qos trust cos

but if you have conditional trust with the phone why are you just allowing all traffic marked with CoS? does that seem like it make the device trust non necessary?

thanks,

Edison Ortiz · ‎10-09-2009

You need both commands. The first command instructs the switch to trust a cisco ip-phone. The second command instructs the switch to use 'cos' as the trust mode. If you don't enter the 2nd command, the trust mode in the port is untrusted and QoS markings will be reset to 0.

interface FastEthernet0/10

switchport mode dynamic desirable

mls qos trust device cisco-phone

Rack1SW4#sh mls qos interface f0/10

FastEthernet0/10

trust state: not trusted

trust mode: not trusted

COS override: dis

default COS: 0

DSCP Mutation Map: Default DSCP Mutation Map

Trust device: cisco-phone

Rack1SW4#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Rack1SW4(config)#int f0/10

Rack1SW4(config-if)#mls qos trust cos

Rack1SW4(config-if)#end

Rack1SW4#sh mls qos interface f0/10

FastEthernet0/10

trust state: not trusted

trust mode: trust cos

COS override: dis

default COS: 0

DSCP Mutation Map: Default DSCP Mutation Map

Trust device: cisco-phone

Regards

Edison.

tomek0001 · ‎10-12-2009

So basically cisco-phone command enables the device to be trusted and the trust cos defines what qos attribute (cos |dscp|ip-precedence) to trust from that device.

Edison Ortiz · ‎10-12-2009

Correct

Regards

Edison.

Volodymyr Morskyy · ‎01-11-2010

Not to create a new thread - I've understood

that "mls qos trust device cisco-phone" is a trust condition.But it is discussed(even in QoS course) as trust condition in a PC traffic point of view. What about phone signaling and RTP - are they trusted always(due to CDP)? Do I need to enter both commands to trust CoS and DSCP marking from Phone port...thank you in advance

prakadeesh · ‎01-11-2010

Imho,

yes command "mls qos trust device cisco-phone" basically advices the switch that the Cisco Ip phone is doing the markings and just trust that for the queueing. So at the switch port we basically choose between cos or dscp to put in proper queue. RTP/Signalling traffic use their own dscp/cos that can be set by the IP phone. They are trusted and queued either based on cos or dscp ( as per the switch port config) say RTP with dscp 46 is EF still trusted by siwtch port (if mls trusp dscp is chosen), signalling traffic may be say dscp 24/40(nortel phones) still trusted but queued depending on the dscp-queue map on the switch. stand corrected incase wrong.

hth

Volodymyr Morskyy · ‎01-11-2010

Thanks for a quick answer.Still got no answer for my question)).
Lets take default settings on Catalyst and lets attach IP Phone and PC to this IP Phone.
Will be the phone signaling/media traffic given priority over PC traffic without
"mls qos trust device cisco-phone" and "mls qos trust cos/dscp" commands? Will be Phone signaling/media mrking discarded or kept?

prakadeesh · ‎01-11-2010

without these two command all the traffic that comes to the port will be processed as per the default switchport config which is dont trust and the port will not be prioritising the voip traffic. I think a default cos value of 0 will be applied to the frames. dscp remarking may or may not take place depending on the switch config / dscp mutation map.

Volodymyr Morskyy · ‎01-11-2010

Was writing exactly the same)) Just called myself from another IP Phone ans sniffed - all voice packets from another IPPhone were marked with DSCP=0x00 as well as Signalling to my IPPhone from CCM)/ So thank you for making me 100% sure) (Sorry can't vote - topic seems to be closed for voting after solving a trouble, but will try later from another browser)