650x trust boundary implementation

Unanswered Question
Sep 12th, 2010

As far as I know and could find in cisco.com

line cards in 650x platform have

different trust boundary implementations.

For example, if all input traffic should be trusted

on some line cards you have to apply

a policy-map to the interface

policy-map TRUST

  class TRUST

      trust dscp

on some others you configure in interface-mode

mls qos trust dscp

Consequently, a port trust state is shown differently.

In the first case you’d use

show queueing interface

in the second example,

show mls qos ip

probably because of the underlying hardware

performing the QoS operation (PFC/ASIC).

Can anyone point me to more specific documentation?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
useridcisco Sun, 10/03/2010 - 06:21

Limitations of the WS-X6248-xx, WS-X6224-xx, and WS-X6348-xx Line Cards

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008014f8a8.shtml#topic5-3

Understanding Quality of Service on the Catalyst 6500 Switch (CCO required)

http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps708/white_paper_c11_538840.html

Extract from CLT (CCO required)

'You can enter the mls qos trust command to set the trusted state of an interface. For example, you can set whether the packets arriving at an interface are trusted to carry the correct CoS, ToS, and DSCP classifications.

The cos keyword is not supported for pos or atm interface types.

You cannot configure the trust state on FlexWAN modules.

You cannot configure the trust state on 1q4t LAN ports except for Gigabit Ethernet ports.

Ingress-queue drop thresholds are not implemented when you enter the mls qos trust cos command on 4-port Gigabit Ethernet WAN modules.

Use the set qos-group command to set the trust state on Layer 2 WAN interfaces.'

The above provides some insight, still it lacks of specific correlation.

useridcisco Sun, 10/03/2010 - 10:48

Errata. In the first post the commands reference is inverted. It should be

policy-map TRUST - show mls qos ip

mls qos trust dscp - show queueing interface

Actions

This Discussion

Related Content