11-03-2009 10:00 AM - edited 03-18-2019 10:46 AM
What is a simple config for a switchport to apply QoS. I have a 2960 with a 7960 phone plugged in and a computer plugged into the phone. I'm concerned about not trusting the computer and at the same time trusting the phone. I'm under the impression that 'mls qos trust device cisco-phone' will use CDP to allow the DSCP markings applied by the phone but what about the computer? How do I make sure someone isn't marking their packets manually to gain priority? TIA.
11-03-2009 12:17 PM
When you use mls qos trust device cisco-phone phone will override cos values to cos 0 from PC, use it with mls qos trust cos/dscp command. There will be default command: switchport priority extend cos 0 which mark all PC traffic to cos 0.
rate if this help
11-03-2009 02:23 PM
What about DSCP values from the PC? How does 'mls qos trust cos/dscp' work with 'mls qos trust device cisco-phone'?
11-04-2009 01:12 AM
By default all traffic from PC will be marked CoS 0, look my post above. You can change this default behavior if you want.
11-04-2009 03:55 PM
How will the DSCP field be marked in the IP header? Since the CoS is 0 does that mean the L3 marking will be 0 also?
11-04-2009 04:49 PM
yes.
Let say, you are trusting CoS by "mls qos trust CoS" Then switch will trust the CoS value of the incoming frame. Then Switch will use the internal CoS to DSCP mapping table to Mark the DSCP value for that received Packet.
Yes, "mls qos trust device cisco-phone" will only trust the packet come from the IP Phone and mark all other packet comes from the PC to 0.
11-07-2009 08:03 PM
What you say isn't working properly for me.
conf t
int fa0/1
mls qos trust device cisco-phone
This configuration doesn't allow the phone nor my PC to mark packets.
conf t
int fa0/1
mls qos trust device cisco-phone
mls qos dscp
This configuration allows me to mark packets from the phone AND the PC.
conf t
int fa0/1
mls qos trust device cisco-phone
mls qos cos
This configuration allows me to mark frames from the phone AND the PC. It also uses the internal mapping like you said.
What I want to do is allow the phone to mark packets and at the same time not allow the PC to mark packets. How is this done? TIA.
11-07-2009 08:21 PM
I also see no difference between these two:
conf t
int fa0/1
mls qos trust dscp
conf t
int fa0/1
mls qos trust device cisco-phone
mls qos trust dscp
Both of the above allow me to mark packets with the phone AND the PC. So, now my question is... what's the purpose of 'mls qos trust device cisco-phone'? You say it only allows packets from the phone to be marked but that isn't the case for me. Bug on my switch?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: