From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Jul 23 2004 - 21:49:58 GMT-3
Hi guys,
In the output below,
what does trust state and trust mode refer to?
what's the difference between them?
TIA, tim
----- Original Message -----
From: "Sergio Jimenez Arguedas" <sejimenez@its.co.cr>
To: <ccielab@groupstudy.com>
Sent: Friday, July 23, 2004 5:58 PM
Subject: RV: 3550 mls qos trust defaultness
> Hi James,
> _________________________________________________________
> It is the output WITH MLS QOS DISABLED:
>
> SW1_CCIE#sh mls qos int f0/2
> FastEthernet0/2
> QoS is disabled. pass-through mode
> When QoS is enabled, following settings will be applied
> trust state: not trusted
> trust mode: not trusted
> COS override: dis
> default COS: 0
> DSCP Mutation Map: Default DSCP Mutation Map
> trust device: none
> __________________________________________________________
>
> It is the output WITH MLS QOS ENABLED:
>
> SW1_CCIE#sh mls qos int f0/2
> FastEthernet0/2
> trust state: not trusted
> trust mode: not trusted
> COS override: dis
> default COS: 0
> DSCP Mutation Map: Default DSCP Mutation Map
> trust device: none
> __________________________________________________________
>
> So, You are right!!!
> __________________________________________________________
> If you enable trust to DSCP:
>
> SW1_CCIE#sh run int f0/2
> Building configuration...
>
> Current configuration : 142 bytes
> !
> interface FastEthernet0/2
> switchport access vlan 2
> switchport mode access
> switchport nonegotiate
> no ip address
> mls qos trust dscp
> end
>
> SW1_CCIE#sh mls qos int f0/2
> FastEthernet0/2
> trust state: trust dscp
> trust mode: trust dscp
> COS override: dis
> default COS: 0
> DSCP Mutation Map: Default DSCP Mutation Map
> trust device: none
> _______________________________________________
>
> James, What is the specific task you are doing?
>
>
> Rgds,
>
>
> SJA
>
>
>
> -----Mensaje original-----
> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com]En nombre de
> James
> Enviado el: viernes, 23 de julio de 2004 15:34
> Para: ccielab@groupstudy.com
> Asunto: 3550 mls qos trust defaultness
>
>
> Hi group,
>
> Am I right to understand that:
>
> o 3550 by default with 'mls qos' turned off will not trust any DSCP/COS
> values
> o After turning on 'mls qos' global command, unless explitcly configured
to
> trust dscp/cos values per interface, it still won't trust.
>
> Is this correct or am I way off?
>
> I'm trying to police a port on a 3550 in both in/out direction. Since IP
ACL
> only does ingress, and DSCP does both, I'll use DSCP code 0 to match
in/out.
> But so much for DSCP if the user on the policed port changes DSCP values
and
> switch trusts them :)
>
> Thanks for the tip!
> -J
>
> --
> James Jun TowardEX
Technologies,
> Inc.
> Technical Lead Network Design, Consulting, IT
> Outsourcing
> james@towardex.com Boston-based Colocation & Bandwidth
> Services
> cell: 1(978)-394-2867 web: http://www.towardex.com , noc:
> www.twdx.net
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:01 GMT-3