QoS on 3560

Unanswered Question
Feb 24th, 2009


I am being told that you can either trust everything or nothing. Is this correct?

So, If you have the mls qos trust dcsp command, can you also re-mark other packets that are coming into the switch that are no marked?

For instance, we want to trust the ef46 packets come in and let them carry on there way with using the 'trust' command. And then set-up some mqc for other packets based on access lists.

I am being told by a ccie that you can only do one or the other, I think it strange and would like to get a second opinion....


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Mon, 03/02/2009 - 09:01

configuring the "mls qos trust dcsp" is the first step of configuring an uplink port. After you configure the access port queuing, you must also configure the uplink interfaces to the distribution, or core, switch. This involves enabling trust for Ethernet frames coming into the trunk port, enabling output scheduling, and manipulating the CoS-to-queue mapping entrance criteria, mapping the CoS values to the appropriate DSCP value. This section includes information for two of the six types of queue structures: 1P2Q2T and 2Q2T.

Configuring an Uplink Port

Step 1. Accept incoming DSCP markings if incoming traffic is known to be properly marked at Layer 3. This is the preferred method.

6509-Access(config-if)#mls qos trust dscp

Alternate Step 1. Accept incoming CoS markings if incoming traffic is known to be properly marked at Layer 2 only.

6509-Access(config-if)#mls qos trust cos

Optional Step 2 (required when trusting CoS) Verify CoS-to-DSCP mapping. This should have been set in Step 10 in the interface configuration. Map CoS = 5 to DSCP = EF (46) and CoS = 3 to DSCP = CS3 (24).

6509-Access(config)#mls qos map cos-dscp 0 8 16 24 32 46 48 54

Nicholas Matthews Mon, 03/02/2009 - 12:36

This isn't quite true.

If you have 'mls qos' turn on, but do not trust the port, everything will be 0.

If you only enable 'mls qos trust dscp' everything will be trusted.

But you could do a DSCP mutation mask. Something such as:

mls qos map dscp-mutation MAP 0 1 2 3 4 5 6 7 to 0


mls qos map dscp-mutation MAP 57 58 59 60 61 62 63 to 0

And in this case you would just leave DSCP 46 to 46, and exempt it from the mutation map.

int fa0/1

mls qos dscp-mutation MAP




This Discussion