From: brett spunt (bspunt_2000@yahoo.com)
Date: Sun Aug 24 2008 - 18:22:23 ART
Hobbs,
There is a difference. Trust cos does just that...trust's cos of incoming packets to that port.
"mls qos trust device cisco-phone" enables a "trusted boundary feature", similiar to the command "switchport priority extend cos #", except it only trusts the cos values if the first connected device is an IP Phone. (if trust cos is enabled ALSO)
You need both to accomplish both (trusted boundary and trust cos values) but you only need mls qos trust cos to trust the cos value of the phone. that would accomplish the criteria...
see this link
plus I pasted info directly into this email from this link...
Configuring a Trusted Boundary to Ensure Port Security :
"mls qos trust device cisco-phone"
In a typical network, you connect a Cisco IP Phone to a switch port, as shown in Figure 32-12, and cascade devices that generate data packets from the back of the telephone. The Cisco IP Phone guarantees the voice quality through a shared data link by marking the CoS level of the voice packets as high priority (CoS = 5) and by marking the data packets as low priority (CoS = 0). Traffic sent from the telephone to the switch is typically marked with a tag that uses the 802.1Q header. The header contains the VLAN information and the class of service (CoS) 3-bit field, which is the priority of the packet.
For most Cisco IP Phone configurations, the traffic sent from the telephone to the switch should be trusted to ensure that voice traffic is properly prioritized over other types of traffic in the network. By using the mls qos trust cos interface configuration command, you configure the switch port to which the telephone is connected to trust the CoS labels of all traffic received on that port. Use the mls qos trust dscp interface configuration command to configure a routed port to which the telephone is connected to trust the DSCP labels of all traffic received on that port.
With the trusted setting, you also can use the trusted boundary feature to prevent misuse of a high-priority queue if a user bypasses the telephone and connects the PC directly to the switch. Without trusted boundary, the CoS labels generated by the PC are trusted by the switch (because of the trusted CoS setting). By contrast, trusted boundary uses CDP to detect the presence of a Cisco IP Phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue. Note that the trusted boundary feature is not effective if the PC and Cisco IP Phone are connected to a hub that is connected to the switch.
In some situations, you can prevent a PC connected to the Cisco IP Phone from taking advantage of a high-priority data queue. You can use the switchport priority extend cos interface configuration command to configure the telephone through the switch CLI to override the priority of the traffic received from the PC.
Beginning in privileged EXEC mode, follow these steps to enable trusted boundary on a port:
___________________________________
Brett Michael Spunt, CCIE No. 12745
Senior Consultant
Convergence Practice, AT&T Consulting
http://www.att.com/consulting
Bs3757@att.com
Your world. Delivered.
--- On Sun, 8/24/08, Hobbs <deadheadblues@gmail.com> wrote:
> From: Hobbs <deadheadblues@gmail.com>
> Subject: mls qos trust device cisco-phone -vs- mls qos trust cos
> To: "GS CCIE-Lab" <ccielab@groupstudy.com>
> Date: Sunday, August 24, 2008, 1:00 PM
> Hello,
>
> I had a task that states the there are 7960 ip phones
> connected to a
> switchport and the phone's cos value (cos 5) must be
> trusted. I used the
> command:
>
> int f0/7
> mls qos trust device cisco-phone
>
> but the answer had:
>
> int f0.7
> mls qos trust cos
>
> I have 4 questions:
>
> In this scenario, is there a difference between these two
> commands?
> Are both enabling trust of the phones cos value?
> Does the "trust device" require the "trust
> cos" command to take effect?
> Consider if you are also using "switchport priority
> extend cos #" command,
> does either option still work as normal?
>
> here is the doccd reference and it seems both would do the
> trick.
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/command/reference/cli1.html#wp2331034
>
> thank you,
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART