Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2425
Views
0
Helpful
5
Replies

Qos trust commands - recommended best practice

carl_townshend
Spotlight
Spotlight

‎12-14-2010 02:24 AM - edited ‎03-06-2019 02:31 PM

Hi all

I have been speaking to a colleague, he says he had issues with windows xp doing to many retransmissions whilst transferring a file. we have siemens voip phones and pc's in to the same port on the 2960 switches. we configured the ports using the mls qos trust dscp command. since then he has changed to the auto qos voip trust on the access ports and on uplink ports mls qos trust dscp and this has solved the issue.

what is the recommended practice for this?

cheers

Carl

Labels:
0 Helpful
5 Replies 5

Yogesh Ramdoss
Cisco Employee
Cisco Employee

‎12-14-2010 06:25 AM

Carl,

Let us look at the difference between these two commands:

mls qos trust dscp

This will trust any DSCP markings in the received traffic. As long as we have phone/PC on the port that are doing proper DSCP markings, there is no issue. Say, if someone removes the phone, and attach a PC sending all DSCP=46 traffic at line-rate. This will abuse the strict-priority queue. You need to enable a trusted boundary. I would recommend this command in the interior devices of the network.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swqos.html#wp1229179

auto qos voip trust

This command adds changes global QoS settings, as mentioned in this link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swqos.html#wp1898644

You can very well see the CoS-DSCP markings. I would recommend this on edge ports.

Hope this helps.

- Yogesh

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Yogesh Ramdoss

‎12-14-2010 06:54 AM

so are you saying between switches use the mls qos trust dscp and on switch ports use the auto qos voip trust?

what does everyone else normally do?

cheers

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to carl_townshend

‎12-14-2010 07:41 AM

Yes, Auto Qos at the edge take the packet with Cos of 5 for voice and Cos of 3 for signaling, trust it and transmit it.

HTH

Reza

0 Helpful

Yogesh Ramdoss
Cisco Employee
Cisco Employee
In response to carl_townshend

‎12-14-2010 08:45 AM

Hello Carl,

Following Enterprise QoS SRND guide discuss on common deployment scenarios and corresponding configurations:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html

From my experience, most of the customers follow this document and also see them referring this doc in TAC Service Requests.

- Yogesh

0 Helpful

mgalazka
Level 1
Level 1
In response to carl_townshend

‎12-14-2010 11:24 AM

Carl,

The conditional trust feature for access ports works well when you have all Cisco phones.  Since you have non-Cisco phones, I would be less likely to utilize the trust feature for access ports, and instead I would use an ingress marking policy to classify the traffic.  The reason for this is that by using the "auto qos voip trust" feature on an edge port, you are trusting ingress COS markings from a device you don't control.  The same concern applies here, in my eyes, as does trusting DSCP on an edge port.

The QoS Config guide for the 2960's (http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swqos.html) has a ton of information, but I would think about the following ideas and see if it works for you.

  • Access ports - ingress
    • Classify ingress voice bearer traffic, voice control traffic, etc via extended ACL -- mark voice bearer as DSCP 46, voice control as DSCP 24, etc.
    • Police ingress voice bearer traffic to 1Mbps (lowest possible on 2960 policer)
    • Optionally place voice bearer traffic (cos 5) in priority ingress queue with bandwidth matching your policed value
  • Access ports - egress
    • Map cos 5 to expedite queue (remember, bandwidth for this traffic was limited on ingress)
    • Set up shared queues for control/routing/important traffic
    • Leave last shared queue with remaining bandwidth guarantee for class-default DSCP/COS 0
  • Uplinks
    • Trust DSCP
  • Other notes
    • Ensure COS-to-DSCP mapping has COS5 -> DSCP 46

There are plenty of ways to accomplish your goal, so I am just trying to provide another viewpoint to what has already been discussed.  I also echo the last comment -- the QoS SRND is fantastic!  The above concepts are somewhat similar to the Untrusted PC + Softphone segment of the 2970/3560/3750 portion of the document... if you like these concepts I have listed, I'd definitely recommend reading that portion of the SRND.

Regards,

Matt

0 Helpful
Customers Also Viewed These Support Documents