Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cat 6500 IOS - QoS configuration ??

I have read multiple documents on QoS configuration for the Catalyst 6500 and I am still confused on several points.

I understand the internal DSCP value is determined at the ingress be either the trust command or if the port sets cos for all packets.

I don't understand egress markings. At egress, it sounds like DSCP/CoS is set to 0 unless a policy map explicitly sets the DSCP/CoS values. Is this correct??

If I have a packet/frame entering the 6500 with a Cos of 5/DSCP EF, how do I maintain these classifications when the packet exits the switch??

4 REPLIES

Re: Cat 6500 IOS - QoS configuration ??

Hi,

the DSCP/CoS settings are not set to 0 on output, they are treated on input as you described.

The main idea is to create a trusted zone, i.e. once the DSCP/CoS setting is checked on input it should be trusted throughout your switching/routing QoS domain. So set your trunks to trusted and access ports to untrusted unless you are sure the settings are correctly applied by the device connected.

Hope this helps

Martin

New Member

Re: Cat 6500 IOS - QoS configuration ??

Hi,

Have a look at this link:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/qos.htm#wp1328303

Figure 42-3 which give a good flowchart of the "day in the life" of a frame at ingress with regards to QoS.

--

Joe

New Member

Re: Cat 6500 IOS - QoS configuration ??

Thanks. This answered my questions. I found this issue after watching packets with a sniffer. Here is what I found..

CoS is set in 802.1q/ISL packets. When trust cos is applied, the switch cos-to-dscp map establishes the DSCP value used internally in the switch. On egress, the switch uses the internal DSCP value to determine and mark the CoS value. However...Voice servers (CallManager etc.) do not connect to the switches via 802.1q/ISL trunk connections, therefore CoS is not marked. I saw all the packets from CallManager with CoS of 0, and on Egress DSCP of 0. Voice servers (and non-trunked gateways) must have the ports set to trust DSCP.

The only question I have left is, why not just set all ports to trust DSCP??

Re: Cat 6500 IOS - QoS configuration ??

Abuse is the short answer in my opinion.....

Previously Cisco recommended trusting CoS on ports where Cisco IP Phones were connected. This was due to the ability of the IP Phones to re-write the 802.1p field of received frames back to 0 from piggy-backed PC's. If you were simply to trust DSCP and set the Internal DSCP from this it would be easy for an attached PC to generate packets with DSCP EF and effectively hijack the Expedite Queue (if configured) causing havock for real-time applications (predominantly Voice).

If you can whole-heartedly trust your users and thier PC's (Viruses, Worms etc) then by all means trust DSCP but in my opinion this is just open to abuse.

The current way of thinking is to apply inbound policy-maps on access ports to classify and police right at the edge. Then on your uplinks apply the correct queuing and scheduling and trust inbound DSCP.

Take a look at the QoS SRND written by Tim Szigeti on CCO for an insight:

http://www.cisco.com/go/srnd

HTH

Andy

259
Views
0
Helpful
4
Replies
CreatePlease login to create content