cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Conditional Trust Policies

malcolmsalmons
Beginner
Beginner

Hi

I'm looking to deploy conditional QoS on access switches to enable users to move around without an administrative overhead of changing the port trust dependent up on device. However I want to make sure that any compromised or misconfigured devices dont have the potential to impact other users. Therefore, I've added a service policy to set the dscp values and police the traffic as required. This means that the voice and data vlans can be controlled and marked as required. My question is what happens if the device connected to the port isn't a trusted device, is the same service policy still applied to the interface? What I'm concerned about is if the device is untrusted but has a softphone client then I want to ensure that this traffic has its dscp set corretly. I'm guessing that I'd need to specify the data vlans subnet and UDP VoIP ports in an acl to match the correct traffic as opposed to just the voice vlan subnet and UDP VoIP ports in an acl if an IP Phone was connected and trusted? Any thoughts appreciated.

Thanks in advance

Malcolm

1 REPLY 1

mchin345
Frequent Contributor
Frequent Contributor

With the help of command "mls qos trust device cisco-phone " command which is the simplest method to implement a "conditional-trust" policy. It supported on several other Cisco platforms.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: