switch QoS configuration...

Unanswered Question
Nov 3rd, 2009
User Badges:

What is a simple config for a switchport to apply QoS. I have a 2960 with a 7960 phone plugged in and a computer plugged into the phone. I'm concerned about not trusting the computer and at the same time trusting the phone. I'm under the impression that 'mls qos trust device cisco-phone' will use CDP to allow the DSCP markings applied by the phone but what about the computer? How do I make sure someone isn't marking their packets manually to gain priority? TIA.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
KonradStepniewski Tue, 11/03/2009 - 12:17
User Badges:
  • Silver, 250 points or more

When you use mls qos trust device cisco-phone phone will override cos values to cos 0 from PC, use it with mls qos trust cos/dscp command. There will be default command: switchport priority extend cos 0 which mark all PC traffic to cos 0.


rate if this help


snickered Tue, 11/03/2009 - 14:23
User Badges:

What about DSCP values from the PC? How does 'mls qos trust cos/dscp' work with 'mls qos trust device cisco-phone'?

KonradStepniewski Wed, 11/04/2009 - 01:12
User Badges:
  • Silver, 250 points or more

By default all traffic from PC will be marked CoS 0, look my post above. You can change this default behavior if you want.

snickered Wed, 11/04/2009 - 15:55
User Badges:

How will the DSCP field be marked in the IP header? Since the CoS is 0 does that mean the L3 marking will be 0 also?

ragulan_dms Wed, 11/04/2009 - 16:49
User Badges:

yes.

Let say, you are trusting CoS by "mls qos trust CoS" Then switch will trust the CoS value of the incoming frame. Then Switch will use the internal CoS to DSCP mapping table to Mark the DSCP value for that received Packet.


Yes, "mls qos trust device cisco-phone" will only trust the packet come from the IP Phone and mark all other packet comes from the PC to 0.

snickered Sat, 11/07/2009 - 20:03
User Badges:

What you say isn't working properly for me.


conf t

int fa0/1

mls qos trust device cisco-phone


This configuration doesn't allow the phone nor my PC to mark packets.


conf t

int fa0/1

mls qos trust device cisco-phone

mls qos dscp


This configuration allows me to mark packets from the phone AND the PC.


conf t

int fa0/1

mls qos trust device cisco-phone

mls qos cos


This configuration allows me to mark frames from the phone AND the PC. It also uses the internal mapping like you said.


What I want to do is allow the phone to mark packets and at the same time not allow the PC to mark packets. How is this done? TIA.

snickered Sat, 11/07/2009 - 20:21
User Badges:

I also see no difference between these two:


conf t

int fa0/1

mls qos trust dscp


conf t

int fa0/1

mls qos trust device cisco-phone

mls qos trust dscp


Both of the above allow me to mark packets with the phone AND the PC. So, now my question is... what's the purpose of 'mls qos trust device cisco-phone'? You say it only allows packets from the phone to be marked but that isn't the case for me. Bug on my switch?

Actions

This Discussion