mls qos trust and service-policy QoS on Cat3750

mmelbourne · ‎06-24-2006

We use AutoQoS to trust the CoS value of incoming frames from IP Phones connected to access layer switches. We are now using VT Advantage and want to ensure that the video traffic generated by the attached PC has its DSCP value honoured (the PC-generated traffic will not have the dot1p bits set).

The preferred way of doing this seems to be using a port-based ACL to identify the VTA traffic and trust the DSCP value. However, applying a service-policy to trust the DSCP of VTA traffic is incompatible with the "mls qos trust cos" applied as part of AutoQoS; when the policy is applied, the port is "not trusted":

interface FastEthernet1/0/9

switchport voice vlan 514

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

end

voicebuild-sw#sh mls qos interface fastEthernet 1/0/9

FastEthernet1/0/9

trust state: trust cos

trust mode: trust cos

trust enabled flag: ena

COS override: dis

default COS: 0

DSCP Mutation Map: Default DSCP Mutation Map

Trust device: cisco-phone

qos mode: port-based

voicebuild-sw#conf t

voicebuild-sw(config)#int fastEthernet 1/0/9

voicebuild-sw(config-if)#service-policy input TESTPOL

voicebuild-sw#sh mls qos interface fastEthernet 1/0/9

FastEthernet1/0/9

Attached policy-map for Ingress: TESTPOL

trust state: not trusted

trust mode: not trusted

trust enabled flag: ena

COS override: dis

default COS: 0

DSCP Mutation Map: Default DSCP Mutation Map

Trust device: cisco-phone

qos mode: port-based

Looking at the Enterprise QoS SRND, it makes reference to a limitation which prevents a "mls qos trust" command co-existing with a service-policy.

Can AutoQoS trusting CoS and a service-policy conditionally trusting DSCP co-exist on the same port, or is there a better way? Could the CoS be trusted as part of the class-default (for traffic not matched by any other class) within the policy-map?

Roberto Salazar · ‎06-24-2006

I think this feature might be what your looking for:

Enabling DSCP Transparency Mode

In software releases earlier than Cisco IOS Release 12.2(25)SE, if QoS is disabled, the DSCP value of the incoming IP packet is not modified. If QoS is enabled and you configure the interface to trust DSCP, the switch does not modify the DSCP value. If you configure the interface to trust CoS, the switch modifies the DSCP value according to the CoS-to-DSCP map.

In Cisco IOS Release 12.2(25)SE or later, the switch supports the DSCP transparency feature. It affects only the DSCP field of a packet at egress. By default, DSCP transparency is disabled. The switch modifies the DSCP field in an incoming packet, and the DSCP field in the outgoing packet is based on the quality of service (QoS) configuration, including the port trust setting, policing and marking, and the DSCP-to-DSCP mutation map.

If DSCP transparency is enabled by using the no mls qos rewrite ip dscp command, the switch does not modify the DSCP field in the incoming packet, and the DSCP field in the outgoing packet is the same as that in the incoming packet.

It's a global command.

Please rate all posts.

mifitzgerald · ‎06-26-2006

Could you be looking for:

switchport priority extend trust

This is supposed to tell the IP Phone to leave the QoS bits coming in on the 10/100PC port on the back of the phone as they are. Normally, the phone repaints the QoS to 0. With this command if the PC paints a QoS value onto the traffic it sends, the phone sends it through unaltered. At least that's how it was explained to me recently by someone at TAC.

Mike