Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cat6500 QOS Trust cisco phone on Catos

Hi My quetsion is aounr dht trust boundry setup of catos.

When you enable qos globaly it sets all ports to untrust. What I have onsite is cisco ip phones adn notrel handsets. Both will be plugging into the cat switch.

I want a universal config that will untrust everything that enters the port but trusts cisco phones markings and the marks the traffic from the nortel hansets to the same markings. Is this possiblke on the same interface and if so what should the config look like.

Thanks in advance.



Re: Cat6500 QOS Trust cisco phone on Catos

on cisco phone ports configure,

a. the trust state of phones to trust cos (trust cos is not supported on some sup engine/pfc combinations, instead you will have to use a qos acl as shown in the example.).

b. You can also set detection of cisco-phone on those ports.

c. Also set the port trust extension to the PC port to Untrusted.

set qos enable

set port qos 3/1-2 trust-device cisco-ipphone

set port qos 3/1-2 trust-ext untrusted

set qos acl ip TrustCOS trust-cos ip any any

commit qos acl all

set qos acl map TrustCOS 3/1-2

For a nortel phone, you may configure everything else as shown above except the 'trust-device cisco-ipphone' command.

The above configs only trust the marking of the packets from the phone and zero out the marking of the packets from the pc. If you want to remark it to the same setting, you may have to use a qos acl.

set qos acl ip MarkPackets dscp 24 tcp any any eq 2000.

commit qos acl all.

set qos acl map MarkPackets 3/1-2

The above acl marks all skinny packets to dscp 24 on port 3/1-2. You can define similar statements for the nortel phone based on the port they use and apply that to an acl.



PS: please remember to rate posts!

New Member

Re: Cat6500 QOS Trust cisco phone on Catos

If I put that syntax onto evry port and i plug a cisco phone in the port it will work as per your description. If i plug a nortel phone into the same port , what will happen. I am after a universal config so the phone can be plugged in and moved if needed without any changes to the config.

I understand from the config above that any traffic from the cisco phone will be trusted adn any traffic from pc (either plugged directly or via the phone) will be marked as 0 but what happens if I plug a nortel phone into the same port.

Would it be better to set the trust boundry at the port and not trust anything (which is the default once qos is enabled )and then run the policy maps to classify all voice traffic from cisco phones (rtp traffic ports number 16XXX and above) and nortel phones ( rtp traffic port XXXX)with the correct cos and dscp values.

This way i can trust dcsp on all links throughout the network as I know both phone types are covered.



New Member

Re: Cat6500 QOS Trust cisco phone on Catos

What happens if i put this config on all ports and a nortel phone gets plugged in. Will it mark the nortel packet cos to 5 or not.


CreatePlease login to create content