cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
789
Views
0
Helpful
7
Replies

QOS Trust

Desmond Smith
Level 1
Level 1

I have a Cisco 4507 switch plugged into a Websense device.

Analysis of VoIP traffic has shown that QoS DSCP values are preserved across switchports until reaching the Websense appliance, attached to the switch, at which point they are discarded. Proper handling of VoIP traffic requires preserving QoS DSCP values end-to-end across the LAN and WAN for good call quality.

How do I configure the port that is connected to the websense device?

Is it the mls qos trust extend cos 5 command?

Any help is appreciated.

Thanks,

Desmond

1 Accepted Solution

Accepted Solutions

Desmond,

The command "mls qos trust extend cos 5" is used
for interfaces that connect to cisco ip phones. This command
tells the phone to set the COS to 5 for all packets/frames from
the PC port on the phone. This is in the direction towards the 4500 interface.

To mark all traffic as as COS 5 out of the interface you
would need to use a policy map along the lines below:-


!
class-map match-any WEBSENSE
match any
!
policy-map WEBSENSE
class WEBSENSE
set cos 5
!
interface fas 5/5
desc WEBSENSE
service-policy out WEBSENSE
!

Hope this helps

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

View solution in original post

7 Replies 7

Hello

If the switch has mls Qos enabled then by default Qos is set to override dscp to zero (sh mls Qos)

So yes if qos is enabled then you will need to trust the dscp values on either the trunk interface coming into the switch or in the switchport

Res
Paul

Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Desmond,

The command "mls qos trust extend cos 5" is used
for interfaces that connect to cisco ip phones. This command
tells the phone to set the COS to 5 for all packets/frames from
the PC port on the phone. This is in the direction towards the 4500 interface.

To mark all traffic as as COS 5 out of the interface you
would need to use a policy map along the lines below:-


!
class-map match-any WEBSENSE
match any
!
policy-map WEBSENSE
class WEBSENSE
set cos 5
!
interface fas 5/5
desc WEBSENSE
service-policy out WEBSENSE
!

Hope this helps

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

So you're saying the Websense proxy is dropping the markings?  If so, the ideal solution would be for the Websense proxy to stop doing that.

Otherwise, assuming there are multiple markings you need to preserve, you need a policy, on some downstream (from the Websense) transit device, to analyze and remark traffic with their appropriate QoS markings.  Depending on the complexity of the analysis, the ingress port, from the Websense attached to your 4507, would be the most logical place for such a policy.

Do know, that Catalyst switches, by default, when QoS is enabled, will erase QoS markings.  I assume this isn't the issue on the 4507.  If it is, just trust (or trust and verify) traffic entering the 4507.

Also know, QoS changes much on the latest 4500 sups, i.e. sup7 QoS is different from sup V QoS.

Desmond Smith
Level 1
Level 1

So basically the statement I was suggesting can only be used for Cisco Ip phones that are connected. I am not sure if I can get them to change the Websense settings but if I can't then the easiest way would be to set up a class map and policy map and mark the packets with cos 5 as they leave the switchport interface that is connected to the Websense device?

Thanks all for your help and suggestions!

Desmond

Hi Desmond,

You need to configure the parameters on the cat 4500 switch.

Regards

Inayath

Yes on the interface connected to the Websense device.

Thanks,

Desmond

Yes Perfect.

Regards

Inayath

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: