switch QoS configuration...

Unanswered Question
Nov 3rd, 2009

What is a simple config for a switchport to apply QoS. I have a 2960 with a 7960 phone plugged in and a computer plugged into the phone. I'm concerned about not trusting the computer and at the same time trusting the phone. I'm under the impression that 'mls qos trust device cisco-phone' will use CDP to allow the DSCP markings applied by the phone but what about the computer? How do I make sure someone isn't marking their packets manually to gain priority? TIA.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
KonradStepniewski Tue, 11/03/2009 - 12:17

When you use mls qos trust device cisco-phone phone will override cos values to cos 0 from PC, use it with mls qos trust cos/dscp command. There will be default command: switchport priority extend cos 0 which mark all PC traffic to cos 0.

rate if this help

snickered Tue, 11/03/2009 - 14:23

What about DSCP values from the PC? How does 'mls qos trust cos/dscp' work with 'mls qos trust device cisco-phone'?

KonradStepniewski Wed, 11/04/2009 - 01:12

By default all traffic from PC will be marked CoS 0, look my post above. You can change this default behavior if you want.

snickered Wed, 11/04/2009 - 15:55

How will the DSCP field be marked in the IP header? Since the CoS is 0 does that mean the L3 marking will be 0 also?

ragulan_dms Wed, 11/04/2009 - 16:49

yes.

Let say, you are trusting CoS by "mls qos trust CoS" Then switch will trust the CoS value of the incoming frame. Then Switch will use the internal CoS to DSCP mapping table to Mark the DSCP value for that received Packet.

Yes, "mls qos trust device cisco-phone" will only trust the packet come from the IP Phone and mark all other packet comes from the PC to 0.

snickered Sat, 11/07/2009 - 20:03

What you say isn't working properly for me.

conf t

int fa0/1

mls qos trust device cisco-phone

This configuration doesn't allow the phone nor my PC to mark packets.

conf t

int fa0/1

mls qos trust device cisco-phone

mls qos dscp

This configuration allows me to mark packets from the phone AND the PC.

conf t

int fa0/1

mls qos trust device cisco-phone

mls qos cos

This configuration allows me to mark frames from the phone AND the PC. It also uses the internal mapping like you said.

What I want to do is allow the phone to mark packets and at the same time not allow the PC to mark packets. How is this done? TIA.

snickered Sat, 11/07/2009 - 20:21

I also see no difference between these two:

conf t

int fa0/1

mls qos trust dscp

conf t

int fa0/1

mls qos trust device cisco-phone

mls qos trust dscp

Both of the above allow me to mark packets with the phone AND the PC. So, now my question is... what's the purpose of 'mls qos trust device cisco-phone'? You say it only allows packets from the phone to be marked but that isn't the case for me. Bug on my switch?

Actions

This Discussion