Solved: Re: QoS best-effort in C1300 - Page 2

krzysztofmaciejewskiit · ‎09-24-2025

I need to configure the switches so that every movement, without exception, is treated as best-effort. I have no implementation experience in QoS, so I have prepared this configuration and am wondering if it will be sufficient.

switch(config)#qos basic
switch(config-if)#no qos ?
cos Configure the default CoS value for a port. Use the no
form of the command to return to the default setting.
statistics QoS statistics counters
trust Configure each port to trust state while the system is
in basic mode. Use the no form of the command to
disable trust state on each port.

switch(config-if)#no qos cos
or
switch(config-if)#qos cos 0
switch(config-if)#no qos trust

switch#show running-config interface GigabitEthernet1
interface GigabitEthernet1
no qos trust
switchport access vlan 333

Will this configuration normalize traffic to best-effort? Frames from this switch then go to the next aggregating switch, so I would like them to be normalized as close to the source as possible so that they do not need to be normalized on the aggregating switch.

krzysztofmaciejewskiit · ‎09-24-2025

Okay, that makes sense to me.
Do you think I should have the "no qos trust command" on the interface (visible in the first message)?

Perhaps I need to explicitly create a trust on the interface and additionally set it to 0?
What do you think?

Joseph W. Doherty · ‎09-25-2025

I didn't dig into interface QoS configuration statements, as going by documentation, what I suggested should do what you desire without touching interface configs. (I presume using global configuration statements makes it less likely to mess up a particular interface. However, if you want to be able to configure QoS operations, per interface, I can dig into how to do that.)

krzysztofmaciejewskiit · ‎09-25-2025

If you would like to help me solve my problem, i.e. resetting the CoS and DSCP tags that come in on the processor, I would gladly accept your help.
I am also going to test this iperf3 myself, so I will also provide an update when I solve this problem.

Joseph W. Doherty · ‎09-25-2025

As you pass your data through the C1300, is it passed L2 or L3? If the latter, L2 CoS should be a non-factor.

What I provided earlier, should reset L3 ToS.

krzysztofmaciejewskiit · ‎09-25-2025

The PC is connected to c1300 in access 333. C1300 is plugged into C9k access 333. From C3k, the traffic goes through a trunk to the firewall where the PC's default gateway is located. Therefore, traffic from the PC to the FW will go through L2.

I managed to reset the DSCP. You need to set the interface to Trust mode, edit the DSCP override tables, and enable DSCP overwriting.

However, I am unable to reset the CoS tag at this time.

Joseph W. Doherty · ‎09-25-2025

Is the PC host using VLAN tagged frames? If not, trunk will set CoS to zero.

krzysztofmaciejewskiit · ‎09-25-2025

The host/PC will be connected to the access port. I don't know if that solves the problem. In any case, the host may try to modify its frames, and I want to protect myself against such a scenario.

If the port is in access mode, the switch should remove the tag if a tagged frame arrives, so this may actually solve the problem.

Joseph W. Doherty · ‎09-25-2025

@krzysztofmaciejewskiit wrote:

If the port is in access mode, the switch should remove the tag if a tagged frame arrives, so this may actually solve the problem.

Actually, a host can send a VLAN tagged frame, with VLAN ID 0, just for CoS usage (on an access port).

What I recommended earlier, on the C1300, ignores using any L2 CoS, however, in theory, since you're doing L2 forwarding "upstream", a non-zero CoS could be sent "upstream".

Personally, I would have the "upstream" device just ignore any L2 CoS (which, I usually recommend, L2 CoS never be used unless you have a need for a QoS tag and cannot use the L3 ToS [which smart L2 switches often can].)

If you really want to insure a frame passed "upstream" has a zero CoS value, since you're using a trunk, which implicitly has a L2 CoS value, we might be able to force the CoS to a zero value upon egress.

Going down to an end-host might be a bit more dicey, as I'm unsure a host not expected a VLAN tag, just for its CoS value, would accept it at all. (On the C1300, the recommended global settings would ignore using the CoS value, if any.)

BTW, I perhaps I should have asked earlier, but actually I wouldn't recommend what you want to do. Instead, I would recommend a QoS policy that sets meaningful tags and QoS processing policy. Which might be very few legitimate none zero tags and all treated alike. This last may seem identical to what you want to do, and effectively it should be, but it sets a framework for QoS modifications. For example, say you add VoIP to your network. With your approach, you may have a mad scramble to support it effectively after creating a whole new revised QoS approach, vs. only VoIP packets will be tagged DSCP EF but given BE treatment becomes DSCP EF tagged packets (already in placed which only can be VoIP) are to be prioritized.

krzysztofmaciejewskiit · ‎09-26-2025

If you really want to insure a frame passed "upstream" has a zero CoS value, since you're using a trunk, which implicitly has a L2 CoS value, we might be able to force the CoS to a zero value upon egress.

Like I said, I have access ports to upstream switch.

Jens Albrecht · ‎09-24-2025

For lab purposes there are a few simple ways to test this.

Extended pings allow you to set the QoS markings as you like.

You can also configure a switch to mark certain traffic or an entire VLAN with the desired QoS markings.

If you want to use some traffic generators, look for tools like Ostinato or iPerf/iPerf3 for example.