RE: 3550 mls qos trust defaultness

From: ccie2be (ccie2be@nyc.rr.com)
Date: Mon Jul 26 2004 - 10:23:39 GMT-3

• Next message: ccie2be: "Fw: Hoot and Holler Configuration in the CD 12.2!!!"
• Previous message: Scott Morris: "RE: Hoot and Holler Configuration in the CD 12.2!!!"
• Maybe in reply to: James: "3550 mls qos trust defaultness"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Repost
----- Original Message -----
From: "ccie2be" <ccie2be@nyc.rr.com>
To: "Sergio Jimenez Arguedas" <sejimenez@its.co.cr>;
<ccielab@groupstudy.com>
Sent: Friday, July 23, 2004 8:49 PM
Subject: Re: 3550 mls qos trust defaultness

> Hi guys,
>
> In the output below,
>
> what does trust state and trust mode refer to?
>
> what's the difference between them?
>
> TIA, tim
> ----- Original Message -----
> From: "Sergio Jimenez Arguedas" <sejimenez@its.co.cr>
> To: <ccielab@groupstudy.com>
> Sent: Friday, July 23, 2004 5:58 PM
> Subject: RV: 3550 mls qos trust defaultness
>
>
> > Hi James,
> > _________________________________________________________
> > It is the output WITH MLS QOS DISABLED:
> >
> > SW1_CCIE#sh mls qos int f0/2
> > FastEthernet0/2
> > QoS is disabled. pass-through mode
> > When QoS is enabled, following settings will be applied
> > trust state: not trusted
> > trust mode: not trusted
> > COS override: dis
> > default COS: 0
> > DSCP Mutation Map: Default DSCP Mutation Map
> > trust device: none
> > __________________________________________________________
> >
> > It is the output WITH MLS QOS ENABLED:
> >
> > SW1_CCIE#sh mls qos int f0/2
> > FastEthernet0/2
> > trust state: not trusted
> > trust mode: not trusted
> > COS override: dis
> > default COS: 0
> > DSCP Mutation Map: Default DSCP Mutation Map
> > trust device: none
> > __________________________________________________________
> >
> > So, You are right!!!
> > __________________________________________________________
> > If you enable trust to DSCP:
> >
> > SW1_CCIE#sh run int f0/2
> > Building configuration...
> >
> > Current configuration : 142 bytes
> > !
> > interface FastEthernet0/2
> > switchport access vlan 2
> > switchport mode access
> > switchport nonegotiate
> > no ip address
> > mls qos trust dscp
> > end
> >
> > SW1_CCIE#sh mls qos int f0/2
> > FastEthernet0/2
> > trust state: trust dscp
> > trust mode: trust dscp
> > COS override: dis
> > default COS: 0
> > DSCP Mutation Map: Default DSCP Mutation Map
> > trust device: none
> > _______________________________________________
> >
> > James, What is the specific task you are doing?
> >
> >
> > Rgds,
> >
> >
> > SJA
> >
> >
> >
> > -----Mensaje original-----
> > De: nobody@groupstudy.com [mailto:nobody@groupstudy.com]En nombre de
> > James
> > Enviado el: viernes, 23 de julio de 2004 15:34
> > Para: ccielab@groupstudy.com
> > Asunto: 3550 mls qos trust defaultness
> >
> >
> > Hi group,
> >
> > Am I right to understand that:
> >
> > o 3550 by default with 'mls qos' turned off will not trust any DSCP/COS
> > values
> > o After turning on 'mls qos' global command, unless explitcly
configured
> to
> > trust dscp/cos values per interface, it still won't trust.
> >
> > Is this correct or am I way off?
> >
> > I'm trying to police a port on a 3550 in both in/out direction. Since IP
> ACL
> > only does ingress, and DSCP does both, I'll use DSCP code 0 to match
> in/out.
> > But so much for DSCP if the user on the policed port changes DSCP values
> and
> > switch trusts them :)
> >
> > Thanks for the tip!
> > -J
> >
> > --
> > James Jun TowardEX
> Technologies,
> > Inc.
> > Technical Lead Network Design, Consulting, IT
> > Outsourcing
> > james@towardex.com Boston-based Colocation & Bandwidth
> > Services
> > cell: 1(978)-394-2867 web: http://www.towardex.com , noc:
> > www.twdx.net
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2be: "Fw: Hoot and Holler Configuration in the CD 12.2!!!"
• Previous message: Scott Morris: "RE: Hoot and Holler Configuration in the CD 12.2!!!"
• Maybe in reply to: James: "3550 mls qos trust defaultness"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:03 GMT-3