Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Conditional Trust Policies


I'm looking to deploy conditional QoS on access switches to enable users to move around without an administrative overhead of changing the port trust dependent up on device. However I want to make sure that any compromised or misconfigured devices dont have the potential to impact other users. Therefore, I've added a service policy to set the dscp values and police the traffic as required. This means that the voice and data vlans can be controlled and marked as required. My question is what happens if the device connected to the port isn't a trusted device, is the same service policy still applied to the interface? What I'm concerned about is if the device is untrusted but has a softphone client then I want to ensure that this traffic has its dscp set corretly. I'm guessing that I'd need to specify the data vlans subnet and UDP VoIP ports in an acl to match the correct traffic as opposed to just the voice vlan subnet and UDP VoIP ports in an acl if an IP Phone was connected and trusted? Any thoughts appreciated.

Thanks in advance



Re: Conditional Trust Policies

With the help of command "mls qos trust device cisco-phone " command which is the simplest method to implement a "conditional-trust" policy. It supported on several other Cisco platforms.

CreatePlease login to create content