cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
592
Views
0
Helpful
0
Replies

Qos: Conditional Trust Model with a VLAN-Based QoS policy - approach and review

Markus Schwarz
Level 1
Level 1

Good day Cisco community,

 

I was wondering if someone has come across the following QoS implementation requirement ?

 

Subject : Qos: Conditional Trust Model with a VLAN-Based QoS policy - approach and review

 

Hardware in use:  Cat4500 Sup8 and Cat3850s

Just to recap; I have listed "Conditional Trust Model using Port-Based QoS" because this (in my view) is nicely/completely documented in the SNRD:

 

1) Conditional Trust Model using Port-Based QoS (Confirmed)

Standard LAN design followed “i.e.” Switch ports have been configured with DATA & VOICE VLANs

 

  •            Cisco Phone connects to Catalyst switch port Gig1/0/1
  •            PC connects to the Cisco Phone

 

Conditional trust rule applies, i.e.  trust COS-5 and COS-3 sent from the CISCO PHONE and ignore COS-0 (data received from the PC)

 

Sample configuration: (briefest form:)

 

class-map match-all VOICE

  match cos 5

class-map match-all SIGNALLING

  match cos 3

 

 

 

 policy-map LAN-CONDITIONAL-TRUST

    description ** User Access Switch VOICE & DATA port **

   class VOICE

    set dscp ef

   class SIGNALLING

    set dscp cs3

   class class-default

    set dscp default

 

 

 

 

interface Gig1/0/1

 description DATA & VOIP port

  x

  qos trust device cisco-phone

  service-policy input LAN-CONDITIONAL-TRUST

 

 

 

 

However, I have a requirement to enable "VLAN-Based QoS" so the Port-Based-QoS conditional trust QoS policy will go out the window because Port-Based-QoS policy takes precedence over VLAN-Based QoS

 

So I believe that the following configuration will need to be used but I am uncertain whether  this is best practise?. I failed to locate any documentation relating to conditional trust model using VLAN-Based QoS:

 

 

I would welcome any pointers or feedbackJ

 

2.) Conditional Trust Model using VLAN-Based QoS sample configuration draft I intent use deploy:  To be Confirmed

 

Cat4k#(brief config)  ** only Voice related:

!

!

!

  vlan 500

     name VOICE-LAN

!

 

 

ip access-list extended ACL-SIGNALLING

  remark ** SCCP **

  permit tcp any any range 2000 2002

  permit tcp any range 2000 2002 any

!

ip access-list extended ACL-VOICE

  remark ** RTP **

  permit udp any any range 16384 32768

!

Ip access-list extended ACL-DEFAULT

  remark ** Explicit classify the class default  **

  permit ip any any

 

 

class-map match-any VOICE-CLASS

  description ** QoS Class for Voice and  Conditional trust **

  match access-group name ACL-VOICE

  match cos 5   <<<<< Move and Match Cos 5 sent from Phone and thus simulate the conditional trust model as seen in point 1)

!

! class-map match-any SIGNALLING-CLASS

 description **  QoS Class for Signalling and Conditional trust **

  match access-group name ACL-SIGNALLING   

  match cos 3 <<<<< Move and Match Cos 3 sent from Phone and thus simulate the conditional trust model as seen in point 1)

!

! class-map match-any DEFAULT-CLASS

 description **  QoS Class for Default traffic **

  match access-group name ACL-DEFAULT

 

 

policy-map VOICE-VLAN-BASED

  description ** VLAN-based QoS for Voice **

class VOICE-CLASS

  set dscp ef

class SIGNALLING-CLASS

  set dscp cs3

class DEFAULT-CLASS

  set dscp default

 

Apply the Policy to the VOICE VLAN (in Data base):

  vlan config 500

   service-policy input VOICE-VLAN-BASED

 

No action required on the interface:

 

Reason:  Cat4k does not support “mls qos vlan-based” at interface level. Instead it is attached to the VLAN database

 

interface Gig1/0/1

 description DATA & VOIP port

  x

  qos trust device cisco-phone

 

 

I think this would be a fair approach although I am not 100% certain if this would be "Vlaid" and "best practice".

 

I would be grateful (and extremely delighted) if you could ping me back with any tips or advise,   If anyone has any knowledge if this implementation approach would be valid and indeed supported going forward.

 

Best Wishes

 

Markus

 

0 Replies 0
Review Cisco Networking for a $25 gift card