I read this passage in a QoS book I am reading and it left me a little confused:
Imagine a router is connected to a L2 switch via an access link, not a trunk, and that packets are being sent by the router to the switch port. What does it mean when it says in the book that "the switch will use the default value for untagged frames"?
If an ethernet frame does not have a dot1q tag (Im assuming this is what is meant by "untagged"), how can the switch mark the CoS setting? The 3 Cos bit positions that are part of the 2 byte VLAN tag are not available.
First, the QoS trust model on Catalyst switches requires that the IP Precedence/DSCP and CoS marking (if present) correspond to each other. That is why you configure the switchport to trust just one of these markings, and the remaining one will be rewritten to the corresponding value using either the cos-dscp (if trusting CoS) or dscp-cos (if trusting DSCP) map. You are completely right that if a frame is forwarded out an access port, it cannot contain the 802.1Q tag with CoS bits. However, the priority can and will be reflected in the DSCP field of the IP packet - either because it was there before and you trust it, or because you trust the CoS on another port through which the frame came in and the DSCP field was then accordingly rewritten.
Second, if an untagged frame arrives at a port and you decide to trust the CoS, obviously you have to take some default value for the CoS field that is not present in the frame. By default, this CoS value is 0 but can be changed on a particular port with the command mls qos cos N where N ranges from 0 to 7. This value will be used as the default CoS for incoming frames that do not contain the 802.1Q tag with CoS bits.
The sentence that the switch will use the default value for untagged frames is probably concerned with classifying frames as they enter the switch, not as they leave it. You are probably reading the excellent QoS Exam Certification Guide by Wendell Odom and Michael Cavanaugh. Well, the sentence you quoted is in the section about Auto QoS on page 553 if we're talking about the same edition of the book. Now, note that the command auto qos voip trust activates the CoS trust on a port. And quite correctly, if the port is an access port or the router is not capable of providing an 802.1Q trunk towards the switch, the frames will not be CoS-marked, in which case, as they enter the switch port, they will have to be assigned the default CoS value as I have discussed earlier. This is probably the meaning of the sentence in the particular context.
Peter has as always provided an excellent detailed response. The only thing i would add to this to perhaps help clarify is this.
All switches use an internal DSCP value as the packet moves through the switch. This internal DSCP value is never written into the packet. This is why you have the CoS-to-DSCP map so you can derive an internal DSCP value and the DSCP-to-CoS map to derive a CoS value to be written into the packet on egress.
You are absolutely correct that without an 802.1q tag there can be no CoS markings. But the switch, if configured for QOS, still needs an internal DSCP value so it has to start with something on ingress. So if there is no CoS marking in the packet a default CoS value is used. This default value is never actually written into the packet, it can't be because there is no place to put it, but simply used to derive the internal DSCP value.
Thank you a lot for updating my response! You've pointed out a fact that I was not properly aware of - upon which value does a switch internally base its QoS handling of a frame. I should work out a study plan to go over books I've been once reading, smear off the the dust and start reading them again
Thank you again - you're a blessing for the entire NetPro forum!
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...