If a l2 switch is marking traffic on an ingress port, does that marking carry over the trunks until it hits a l3 switch or router that then makes a determination on what to do with the packet?
For instance, if I have a 2950 and I have "mls qos cos 5" in port fa0/2, will that marking be carried until matched by a L3 device that has a class map matching that marking and then a policy map to tell it what to do with it?
If that's the case, is there anything special that needs to be enabled on the trunks on the L2 and L3 devices to ensure that the marking does get carried over the trunks?
if "mls qos" is not enabled globally on the Catalyst switch, all markings are left alone untouched by the ingress port on the switch. If you have "mls qos" enabled, then by default Catalyst ingress port will rewrite COS (802.1p) and DSCP (IP) fields to 0. You need to configure mls qos trust command on the ingress port if you want COS/DSCP markings to remain untouched. There are also several other options you can use. I would recommend reviewing the following document which explains this behavior in great detail:
Let me know if you have any other questions.
I agree with what Roman says but in your specific case you are talking about actually marking a packet with a CoS value on ingress rather than simply trusting it or not.
So if you mark incoming packet to CoS value 5 then switch then looks up in the CoS-to-DSCP map to get a DSCP value because all switches use an internal DSCP value while the packet traverses the switch. This internal DSCP value is not actually written into the packet.
When the packet reaches the egress port the DSCP-to-CoS map is used and the internal DSCP value is mapped to a CoS value which is then written into the packet and transmitted.
If the next device that receives the packet is another switch then it all depends as Roman said on the setting on the ingress port.
"Jon, as far as I know, DSCP value is rewritten in the IP packet as well, unless you configure:"
Don't disagree. The internal DSCP value i was talking about is never written into the packet. However the DSCP value in the packet is rewritten. But John was talking about CoS values and not DSCP values.
So i'm not sure what it was i said that led to the confusion ?
We are talking about the same thing. I was just clarifying because from your post one could think that the packet's DSCP value is not altered (you didn't explicitly mention it). That's all, Jon, thank you!
We were are doing a similar style of marking. We had to enter the command "mls qos cos 5" and "mls qos override". Then on the router port we had to set "mls qos trust cos". Hope this helps.
It's been a rough day and I haven't been able to get back on to follow up with this.
On a 2950 that I have, I don't have the option to enable qos globally on the switch. I assume this is a L3 switch function that isn't supported on the 2950s? Anyway, I can mark on the ingress port using mls qos cos 5, so I believe it's still taking effect. (I won't know until I get home and test it.)
What do you mean by "internal DSCP" value? What is the value of an internal DSCP vs. what the switch will map from the dscp-to-cos map that's internal to the switch? (I don't even know if I'm asking that right.)
Catalyst switches use an internal DSCP value for all QOS decisions as the packet traverses the switch.
This value is not written into the packet, it is simply derived from the value in the incoming packet.
If you use "mls qos trust dscp" then the internal DSCP value will be the same as the received value.
If you use "mls qos trust cos" then the internal DSCP value will be obtained by consulting the Cos-to-DSCP map.
Not sure i've answered your question ?
"On a 2950 that I have, I don't have the option to enable qos globally on the switch. I assume this is a L3 switch function that isn't supported on the 2950s?"
Correct, you don't have to enable QOS on the 2950 ie. there is no "mls qos" command.
However it's switch specific rather than a L2 or a L3 function ie. on the 2960 switch which is a L2 switch you do need to enable QOS globally on the switch before you can use QOS.
I'm assuming that enabling per port on the 2950 has the same functionality as the 2960 globally? Or does the 2960 have the option of not functioning even if mls qos is enabled on per port UNLESS the mls qos is enabled globally?
Also, does CoS only exist between trunks? I'm reading that it's in the 802.1q header.
On switches where you have to enable QOS globally until you do this no other QOS settings have any effect on the switch.
CoS values are carried within the 802.1q tag that is added when the packet is sent across a trunk. If there is no 802.1q tag then there is nowhere to store the CoS value.
Just a quick follow up on previous answer.
CoS values can only be transmitted between switches by writing the value into the 802.1q tag so yes the connection between switches needs to be a trunk.
However using "mls qos cos 5" on a port doesn't mean the packet received on that port has to be a tagged packet. The value can be applied to untagged packets because the switch simply uses the CoS value to derive the internal DSCP value using the CoS-to-DSCP map.