Good day Cisco community,
I was wondering if someone has come across the following QoS implementation requirement ?
Subject : Qos: Conditional Trust Model with a VLAN-Based QoS policy - approach and review
Hardware in use: Cat4500 Sup8 and Cat3850s
Just to recap; I have listed "Conditional Trust Model using Port-Based QoS" because this (in my view) is nicely/completely documented in the SNRD:
1) Conditional Trust Model using Port-Based QoS (Confirmed)
Standard LAN design followed “i.e.” Switch ports have been configured with DATA & VOICE VLANs
- Cisco Phone connects to Catalyst switch port Gig1/0/1
- PC connects to the Cisco Phone
Conditional trust rule applies, i.e. trust COS-5 and COS-3 sent from the CISCO PHONE and ignore COS-0 (data received from the PC)
Sample configuration: (briefest form:)
class-map match-all VOICE
match cos 5
class-map match-all SIGNALLING
match cos 3
policy-map LAN-CONDITIONAL-TRUST
description ** User Access Switch VOICE & DATA port **
class VOICE
set dscp ef
class SIGNALLING
set dscp cs3
class class-default
set dscp default
interface Gig1/0/1
description DATA & VOIP port
x
qos trust device cisco-phone
service-policy input LAN-CONDITIONAL-TRUST
However, I have a requirement to enable "VLAN-Based QoS" so the Port-Based-QoS conditional trust QoS policy will go out the window because Port-Based-QoS policy takes precedence over VLAN-Based QoS
So I believe that the following configuration will need to be used but I am uncertain whether this is best practise?. I failed to locate any documentation relating to conditional trust model using VLAN-Based QoS:
I would welcome any pointers or feedbackJ
2.) Conditional Trust Model using VLAN-Based QoS sample configuration draft I intent use deploy: To be Confirmed
Cat4k#(brief config) ** only Voice related:
!
!
!
vlan 500
name VOICE-LAN
!
ip access-list extended ACL-SIGNALLING
remark ** SCCP **
permit tcp any any range 2000 2002
permit tcp any range 2000 2002 any
!
ip access-list extended ACL-VOICE
remark ** RTP **
permit udp any any range 16384 32768
!
Ip access-list extended ACL-DEFAULT
remark ** Explicit classify the class default **
permit ip any any
class-map match-any VOICE-CLASS
description ** QoS Class for Voice and Conditional trust **
match access-group name ACL-VOICE
match cos 5 <<<<< Move and Match Cos 5 sent from Phone and thus simulate the conditional trust model as seen in point 1)
!
! class-map match-any SIGNALLING-CLASS
description ** QoS Class for Signalling and Conditional trust **
match access-group name ACL-SIGNALLING
match cos 3 <<<<< Move and Match Cos 3 sent from Phone and thus simulate the conditional trust model as seen in point 1)
!
! class-map match-any DEFAULT-CLASS
description ** QoS Class for Default traffic **
match access-group name ACL-DEFAULT
policy-map VOICE-VLAN-BASED
description ** VLAN-based QoS for Voice **
class VOICE-CLASS
set dscp ef
class SIGNALLING-CLASS
set dscp cs3
class DEFAULT-CLASS
set dscp default
Apply the Policy to the VOICE VLAN (in Data base):
vlan config 500
service-policy input VOICE-VLAN-BASED
No action required on the interface:
Reason: Cat4k does not support “mls qos vlan-based” at interface level. Instead it is attached to the VLAN database
interface Gig1/0/1
description DATA & VOIP port
x
qos trust device cisco-phone
I think this would be a fair approach although I am not 100% certain if this would be "Vlaid" and "best practice".
I would be grateful (and extremely delighted) if you could ping me back with any tips or advise, If anyone has any knowledge if this implementation approach would be valid and indeed supported going forward.
Best Wishes
Markus