I'm trying insure that no PC traffic ever leaves the access layer with anything other than dscp/cos 0, so that some smart WinXP user can't mark his traffic like voice.
The access layer is a 6506 running IOS. I figure all I need to do is set up an ACL for all traffic on our data network space, run that through a policy map to mark the permitted traffic to 0, then apply the policy map to the vlan interface that the access layer PCs are plugged into.
Each port on the 6506 blades will have an Avaya IP phone and a PC plugged into the IP phone. The PC data network is 22.214.171.124 vlan 17 and the voice network is 172.26.0.0. vlan 910.
I have a utility I'm using that I can mark the PC (WinXP) packets to dscp=46 to simulate voice traffic.
Here is the pertinent config, and the problem is after spanning the port the PC is plugged into I still see it's packets marked with dscp=46.
Have I set up the correct way to mark all traffic from 126.96.36.199 to dscp=0, or is there another way to do this?
class-map match-all Mark_PC_traffic_to_0
match access-group 161
set dscp default
GHQ-6509A-AU-W271B#sh run int g1/19
Current configuration : 206 bytes
switchport access vlan 17
switchport mode access
switchport voice vlan 910
no ip address
mls qos trust dscp
ip address 188.8.131.52 255.255.255.128
ip helper-address 184.108.40.206
ip helper-address 220.127.116.11
ip pim sparse-mode
service-policy output Mark_PC_traffic_to_0
access-list 161 remark Mark all 18.104.22.168 PC traffic to DSCP=0
access-list 161 permit ip 22.214.171.124 0.0.255.255 any
GHQ-6509A-AU-W271B#sh policy-map int
Service-policy output: Mark_PC_traffic_to_0
class-map: Mark_PC_traffic_to_0 (match-all)
Match: access-group 161
set dscp 0:
Earl in slot 5 :
30 second offered rate 64 bps
aggregate-forwarded 348865 bytes
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
GHQ-6509A-AU-W271B#sh int status
Port Name Status Vlan Duplex Speed Type
Gi1/1 connected 17 full 100 10/100/1000BaseT
Gi1/16 notconnect 17 full auto 10/100/1000BaseT
Gi1/17 Jim's laptop connected 17 a-full a-1000 10/100/1000BaseT
Gi1/18 notconnect 17 full auto 10/100/1000BaseT
Gi1/19 GHQ003 connected 17 a-full a-1000 10/100/1000BaseT
Gi1/20 notconnect 17 full auto 10/100/1000BaseT