We use AutoQoS to trust the CoS value of incoming frames from IP Phones connected to access layer switches. We are now using VT Advantage and want to ensure that the video traffic generated by the attached PC has its DSCP value honoured (the PC-generated traffic will not have the dot1p bits set).
The preferred way of doing this seems to be using a port-based ACL to identify the VTA traffic and trust the DSCP value. However, applying a service-policy to trust the DSCP of VTA traffic is incompatible with the "mls qos trust cos" applied as part of AutoQoS; when the policy is applied, the port is "not trusted":
interface FastEthernet1/0/9
switchport voice vlan 514
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
end
voicebuild-sw#sh mls qos interface fastEthernet 1/0/9
FastEthernet1/0/9
trust state: trust cos
trust mode: trust cos
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: cisco-phone
qos mode: port-based
voicebuild-sw#conf t
voicebuild-sw(config)#int fastEthernet 1/0/9
voicebuild-sw(config-if)#service-policy input TESTPOL
voicebuild-sw#sh mls qos interface fastEthernet 1/0/9
FastEthernet1/0/9
Attached policy-map for Ingress: TESTPOL
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: cisco-phone
qos mode: port-based
Can AutoQoS trusting CoS and a service-policy conditionally trusting DSCP co-exist on the same port, or is there a better way? Could the CoS be trusted as part of the class-default (for traffic not matched by any other class) within the policy-map?