Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Marking on CatOS 6500

Hi all.

i am wondering if i want to use an ACL to mark trafic if i need to configure on the port the trust state, untrust state or nothing...For exemple:

set qos acl ip MARK dscp 26 tcp any any range 2000 2002

set qos acl ip MARK trust-cos any any

set qos acl map MARK 3/2

set port qos 3/2 trust trust-cos

OR:

set qos acl ip MARK dscp 26 tcp any any range 2000 2002

set qos acl ip MARK trust-cos any any

set qos acl map MARK 3/2

set port qos 3/2 trust untrust

OR just:

set qos acl ip MARK dscp 26 tcp any any range 2000 2002

set qos acl ip MARK trust-cos any any

set qos acl map MARK 3/2

I admit it a little bit confused because when i read the catos QOS document it sais that the ACL can just mark if the port is in untrust state but in all the exemple i find there is never the untrust command.

can you clarify this point or provide me a configuration exemple?

thanks

Eric

3 REPLIES

Re: Marking on CatOS 6500

It is a little tricky to understand. These switches are highly configurable, especially wrt qos. Maybe I can help a little.

The

set qos acl ip MARK dscp 26 tcp any any range 2000 2002

line marks any traffic with a destination port between 2000 and 2002, like IP phone SCCP traffic headed for CCM or CME.

Any subsequent trust statements tell the switch (PFC, I believe) to either trust (not change) cos/dscp/ip-prec it receives from the device and map it to the set qos cos-dscp-map or ipprec-dscp-map dscp value. For example, by default it will map cos 3 to dscp 24.

If you do not trust cos, the switch will mark cos to 0, and the acl you have will mark sccp with dscp of 26. On egress from the switch, since cos is not marked, the frame will not receive any priority from the switch port, and the non SCCP traffic DSCP will be mapped to 0 per the cos-dscp-map.

The same is true for an untrusted port. When you enable qos, no ports are trusted unless explicitly told to.

So, unless you trust something, you will end up with some traffic, sccp bound for ccm in this case, marked with dscp and the rest marked 0 for cos and 0 for dscp.

HTH

New Member

Re: Marking on CatOS 6500

yes it helps.

if i well understand, the trust state on the port is for scheduling in ingress and the ACL is for marking on egress. am i right?

So if i do not trust the port and mark with the ACL the egress values will be the one set by the ACL for DSCP and COS will be written according to the dscp-cos-map?

Re: Marking on CatOS 6500

I was doing some double-checking on the egress portion. Seems that cos is also used for egress priority as well.

And if you don't trust a port, cos is set to the port's cos setting (configurable, but defaults to 0) then the cos-dscp-map kicks in.

Here's a great link that'll do a better job than I of explaining.

http://www.cisco.com/en/US/customer/tech/tk543/tk762/technologies_white_paper09186a00800b0828.shtml

130
Views
5
Helpful
3
Replies