Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

DSCP Trusting on Routers..command needed?

I was told that routers automatically trust dscp markings on inbound packets, while switches do not.

Thusly, on catalyst switches you must explicitly enter the trust dscp command on every switch interface where you want to trust dscp(or cos), while on routers, you do not have to do this.

Is this true? My belief is, for security reasons, that you must enter this command on every trusted interface on both Cisco switches AND routers.

1 ACCEPTED SOLUTION

Accepted Solutions
Blue

Re: DSCP Trusting on Routers..command needed?

Jonathan,

A router will not re-write DSCP markings unless configured to do so with a policy map. So in that sense routers trust DSCP, but there is no explicit trust DSCP command like switches use.

What effect the DSCP markings have on router egress traffic will depending upon the queuing method applied to the interfaces. WFQ (fair queue) or CBWFQ (class based weighted fair queue), depending on specific configuration, may use DSCP to determine what happens when congestion occurs.

Please rate helpful posts.

Dave

1 REPLY
Blue

Re: DSCP Trusting on Routers..command needed?

Jonathan,

A router will not re-write DSCP markings unless configured to do so with a policy map. So in that sense routers trust DSCP, but there is no explicit trust DSCP command like switches use.

What effect the DSCP markings have on router egress traffic will depending upon the queuing method applied to the interfaces. WFQ (fair queue) or CBWFQ (class based weighted fair queue), depending on specific configuration, may use DSCP to determine what happens when congestion occurs.

Please rate helpful posts.

Dave

116
Views
8
Helpful
1
Replies
CreatePlease to create content