Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1137
Views
0
Helpful
7
Replies

QOS Trust

Go to solution
Desmond Smith
Level 1
Level 1

‎05-02-2013 01:21 PM - edited ‎03-07-2019 01:09 PM

I have a Cisco 4507 switch plugged into a Websense device.

Analysis of VoIP traffic has shown that QoS DSCP values are preserved across switchports until reaching the Websense appliance, attached to the switch, at which point they are discarded. Proper handling of VoIP traffic requires preserving QoS DSCP values end-to-end across the LAN and WAN for good call quality.

How do I configure the port that is connected to the websense device?

Is it the mls qos trust extend cos 5 command?

Any help is appreciated.

Thanks,

Desmond

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
acampbell
VIP Alumni
VIP Alumni
In response to paul driver

‎05-02-2013 04:24 PM

Desmond,

The command "mls qos trust extend cos 5" is used
for interfaces that connect to cisco ip phones. This command
tells the phone to set the COS to 5 for all packets/frames from
the PC port on the phone. This is in the direction towards the 4500 interface.

To mark all traffic as as COS 5 out of the interface you
would need to use a policy map along the lines below:-


!
class-map match-any WEBSENSE
match any
!
policy-map WEBSENSE
class WEBSENSE
set cos 5
!
interface fas 5/5
desc WEBSENSE
service-policy out WEBSENSE
!

Hope this helps

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
paul driver
VIP
VIP

‎05-02-2013 03:29 PM

Hello

If the switch has mls Qos enabled then by default Qos is set to override dscp to zero (sh mls Qos)

So yes if qos is enabled then you will need to trust the dscp values on either the trunk interface coming into the switch or in the switchport

Res
Paul

Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
acampbell
VIP Alumni
VIP Alumni
In response to paul driver

‎05-02-2013 04:24 PM

Desmond,

The command "mls qos trust extend cos 5" is used
for interfaces that connect to cisco ip phones. This command
tells the phone to set the COS to 5 for all packets/frames from
the PC port on the phone. This is in the direction towards the 4500 interface.

To mark all traffic as as COS 5 out of the interface you
would need to use a policy map along the lines below:-


!
class-map match-any WEBSENSE
match any
!
policy-map WEBSENSE
class WEBSENSE
set cos 5
!
interface fas 5/5
desc WEBSENSE
service-policy out WEBSENSE
!

Hope this helps

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-02-2013 05:08 PM

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

So you're saying the Websense proxy is dropping the markings?  If so, the ideal solution would be for the Websense proxy to stop doing that.

Otherwise, assuming there are multiple markings you need to preserve, you need a policy, on some downstream (from the Websense) transit device, to analyze and remark traffic with their appropriate QoS markings.  Depending on the complexity of the analysis, the ingress port, from the Websense attached to your 4507, would be the most logical place for such a policy.

Do know, that Catalyst switches, by default, when QoS is enabled, will erase QoS markings.  I assume this isn't the issue on the 4507.  If it is, just trust (or trust and verify) traffic entering the 4507.

Also know, QoS changes much on the latest 4500 sups, i.e. sup7 QoS is different from sup V QoS.

0 Helpful

Go to solution
Desmond Smith
Level 1
Level 1

‎05-02-2013 08:20 PM

So basically the statement I was suggesting can only be used for Cisco Ip phones that are connected. I am not sure if I can get them to change the Websense settings but if I can't then the easiest way would be to set up a class map and policy map and mark the packets with cos 5 as they leave the switchport interface that is connected to the Websense device?

Thanks all for your help and suggestions!

Desmond

0 Helpful

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee
In response to Desmond Smith

‎05-02-2013 08:31 PM

Hi Desmond,

You need to configure the parameters on the cat 4500 switch.

Regards

Inayath

0 Helpful

Go to solution
Desmond Smith
Level 1
Level 1
In response to InayathUlla Sharieff

‎05-02-2013 08:34 PM

Yes on the interface connected to the Websense device.

Thanks,

Desmond

0 Helpful

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee
In response to Desmond Smith

‎05-02-2013 08:40 PM

Yes Perfect.

Regards

Inayath

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card