We use AutoQoS to trust the CoS value of incoming frames from IP Phones connected to access layer switches. We are now using VT Advantage and want to ensure that the video traffic generated by the attached PC has its DSCP value honoured (the PC-generated traffic will not have the dot1p bits set).

The preferred way of doing this seems to be using a port-based ACL to identify the VTA traffic and trust the DSCP value. However, applying a service-policy to trust the DSCP of VTA traffic is incompatible with the "mls qos trust cos" applied as part of AutoQoS; when the policy is applied, the port is "not trusted":

interface FastEthernet1/0/9

switchport voice vlan 514

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

end

voicebuild-sw#sh mls qos interface fastEthernet 1/0/9

FastEthernet1/0/9

trust state: trust cos

trust mode: trust cos

trust enabled flag: ena

COS override: dis

default COS: 0

DSCP Mutation Map: Default DSCP Mutation Map

Trust device: cisco-phone

qos mode: port-based

voicebuild-sw#conf t

voicebuild-sw(config)#int fastEthernet 1/0/9

voicebuild-sw(config-if)#service-policy input TESTPOL

voicebuild-sw#sh mls qos interface fastEthernet 1/0/9

FastEthernet1/0/9

Attached policy-map for Ingress: TESTPOL

trust state: not trusted

trust mode: not trusted

trust enabled flag: ena

COS override: dis

default COS: 0

DSCP Mutation Map: Default DSCP Mutation Map

Trust device: cisco-phone

qos mode: port-based

Can AutoQoS trusting CoS and a service-policy conditionally trusting DSCP co-exist on the same port, or is there a better way? Could the CoS be trusted as part of the class-default (for traffic not matched by any other class) within the policy-map?