I have users with PCs connected to cisco phones and 'auto qos voip cisco-phone' configured on the access ports. In this case the DSCP values will only be trusted once the phone is detected via CDP. Is there anyway to extend the trust to the PC as it will have a video application that is capable of marking traffic? Will I end up having to edit the existing policy map and mark the traffic?
There seems to be quite a few opinions as to what happens if a switch's uplink port is configured to trust DSCP but the switch on the other end is not configured to do so. Will it rewrite the DSCP value or will it leave it be? Can anyone point me to documentation if possible, thanks.
Thanks. I am still a little confused. Since the PC will not be able to do COS and the port has 'mls qos trust cos' configured on it as apart of the auto qos configuration, even if I were to extend the trust to the PC it would not do much good, right? The switch is only trusting COS and the PC is marking with DSCP. Will the DSCP still be trusted by the switch?
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Perhaps the easiest method is to just trust DSCP on the user switch's edge port. If the VoIP phone and PC are marking ToS correctly, then you only need to worry about correct QoS treatment for your marked packets.
With regard to your question about one switch that trusts linked to another switch that doesn't trust, results depend on the platform. Most of the Cisco Catalyst switches, default is QoS is disabled, and when QoS is disabled they pass ToS along as it. However, on those same switches, when you enable QoS, they will rewrite ToS to zero unless you configure them otherwise. (NB: the later 4500 Sup7s, I recall, work like a router, i.e. by default they always pass the ToS unless you configure them otherwise.)
Thanks pdriver and Joseph for the input. On the switches I am working with DSCP rewrite seems to be enabled regardless of if qos is enabled based on the output of 'show mls qos', so if qos is enabled on a switch I would either need to disable rewrite or configure trust on the uplink port? And in the case of a switch that does not have qos enabled I would either need to disable rewrite or enable qos and configure trust on the uplink port?
Since auto qos applies 'mls qos trust cos' to the port are you saying I should just remove this and trust DSCP and it won't affect the phones? Does it also mean I would also need to remove 'mls qos trust device cisco-phone' so that the switch will trust the markings from the PC?
I was able to do a lab and got confirmation on the DSCP rewrite. As pdriver and Joseph said once qos is enabled and there is no trust on the uplink port then the DSCP value get's rewritten to 0 otherwise it gets passed along, I guess I had to see if for myself since DSCP rewrite is enabled even if qos is not.
I don't necessarily want to just trust DSCP on the access ports, even though the likely hood of a malicious user marking their packets to get higher priority is low. Does that leave me with only one option, which is to mark the traffic on ingress on each switchport?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.