cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
504
Views
13
Helpful
3
Replies

Cat6500 QOS Trust cisco phone on Catos

paulhardy
Level 1
Level 1

Hi My quetsion is aounr dht trust boundry setup of catos.

When you enable qos globaly it sets all ports to untrust. What I have onsite is cisco ip phones adn notrel handsets. Both will be plugging into the cat switch.

I want a universal config that will untrust everything that enters the port but trusts cisco phones markings and the marks the traffic from the nortel hansets to the same markings. Is this possiblke on the same interface and if so what should the config look like.

Thanks in advance.

Paul

3 Replies 3

thisisshanky
Level 11
Level 11

on cisco phone ports configure,

a. the trust state of phones to trust cos (trust cos is not supported on some sup engine/pfc combinations, instead you will have to use a qos acl as shown in the example.).

b. You can also set detection of cisco-phone on those ports.

c. Also set the port trust extension to the PC port to Untrusted.

set qos enable

set port qos 3/1-2 trust-device cisco-ipphone

set port qos 3/1-2 trust-ext untrusted

set qos acl ip TrustCOS trust-cos ip any any

commit qos acl all

set qos acl map TrustCOS 3/1-2

For a nortel phone, you may configure everything else as shown above except the 'trust-device cisco-ipphone' command.

The above configs only trust the marking of the packets from the phone and zero out the marking of the packets from the pc. If you want to remark it to the same setting, you may have to use a qos acl.

set qos acl ip MarkPackets dscp 24 tcp any any eq 2000.

commit qos acl all.

set qos acl map MarkPackets 3/1-2

The above acl marks all skinny packets to dscp 24 on port 3/1-2. You can define similar statements for the nortel phone based on the port they use and apply that to an acl.

HTH

Sankar.

PS: please remember to rate posts!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

If I put that syntax onto evry port and i plug a cisco phone in the port it will work as per your description. If i plug a nortel phone into the same port , what will happen. I am after a universal config so the phone can be plugged in and moved if needed without any changes to the config.

I understand from the config above that any traffic from the cisco phone will be trusted adn any traffic from pc (either plugged directly or via the phone) will be marked as 0 but what happens if I plug a nortel phone into the same port.

Would it be better to set the trust boundry at the port and not trust anything (which is the default once qos is enabled )and then run the policy maps to classify all voice traffic from cisco phones (rtp traffic ports number 16XXX and above) and nortel phones ( rtp traffic port XXXX)with the correct cos and dscp values.

This way i can trust dcsp on all links throughout the network as I know both phone types are covered.

Cheers

Paul

What happens if i put this config on all ports and a nortel phone gets plugged in. Will it mark the nortel packet cos to 5 or not.

Paul

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: