Solved: I understand you would use

tedauction · ‎12-15-2016

Hello, I understand you would use 'mls qos trust dscp' on a VoIP phone interface, but someone told me it should also be used on switch uplink ports.

Is this because when the DSCP marked goes to leave the switch, it's DSCP markings will be ignored unless you enter 'mls qos trust dscp' ?

Do layer 3 interfaces not need this command, as they will automatically trust DSCP ?

What type of interfaces will not trust DSCP by default ?

Thanks kindly for clarification.

Reza Sharifi · ‎12-15-2016

Hi,

Generally for access ports that connect to phones you need

mls qos trust cos

and

mls qos trust devie cisco-phone

and on the uplink ports you need

mls qos trust dscp

now, some newer versions of hardware and IOS don't support mls qos command anymore.

HTH

View solution in original post

Joseph W. Doherty · ‎12-15-2016

I understand you would use 'mls qos trust dscp' on a VoIP phone interface

Yes, often commonly done, but not always.

someone told me it should also be used on switch uplink ports.

Yes, also commonly done. Both depend on your QoS design.

Is this because when the DSCP marked goes to leave the switch, it's DSCP markings will be ignored unless you enter 'mls qos trust dscp' ?

No, the trust is for ingress, not egress, including on uplinks.

Do layer 3 interfaces not need this command, as they will automatically trust DSCP ?

Depends on the device. L2 vs. L3 interfaces usually have no bearing on DSCP. (Trusting L2 CoS, though is a different issue.)

What type of interfaces will not trust DSCP by default ?

Again, depends on the device. Generally, by default, routers and later Cisco switches leave L3 ToS alone (i.e. they "trust" it) by default. Older Cisco switches, often by default, leave L3 ToS alone if QoS disabled, but reset it to zero, if QoS enabled and not configured to be trusted.

View solution in original post

Reza Sharifi · ‎12-15-2016

Hi,

Generally for access ports that connect to phones you need

mls qos trust cos

and

mls qos trust devie cisco-phone

and on the uplink ports you need

mls qos trust dscp

now, some newer versions of hardware and IOS don't support mls qos command anymore.

HTH

Joseph W. Doherty · ‎12-15-2016

I understand you would use 'mls qos trust dscp' on a VoIP phone interface

Yes, often commonly done, but not always.

someone told me it should also be used on switch uplink ports.

Yes, also commonly done. Both depend on your QoS design.

Is this because when the DSCP marked goes to leave the switch, it's DSCP markings will be ignored unless you enter 'mls qos trust dscp' ?

No, the trust is for ingress, not egress, including on uplinks.

Do layer 3 interfaces not need this command, as they will automatically trust DSCP ?

Depends on the device. L2 vs. L3 interfaces usually have no bearing on DSCP. (Trusting L2 CoS, though is a different issue.)

What type of interfaces will not trust DSCP by default ?

Again, depends on the device. Generally, by default, routers and later Cisco switches leave L3 ToS alone (i.e. they "trust" it) by default. Older Cisco switches, often by default, leave L3 ToS alone if QoS disabled, but reset it to zero, if QoS enabled and not configured to be trusted.