07-16-2013 10:59 AM - edited 03-07-2019 02:26 PM
I have users with PCs connected to cisco phones and 'auto qos voip cisco-phone' configured on the access ports. In this case the DSCP values will only be trusted once the phone is detected via CDP. Is there anyway to extend the trust to the PC as it will have a video application that is capable of marking traffic? Will I end up having to edit the existing policy map and mark the traffic?
There seems to be quite a few opinions as to what happens if a switch's uplink port is configured to trust DSCP but the switch on the other end is not configured to do so. Will it rewrite the DSCP value or will it leave it be? Can anyone point me to documentation if possible, thanks.
07-16-2013 11:31 AM
Hi,
QoS should be configured end to end, this Cisco guide should answer most of the questions you're asking yourself.
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoSDesign.html
Regards
Alain
Don't forget to rate helpful posts.
07-16-2013 01:11 PM
Thanks. I am still a little confused. Since the PC will not be able to do COS and the port has 'mls qos trust cos' configured on it as apart of the auto qos configuration, even if I were to extend the trust to the PC it would not do much good, right? The switch is only trusting COS and the PC is marking with DSCP. Will the DSCP still be trusted by the switch?
07-16-2013 03:40 PM
Hello
The other switch will only rewrite if qos is enaled on it and you havnt trusted qos or diasble dscp re-write.
Also by default lan qos voice for media traffic is marked with a cos 5 and dscp EF 46
On cisco switches the cos to dscp marking differ cos 5 = 40, So this needs to be changed - unless auto -qos is enabled as you say it is then this setting is changed automaticaly.
sh mls qos maps cos-dscp
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 40 48 56
conf t
mls qos map cos-dscp 0 8 16 24 32 46 48 56
sh mls qos maps cos-dscp
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
--------------------------------
dscp: 0 8 16 24 32 46 48 56
hope this helps
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
07-16-2013 05:27 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Perhaps the easiest method is to just trust DSCP on the user switch's edge port. If the VoIP phone and PC are marking ToS correctly, then you only need to worry about correct QoS treatment for your marked packets.
With regard to your question about one switch that trusts linked to another switch that doesn't trust, results depend on the platform. Most of the Cisco Catalyst switches, default is QoS is disabled, and when QoS is disabled they pass ToS along as it. However, on those same switches, when you enable QoS, they will rewrite ToS to zero unless you configure them otherwise. (NB: the later 4500 Sup7s, I recall, work like a router, i.e. by default they always pass the ToS unless you configure them otherwise.)
07-17-2013 07:06 AM
Thanks pdriver and Joseph for the input. On the switches I am working with DSCP rewrite seems to be enabled regardless of if qos is enabled based on the output of 'show mls qos', so if qos is enabled on a switch I would either need to disable rewrite or configure trust on the uplink port? And in the case of a switch that does not have qos enabled I would either need to disable rewrite or enable qos and configure trust on the uplink port?
Since auto qos applies 'mls qos trust cos' to the port are you saying I should just remove this and trust DSCP and it won't affect the phones? Does it also mean I would also need to remove 'mls qos trust device cisco-phone' so that the switch will trust the markings from the PC?
07-17-2013 02:34 PM
I was able to do a lab and got confirmation on the DSCP rewrite. As pdriver and Joseph said once qos is enabled and there is no trust on the uplink port then the DSCP value get's rewritten to 0 otherwise it gets passed along, I guess I had to see if for myself since DSCP rewrite is enabled even if qos is not.
I don't necessarily want to just trust DSCP on the access ports, even though the likely hood of a malicious user marking their packets to get higher priority is low. Does that leave me with only one option, which is to mark the traffic on ingress on each switchport?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide