QoS question

Unanswered Question
Mar 9th, 2008

I am configuring QoS on 6500 native IOS. I have layer 3 interface with an Input Service Policy. This service policy is ocnfigured to classify traffic and mark DSCP values.

My question is do I need "mls qos trust dscp" on this interface? What will be the effect of this command?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
lamav Sun, 03/09/2008 - 16:41


The mls qos trust dscp command is used to inform the switch port that the QoS/CoS markings of the incoming packets should be "trusted" and not altered.

Typically, the traffic -- if not automatically tagged by the end equipment, like a Cisco phone automatically tags voice packets with a DSCP of 46 -- will have to be identfied, tagged and prioroitized according to a QoS map/schema, which will be configured and applied to the incoming interface/swtch port. Then the traffic will be sent to the next hop. The interfaces in between the source and destination that the traffic will traverse throughout the network will have to be configured with the mls qos trust dscp command so that it will accept the DSCP markings and allow the traffic to simply pass through.


If so, please rate this post


fawad.alam Sun, 03/09/2008 - 16:47

Hi Victor,

Thanks for your reply. I understand the concept of trusting dscp. My concern here is if I use this command "mls qos trust dscp" along with the service policy input command what would be the effect of it? Since my service policy is already classifying and marking dscp value I do not think it has any effect. I would like an expert opinion on this. Thanks much!!!

lamav Sun, 03/09/2008 - 18:44


You do deserve an expert opinion, but unfortunately, I am no expert in QoS. There are some pretty brilliant and experienced individuals on here, like Jon Marshall, Edison Ortiz, Rick Burts, Joseph Doherty, etc. and a few more....so you definitely would want to wait for their inputs.

I will say, though, that from my understanding of QoS architecture, and from my experience with the few QoS deployments I have been responsible for, the mls qos trust dscp command is used for the very purpose of NOT changing the DSCP markings of the packets received on an interface, whether they were set by an application or by a policy applied by the administrator. It is meant to make the passing of traffic -- from a QoS perspective -- transparent.

So, I do agree with your assessment that the application of the mls qos trust dscp command when used with the service policy input command will not adversely effect your deployment or cause any unexpected results. In fact, I do believe that they are both necessary for a proper implementation. The purpose of one is to apply a QoS policy while the purpose of the other is to recognize it and not change it.



Edison Ortiz Sun, 03/09/2008 - 19:49

You can have both commands on the interface.

If the service-policy input has no match on the ACL, the interface will trust the dscp value coming from the device.

If the service-policy input has a match on the ACL, the dscp values will be imposed on the incoming packet.




lamav Sun, 03/09/2008 - 20:56

Applying both commands to the SAME interface?



I answered your question as though you were going to apply the service policy command on the interface that will apply the QoS policy and the mls qos trust dscp command on the intervening hops between source and destination, which is typically what you do.

Anyway, the concept remains: the "trust" command does just that - trusts. And the dscp markings remain unchanged.



This Discussion