"mls qos trust dscp" vs. "mls qos trust cos"

Unanswered Question
Jul 25th, 2009

Are these statements correct ?

1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port

- downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")

2. If using QoS profile with setting "wired qos protocol",

- use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting

- use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic

3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)

4. Always use "mls qos trust dscp" on non-HREAP AP ports

Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs

Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs

5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
tsteele@netdsi.com Thu, 10/22/2009 - 12:33

Roman,

I'm surprised you didn't get any responses on this. I've heard varying stories on this myself and decided to do a quick netpro search to see what others are saying. Since this is an old post, I thought I'd ask if you have found what you consider to be "correct" answers to these questions.

Thanks,

Tim

f.meixner Tue, 12/29/2009 - 05:40

This topic is pretty interesting. Hopefully we get some clarification on QoS on a WLC.

Stephen Rodriguez Tue, 12/29/2009 - 06:47

if you have your map mutations set properly, it should not matter if you use dscp or cos.

if you do not set the wired qos, the packet will generally get marked down to a 0, but the packet coming from the device, will have the marking the device set.  So, if your phone sets dscp of ef, 0x2e hex, the outter header of the LWAPP/CAPWAP packet will be the same from the AP to the WLC.  When this packet leaves the WLC, it's marked to 0, or it should be.

If you do set the wired to 6, then it will leave with a dscp ef marking.

For voice, alway, always, always set the wired 802.1p markings.  and make sure to trust across trunk to the WLC, where ever the AP are connected, and across all uplinks.

rob.simkins Wed, 10/12/2011 - 01:38

Hi Roman. 

Good questions on a fairly complex topic....

Having looked into this recently I think the key element is wether or not you want to define QoS by the SSID or the VLAN.  If you want SSID based QoS you should look at setting the 802.1p marking on the WLAN profile and configuring CoS trust on the WLC to switch uplink.  If you want VLAN based prioritisation go for DSCP trust and don't add the 802.1p marking config on the WLAN profile.

The rest of the QoS marking seems to be WMM/DSCP translation

Hope this helps

Rob.

vitpatel Tue, 12/13/2011 - 19:01

Are these statements correct ?

1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port

  - downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")

Ans: Not sure about always. you can use both 'mls qos trust dscp' and 'mls qos trust cos'. Since it is a trunk port the packets will have a cos value (802.1p tag) and hence you can trust cos. Downstream and upstream traffic both are capped to the WLAN max QoS value. for example if Wlan is set to silver, and if a packet comes in at platinum QoS, the AP will cap it to silver in upstream direction. Same holds true for a cos 5 / dscp 46 packet coming in from the wired side.

2. If using QoS profile with setting "wired qos protocol",

  - use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting

  - use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic

Ans:

3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)

Ans: Traffic in both direction wil always get capped to WLAN max QoS. Untagged (802.1p = 0) traffic will be treated as best effort.

4. Always use "mls qos trust dscp" on non-HREAP AP ports

   Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs

   Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs

Ans:

5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks

Ans: I think on purely layer 2 switches you can trust dscp, but am not 100% sure.

goatnetworking Wed, 04/04/2012 - 08:51

Roman

You should trust what you mark. DSCP values (Layer 3) go over access switch ports, COS markings do not. COS markings can only go over trunk ports.

AP's connect via Access Ports, Trusting COS would not work because there is not a field in the packet for the COS port.

If you trust COS, you have to rely on your switches to have the correct COS to DSCP mappings.

For these reasons, I always mark and trust DSCP

I hope this helps

Scape

I have more QOS topics on my forum that may help you.

http://goatnetworking.com/forum

grabonlee Wed, 04/04/2012 - 09:18

Hi Scapegoat, recall that HREAP AP uses trunks and not access. However, I do trust DSCP on my switches whether access ports or not. You flexibility to trust DSCP only with switches above 2940 and 2950

goatnetworking Wed, 04/04/2012 - 10:24

Osita

You bring up a good point with the AP.

The other thing to keep in mind is that all Cisco switches do not have the same features. In fact I have a line card that is in my 6500 that does not have the ability to trust anything.

Troubleshooting is completely different too. I wrote up the differences that I found between the 3560/4500/6500 so I could keep the troubleshooting commands straight. http://goatnetworking.com/QOS-TSHOOT.php

Scape

Tulgabat Myagmarjav Tue, 09/24/2013 - 02:17

Scape your forum is not working! and what is the finalize one? we just implementing QoS on our WAN links, so we configuring QoS on all area, and i am configuring cisco phone, cisco softphone and wireless user softphone.

mls qos trust dscp and device cisco-phone

on edge-switches end user ports?

and mls qos trust dscp on Trunk port which has connected to WLC and marking WLC 802.1p on Wired QoS with Platinum, for the configure QoS based on SSID?

Manannalage ras... Tue, 09/24/2013 - 13:50

*** mls qos trust dscp ***  on WLC connected switch port would be problematic if you want to impose WLC's QoS classification to user traffic. It is not the Cisco's recommended or best practice configuration for WLC connected switch port.

You should do "mls qos trust cos" for the WLC connected switchport in order to preseve QoS classification done by controller for the wireless traffic.

Please refer some of my notes on wireless QoS

http://mrncciew.com/2012/11/28/understanding-wireless-qos-part-1/

HTH

Rasika

*** Pls rate all useful responses ****

csco11579831 Tue, 10/01/2013 - 02:50

Hi,

If the port is an access port or Layer 3 port, you need to configure the mls qos trust dscp command. You cannot use the mls qos trust cos command because the frame from the access port or Layer 3 port does not contain dot1q or ISL tag. CoS bits are present in the dot1q or ISL frame only.

James

Actions

Login or Register to take actions

This Discussion

Posted July 25, 2009 at 6:13 PM
Stats:
Replies:14 Avg. Rating:5
Views:48606 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard