Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Security mechanism for fake applicatons setting CoS/QoS value

Imagine someone develops a bogus application to set outbound packets/IP from a PC to DSCP = EF.

So the BogusApplication would be prioritize as if it was a voice packet.

Which mechanism again can protect against such scenario?

2 REPLIES
Hall of Fame Super Bronze

Re: Security mechanism for fake applicatons setting CoS/QoS valu

Never enable trust on client facing switchports.

I recommend going with conditional trust, here is an example

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoSDesign.html#wp999584

There are more examples on that page

Regards

Edison.

Super Bronze

Re: Security mechanism for fake applicatons setting CoS/QoS valu

"Which mechanism again can protect against such scenario?"

Trust, but verify at the first chance of doing so. If verification fails, either remark or drop.

125
Views
10
Helpful
2
Replies
CreatePlease to create content