06-24-2006 02:16 PM - edited 03-03-2019 03:48 AM
We use AutoQoS to trust the CoS value of incoming frames from IP Phones connected to access layer switches. We are now using VT Advantage and want to ensure that the video traffic generated by the attached PC has its DSCP value honoured (the PC-generated traffic will not have the dot1p bits set).
The preferred way of doing this seems to be using a port-based ACL to identify the VTA traffic and trust the DSCP value. However, applying a service-policy to trust the DSCP of VTA traffic is incompatible with the "mls qos trust cos" applied as part of AutoQoS; when the policy is applied, the port is "not trusted":
interface FastEthernet1/0/9
switchport voice vlan 514
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
end
voicebuild-sw#sh mls qos interface fastEthernet 1/0/9
FastEthernet1/0/9
trust state: trust cos
trust mode: trust cos
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: cisco-phone
qos mode: port-based
voicebuild-sw#conf t
voicebuild-sw(config)#int fastEthernet 1/0/9
voicebuild-sw(config-if)#service-policy input TESTPOL
voicebuild-sw#sh mls qos interface fastEthernet 1/0/9
FastEthernet1/0/9
Attached policy-map for Ingress: TESTPOL
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: cisco-phone
qos mode: port-based
Looking at the Enterprise QoS SRND, it makes reference to a limitation which prevents a "mls qos trust" command co-existing with a service-policy.
Can AutoQoS trusting CoS and a service-policy conditionally trusting DSCP co-exist on the same port, or is there a better way? Could the CoS be trusted as part of the class-default (for traffic not matched by any other class) within the policy-map?
06-24-2006 04:18 PM
I think this feature might be what your looking for:
Enabling DSCP Transparency Mode
In software releases earlier than Cisco IOS Release 12.2(25)SE, if QoS is disabled, the DSCP value of the incoming IP packet is not modified. If QoS is enabled and you configure the interface to trust DSCP, the switch does not modify the DSCP value. If you configure the interface to trust CoS, the switch modifies the DSCP value according to the CoS-to-DSCP map.
In Cisco IOS Release 12.2(25)SE or later, the switch supports the DSCP transparency feature. It affects only the DSCP field of a packet at egress. By default, DSCP transparency is disabled. The switch modifies the DSCP field in an incoming packet, and the DSCP field in the outgoing packet is based on the quality of service (QoS) configuration, including the port trust setting, policing and marking, and the DSCP-to-DSCP mutation map.
If DSCP transparency is enabled by using the no mls qos rewrite ip dscp command, the switch does not modify the DSCP field in the incoming packet, and the DSCP field in the outgoing packet is the same as that in the incoming packet.
It's a global command.
Please rate all posts.
06-26-2006 09:16 AM
Could you be looking for:
switchport priority extend trust
This is supposed to tell the IP Phone to leave the QoS bits coming in on the 10/100PC port on the back of the phone as they are. Normally, the phone repaints the QoS to 0. With this command if the PC paints a QoS value onto the traffic it sends, the phone sends it through unaltered. At least that's how it was explained to me recently by someone at TAC.
Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: