Re: Cisco Phone not Trusted

djohnson · ‎07-19-2007

I have been investigating issues where certain phones traffic is not passing QoS parameters across the LAN. I started walking back through the network and got all the way to the access switch where I did a "show mls qos inter fa XX" and found the following.

FastEthernet3/0/22

trust state: not trusted

trust mode: trust cos

trust enabled flag: dis

COS override: dis

default COS: 0

DSCP Mutation Map: Default DSCP Mutation Map

Trust device: cisco-phone

qos mode: port-based

This port appears in "show cdp nei"

SEP0019E7290456 Fas 3/0/22 46 H P IP Phone 7Port 1

Here is the configuration on the port:

interface FastEthernet3/0/22

switchport access vlan 2

switchport mode access

switchport voice vlan 12

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

no mdix auto

spanning-tree portfast

end

I have been going through the switch line by line and I have not found anything that would indicate why 90% of the ports on the switch are in a not trusted state, but 10% are.

Here is the output of the "show mls qos" command

QoS is enabled

QoS ip packet dscp rewrite is enabled

Can anyone offer any assistance before I open a TAC case?

Edison Ortiz · ‎07-19-2007

It could be an issue with the 'auto qos' macro.

Can you remove all commands, actually you can do a 'default interface f3/0/22' command and then insert all commands except the 'auto qos voip cisco-phone' command.

Can you check if the port is on trust mode now ?

What kind of switch and version are you using ?

johnnylingo · ‎07-24-2007

Try unplugging the phone and plugging it back in. You should see the following line in your switch log:

%SWITCH_QOS_TB-5-TRUST_DEVICE_DETECTED: cisco-phone detected on port Fa3/0/22, port trust enabled

Your configuration is the same as mine, except for "no mdix auto". Perhaps this is causing some problem with the CDP negotiation?