vlan based against port based QOS on CatOS 6500

Unanswered Question
Jul 15th, 2009


Configuration on a C6509 running CatOS: (prioritizing voice packets)

set port qos 1/1 vlan-based (part of vlan2)

set port qos 1/2 trust trust-cos (part of vlan3)


set qos enable

set qos cos-dscp-map 0 8 16 26 34 46 48 56

clear qos acl all

set qos acl ip VOICE dscp 46 ip any any

commit qos acl all

set qos acl map VOICE 2


In my opinion it is convenient that you can do both port based and vlan based QOS.

When a packet is part of a Vlan and a policy exists for that vlan, it will be applied.

When a packet arrives that's part of a vlan but no policy can be found for that vlan, the

policy of the port will be used.

So in this example when a packet comes in tagged as part of vlan 2, the ACL "VOICE" will

set the DSCP to 46. When a packet arrives on vlan 3 and no policy exists for this vlan,

the port policy will be used. The DSCP will be set mapped from the CoS value it had

because the CoS is trusted.

But from tests in my lab, it does not work like that. When set port qos trust trust-cos

is used, it will be the prefered way of handling IP packets all the time. The vlan based

policy will not be used. So you have to use vlans and apply policies for all vlans (if

not dscp = 0) or you specify the policies on all ports. But documentation states vlan

based supersedes port based config.

Is this correct or is my train of thought not in line with Cisco documentation?

The same configuration, but both part of the same vlan:

set port qos 1/1 vlan-based

set port qos 1/1 trust trust-cos

Can those commands exist together? Which policy will be used? vlan based or port based?

Best Regards,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ivillegas Tue, 07/21/2009 - 08:03

Each QoS ACL can be applied either to a port or to a VLAN, but there is an additional configuration parameter to take into account; the ACL port type. A port can be configured to be VLAN-based or port-based. The following is a description of the two types of configurations:

A port configured to be VLAN-based will only look to ACL applied to the VLAN to which the port belongs. If there is an ACL attached to the port, the ACL will be ignored for the packet coming in on that port.

If a port belonging to a VLAN is configured as port-based, even if there is an ACL attached to that VLAN, it will not be taken into consideration for the traffic coming in from that port

By default, each port is port-based for the ACL, so if you want to attach an ACL to a VLAN, you need to configure the ports of this VLAN as vlan-based. This can be done by issuing the following command:

set port qos module/port vlan-based

It can also be reverted back to port-based mode by issuing the following command:

set port qos module/port port-based


This Discussion